can't seem to find the problem...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
egg82
Forum Contributor
Posts: 156
Joined: Sat Oct 01, 2011 9:29 pm
Location: Colorado, USA

can't seem to find the problem...

Post by egg82 »

It's a simple request. I overlooked something, I just can't figure out what exactly. Two sets of eyes are better than one.

Code: Select all

$result = mysql_query("INSERT INTO ".$msg_user."(from, message, date, time) VALUES(
'".$_SESSION["user"]."',
'".$msg_message."',
'".date("m/d/Y")."',
'".date("H:i:s")."');");
the error is: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, message, date, time) VALUES( 'egg82', 'test', ' at line 1

I'm overlooking something small, I just can't find it. Any help?

both $msg_user and $msg_message has been through the standard security (mysql_real_escape_string and strip_tags)
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: can't seem to find the problem...

Post by twinedev »

From is a mysql keyword, you need to wrap it with backticks

Code: Select all

$result = mysql_query("INSERT INTO `".$msg_user."`(`from`, `message`, `date`, `time`) VALUES(
'".mysql_real_escape_string($_SESSION["user"])."',
'".mysql_real_escape_string($msg_message)."',
'".date("m/d/Y")."',
'".date("H:i:s")."');");
User avatar
egg82
Forum Contributor
Posts: 156
Joined: Sat Oct 01, 2011 9:29 pm
Location: Colorado, USA

Re: can't seem to find the problem...

Post by egg82 »

Oh, duh! Thanks, I completely forgot about that :lol:
$_SESSION["user"] and $msg_message were already escaped :P thanks, though.

haha, thanks again. I can't believe I missed it. I probably would have been looking for that all night
Post Reply