maxudaskin Posted March 12, 2008 Share Posted March 12, 2008 This script: <?php if(!$logged_in){ exit("ERROR: You have specified an illegal operation; You are not logged in."); }else{ if(!$_SESSION['type'] == 1){ exit("ERROR: You have specified an illegal operation; You are not an Administrator."); }else{ $pid = $_GET['pid']; $udate = date("Y-m-d"); $ztime = gmdate("g:i A"); $sender = "OOM".$_SESSION['username']." ".$_SESSION['name']; $query = mysql_query("SELECT * FROM users WHERE pid = '$pid'") or die("MySQL ERROR: " . mysql_error()); $result = mysql_fetch_array($query); $name = $result['fname'] . " " . $result['lname']; $to = $result['email']; $tofull = "OOM" . $pid . " " . $name; $subject = "Virtual Zoom Airlines | TERMINATION WARNING"; $message = "Dear " . $name . ", This is a termination warning from Virtual Zoom Airlines. Your account; OOM" . $pid . " has been put on termination notice. If you do not comply with the following, your account will be suspended and your name will be put on our Do Not Rehire list. ---------- File a flight within 72 hours of this email OR email ceo@virtualzoom.net requesting a leave of absence. ---------- The reason you have recieved this termination warning is listed below: ---------- You have not filed a flight in " . $_GET['diff'] . " days. ---------- Sent by: " . $sender . " on " . $udate . " at " . $ztime . " ZULU. ------------------------- This email was sent by an administrator of Virtual Zoom Airlines. If you feel that this email has objectable content, please forward your complaint to abuse@virtualzoom.net."; $header = "From: $from"; mysql_query("INSERT INTO `sent_emails` (`to` ,`from` ,`subject` ,`message` ,`date`) VALUES ($to, $sender, $subject, $message, $udate") or die("Cannot Continue; Email not stored. MySQL ERROR: " . mysql_error()); } } ?> Inputs: $to = someemail@hotmail.com Outputs: Cannot Continue; Email not stored. MySQL ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com, OOM0100 Max Udaskin, Virtual Zoom Airlines | TERMINATION WARNING, ' at line 1 Table Information: Does anyone see an issue? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted March 12, 2008 Share Posted March 12, 2008 Each string value in the query needs to be enclosed in single-quotes to make it a string. Otherwise it is treated as a keyword or an identifier. Quote Link to comment Share on other sites More sharing options...
maxudaskin Posted March 12, 2008 Author Share Posted March 12, 2008 Now I get: Cannot Continue; Email not stored. MySQL ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.