Code: Select all
function send_msg($sender , $message){
if(!empty($sender) && !empty($message)){
$sender = mysql_real_escape_string($sender);
$message= mysql_real_escape_string($message);
$query = "INSERT INTO `chat`.`chat` VALUES (null , '{$sender}' , '$message')"; // Difficulty on THIS LINE !!!!
if($run = mysql_query($query)){
return true;
}else{
return false;
}
}
also why is this function used ? i.e. mysql_real_escape_string , i know what it does , but is it to prevent SQL injection.