Page 1 of 1

can't seem to find the problem...

Posted: Mon Oct 03, 2011 10:42 pm
by egg82
It's a simple request. I overlooked something, I just can't figure out what exactly. Two sets of eyes are better than one.

Code: Select all

$result = mysql_query("INSERT INTO ".$msg_user."(from, message, date, time) VALUES(
'".$_SESSION["user"]."',
'".$msg_message."',
'".date("m/d/Y")."',
'".date("H:i:s")."');");
the error is: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, message, date, time) VALUES( 'egg82', 'test', ' at line 1

I'm overlooking something small, I just can't find it. Any help?

both $msg_user and $msg_message has been through the standard security (mysql_real_escape_string and strip_tags)

Re: can't seem to find the problem...

Posted: Mon Oct 03, 2011 11:08 pm
by twinedev
From is a mysql keyword, you need to wrap it with backticks

Code: Select all

$result = mysql_query("INSERT INTO `".$msg_user."`(`from`, `message`, `date`, `time`) VALUES(
'".mysql_real_escape_string($_SESSION["user"])."',
'".mysql_real_escape_string($msg_message)."',
'".date("m/d/Y")."',
'".date("H:i:s")."');");

Re: can't seem to find the problem...

Posted: Mon Oct 03, 2011 11:11 pm
by egg82
Oh, duh! Thanks, I completely forgot about that :lol:
$_SESSION["user"] and $msg_message were already escaped :P thanks, though.

haha, thanks again. I can't believe I missed it. I probably would have been looking for that all night