Hello, I made a PM system but the thing that makes it read isn't working. Can you take a look at it anybody?

$postid = $_GET['postid'];
mysql_query("UPDATE pm SET read=1 where id=$postid") or die(mysql_error());

And it gives this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'read=1' at line 1

read is mysql keyword. Stop using it as a column name and it will work.

Member Avatar


If you still want to use 'read' as a fieldname, backtick it:

UPDATE pm SET `read`=1 where id=$postid

I would do some simple validation and sanitizing on your post vars too. Although it's come from a form, forms and headers can be spoofed.