Okay, I've messed with this all day and can't figure out what is going on. If I use the below code WITHOUT the function and ENT, then it sends the message and puts it into the database and I'm able to recall the messages from the database. But if I use a function with it (any function), it will not put the pid, suject, or message into the database... When I check the database, it only shows the date, randid, and the other fields are blank, thus not allowing the messages to be viewed in the inbox. What's wrong?
Code: Select all
if(isset($_POST['sendmessage'])) {
$message = protect($_POST["message"], ENT_QUOTES);
$subject = protect($_POST["subject"], ENT_QUOTES);
$sendto = protect($_POST["sendto"], ENT_QUOTES);
$randid = rand(999,9999999);
$sql = "INSERT INTO `messages` (`pid`,`sender`,`message`,`subject`,`randid`) VALUES ('".$sendto."','".$user_username."','".$message."','".$subject."','".$randid."')";
$user_query3 = mysqli_query($db_conx, $sql);
It doesn't matter if I use my custom function or even use mysql_real_escape_string before it, it won't work. The only thing I"ve been able to use is htmlentities... is that enough?