Help me find an error when moderating a message if you add such an error to the field.

 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FALSE' WHERE id = '2' LIMIT 1' at line 3

function php

  public function moderate($id, $comment, $moderate, $name = NULL) { global $mysql, $langArray; $mysql->query(" UPDATE forum_threads SET name = '".$name."', comment = '".$comment."', moderate = '".$moderate."' WHERE id = '".intval($id)."' LIMIT 1 "); return true; }

php

  if (check_login_bool() && isset($_POST['moderate']) && is_numeric($_POST['moderate']) && isset($_POST['post_message'])) { if (isset($_POST['censor_message'])) { $censor_message = 'TRUE'; } else { $censor_message = 'FALSE'; } if (!isset($_POST['post_name'])) { $_POST['post_name'] = NULL; } $s = $forumClass->moderate($_POST['moderate'], htmlentities($_POST['post_message']), $censor_message, htmlentities($_POST['post_name'])); if ($s == true) { refresh('/forum/thread/' . url($thread[$threadID]['name']) . '/' . $threadID, $langArray['complete_moderate_message'], 'complete'); } else { addErrorMessage($s, '', 'error'); } }

    1 answer 1

    All just use mysqli_real_escape_string instead of htmlentities

     $s = $forumClass->moderate( $_POST['moderate'], mysqli_real_escape_string($mysql,POST['post_message']), $censor_message, mysqli_real_escape_string($mysql,$_POST['post_name']) );
    • This method deletes data from the table - evanto
    • @evanto corrected wrong a bit - Naumov
    • @evanto what library for sql you use, the module is more accurate? - Naumov
    • Apache / 2.2.22 (Debian) MySQL client version: 5.5.44 PHP extension: mysqli - evanto
    • @evanto what var_dump () says about this. var_dump($_POST,mysqli_real_escape_string($mysql,$_POST['post_message']));die(); - Naumov