master82 Posted January 4, 2007 Share Posted January 4, 2007 I have a mysql_query that inputs values into the database,it works great until you add character such as ! - which brings up an error.Hers is what i currently have... with £msg being the variable that holds a users text.[code]$msg=str_replace(array("\n"),array("<br />"),strip_tags($_POST['usermsg']));mysql_query("INSERT INTO table VALUES('',{$value},{$msg},unix_timestamp());",$c) or die("Something went wrong - try using letters and numbers only!<p><a href=page.php'>Back</a>");[/code]The database field is simply a text type, anyone know how I can add the $msg to the database, including all the error characters such as !Thanks :) Quote Link to comment Share on other sites More sharing options...
obsidian Posted January 4, 2007 Share Posted January 4, 2007 You've got to put single quotes around all your values as you insert them. You also want to check to be sure that all your characters are properly escaped before you insert text. Try something like this:[code]<?php$msg = trim(strip_tags($_POST['usermsg']));$msg = mysql_real_escape_string($msg);$sql = "INSERT INTO myTable VALUES ('', '{$value}', '{$msg}', unix_timestamp())";if (!mysql_query($sql)) { // error has occurred, let's handle it here}// Notice that I didn't do your str_replace()??? That's because PHP has a built in function// that you can use when you output text to do that for you:echo nl2br($msg);?>[/code]Good luck! Quote Link to comment Share on other sites More sharing options...
master82 Posted January 4, 2007 Author Share Posted January 4, 2007 Sorry - i realised my mistake shortly after i posted......thanks for the help anyway ;D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.