Originally it would allow me to post anything (quotes, double quotes, backslashes, forward slashes, etc.) however since I move the site over I always get the "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near" message when I post a single quote (for punctuational reasons (i.e; didn't, can't, etc.))
I've tried stripslashes, htmlentities, htmlspecialchars but none of them are helping. Heres what I got. Oh and the message stuff comes from a $_POST variable titled "msgthread"
Code: Select all
mysql_query("INSERT INTO msgthreads VALUES('',$_POST[forumid],$_POST[threadtitle],$_POST[threadmsg],$user_id,$curtime,0,0,$curtime,'open',$user_id)") or die("Error: " . mysql_error());Code: Select all
testing quotes ' test " test \ test / test ` testAnyone know why?You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'quotes ' test " test \ test / test ` test,1,1241535527,0,0,1241535527,'open',1)' at line