Home/ Questions/Q 170331
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T12:47:21+00:00

$author = $_SESSION[‘username’]; $subject = $_POST[‘subject’]; $body = $_POST[‘body’]; $branched = $_POST[‘branched’]; $time =

  • 0
$author = $_SESSION['username']; $subject = $_POST['subject']; $body = $_POST['body']; $branched = $_POST['branched']; $time = time(); $branchedFrom = $_POST['parent']; $id = $_POST['parent']; $next = 0; $previous = 0; $branchedTo = 0; mysql_query(     'INSERT INTO offtopic     VALUES(         '',         '$author',         '$subject',         '$body',         '$time',         '$next',         '$previous',         '$branchedFrom',         '$branchedTo' ');

I’ve tried it lots of times, even tried changing some stuff, but it doesn’t save the info into the database. The blank space at the begining is where the index is in the database. The SESSION and POST stuff I’m pretty sure gets passed properly.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. "INSERT INTO offtopic VALUES('', '$author', '$subject', '$body', '$time',    '$next', '$previous', '$branchedFrom', '$branchedTo'"

    Missing closing ‘)’ inside the string. Pick up the error message using mysql_error() and simple syntax errors like this should be obvious.

    Also you have SQL injection security holes you could drive a bus through. You need to be calling mysql_real_escape_string() over each string value you concatenate into the string, or use mysqli parameterised queries.

    • 0