Private Messaging

Place for questions and answers for all newcomers and new coders. This is a free for all forum, no question is too stupid and to noob.
Post Reply
User avatar
Epiales
Posts: 1119
Joined: Thu Aug 15, 2013 1:38 am

Private Messaging

Post by Epiales »

Hey all... I've setup a private messaging system now. It works great, but it won't let me send any apostrophe's in the text. If I just enter the word:

Code: Select all

I've
I get this error:

Code: Select all

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 've','Re: Looping Battles','4486329')' at line 2
How can I fix that?
Nothing fancy, but a work in progress!

http://gameplaytoday.net
Top
User avatar
vitinho444
Posts: 2819
Joined: Mon Mar 21, 2011 4:54 pm

Re: Private Messaging

Post by vitinho444 »

Let's say you are POSTING the form to other page or even the same as the name: $_POST["message"]

Whenever you put that in your db just remember to escape first

Code: Select all

//XSS Security
	function Escape($t)
	{
		return htmlentities($t, ENT_QUOTES);
	}
That prevents XSS (tutorial i used is in IR), and allows you to have single and double quotes without damaging the query ;)

PS: You don't need the function i have, just use: htmlentities($_POST["message"], ENT_QUOTES);
My Company Website: http://www.oryzhon.com

Skype: vpegas1234
Top
User avatar
OldRod
Posts: 1320
Joined: Sun Sep 20, 2009 4:26 pm

Re: Private Messaging

Post by OldRod »

Sounds like you are not escaping the string properly.

It's been a while, but I think mysql_real_escape_string fixes this:

http://php.net/manual/en/function.mysql ... string.php
Top
User avatar
Epiales
Posts: 1119
Joined: Thu Aug 15, 2013 1:38 am

Re: Private Messaging

Post by Epiales »

vitinho444 wrote:Let's say you are POSTING the form to other page or even the same as the name: $_POST["message"]

Whenever you put that in your db just remember to escape first

Code: Select all

//XSS Security
	function Escape($t)
	{
		return htmlentities($t, ENT_QUOTES);
	}
That prevents XSS (tutorial i used is in IR), and allows you to have single and double quotes without damaging the query ;)

PS: You don't need the function i have, just use: htmlentities($_POST["message"], ENT_QUOTES);
Worked perfect! Thank you!
Nothing fancy, but a work in progress!

http://gameplaytoday.net
Top
User avatar
Epiales
Posts: 1119
Joined: Thu Aug 15, 2013 1:38 am

Re: Private Messaging

Post by Epiales »

OldRod wrote:Sounds like you are not escaping the string properly.

It's been a while, but I think mysql_real_escape_string fixes this:

http://php.net/manual/en/function.mysql ... string.php
Thanks, I'll read on that as well ;)
Nothing fancy, but a work in progress!

http://gameplaytoday.net
Top
User avatar
vitinho444
Posts: 2819
Joined: Mon Mar 21, 2011 4:54 pm

Re: Private Messaging

Post by vitinho444 »

Worked perfect! Thank you!
This is some inspiration for people to help... Wow i'm addicted to helping people.
My Company Website: http://www.oryzhon.com

Skype: vpegas1234
Top
User avatar
Epiales
Posts: 1119
Joined: Thu Aug 15, 2013 1:38 am

Re: Private Messaging

Post by Epiales »

vitinho444 wrote:
Worked perfect! Thank you!
This is some inspiration for people to help... Wow i'm addicted to helping people.
Yes... When someone asks something that I know? I'll be the first to help :lol: :lol:

And you both were fast at answering. YAY to you both. :mrgreen: :mrgreen: :mrgreen:
Nothing fancy, but a work in progress!

http://gameplaytoday.net
Top
Post Reply

Return to “Beginner Help and Support”