Code: Select all
<?php
$sql = "SELECT name FROM users WHERE name = '".$_POST['to']."'";
$result = mysql_query("$sql");
$row = mysql_fetch_array($result);
if($row["name"] == "")
{
header("location: pmwrite.php?msg=1");
}
$to = addslashes($_POST["to"]);
/* FROM */
$sql = "SELECT name FROM users WHERE name = '".$_COOKIE['user']."'";
$result = mysql_query("$sql");
$row = mysql_fetch_array($result);
$from = $row["name"];
/* ENDS HERE */
$title = addslashes($_POST["title"]);
$msg = nl2br(addslashes($_POST["msg"]));
$date = date("Y-m-d");
/* Insert into database */
$sql = "INSERT INTO pms (to, from, title, msg, date)
VALUES ('".$to."', '".$from."', '".$title."', '".$msg."', '".$date."')";
$result = mysql_query("$sql");
$bajs = mysql_error();
?>"You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'to, from, title, msg, date) VALUES ('her', 'Dingbats', '12".
The title I filled in was '1234567890'. It seems that the SQL string is to long or something, though that seems weird since I have SQL strings that are way longer than that one.
Maybe I've done some simple n00b mistake in there, can someone please help me?:|