Code: Select all
$result = mysql_query("INSERT INTO ".$msg_user."(from, message, date, time) VALUES(
'".$_SESSION["user"]."',
'".$msg_message."',
'".date("m/d/Y")."',
'".date("H:i:s")."');");I'm overlooking something small, I just can't find it. Any help?
both $msg_user and $msg_message has been through the standard security (mysql_real_escape_string and strip_tags)