Hey gents. Okay, I've got a text field whose data is being retrieved via $_POST[message]. I'm inserting its contents into a DB using:

$db->query_write("INSERT INTO table_name (user, message, date) VALUES
('$username', '$message', '$date')");

Everything works dandy -- that is, until someone inputs a single/double quote! Eeek! I've been trying different solutions, but as of yet, have had no success whatsoever. I'm almost ready to pull my hair out, all the stripslashes, addslashes, preg_replace... ack! Please someone lend an assist!

$db->query_write("
INSERT INTO table_name
(user, message, date)
VALUES (
'" . $db->escape_string($username) . "',
'" . $db->escape_string($message) . "',
'" . $db->escape_string($date) . "'
)
");You probably won't have to escape $date though (you should be saving it as a Unix timestamp).

Edit: instead of using raw $_POST values, use vBulletin's cleaning functions (read more here: https://vborg.vbsupport.ru/showthread.php?t=98047).

Thanks SirAdrian. I got the stripping half of your post working great, but I'm having some trouble with the cleaning functions. It'll post the submitted text, but if the text contains any ' or ", it won't be outputted.

$message2 =& $vbulletin->input->clean_gpc('p', 'message', TYPE_NOTRIM);

if(isset($_POST[info])){
$F43296slq = $db->query_write("
INSERT INTO blastmsg
(user, message, date)
VALUES (
'" . $db->escape_string($username) . "',
'" . $db->escape_string($vbulletin->GPC['message']) . "',
'" . $db->escape_string($date) . "'
)
");

Let me see if I'm understanding this right:
$message2 = $vbulletin->input->clean_gpc('p', 'message', TYPE_NOTRIM);

'p' refers to $_POST
'message' refers to the name I've given to my textfield (equivalent to $_POST[message]
TYPE_NOTRIM refers to a regular 'ol string, is that what I should be using?

Thanks for you help, though.

If you use clean_array_gpc() it sends it to $vbulletin->GPC, but if you use clean_gpc() it just returns it (in your case to $message2). You should probably use TYPE_STR or TYPE_NOHTML depending on your needs (it is usually good to have the string trimmed!). Your code looks fine, just change $vbulletin->GPC['message'] to $message2.

Oh, didn't have time to edit. The code was fine, it was an error on my part in regard to my SELECT query used to pull the data from the database. Up until now, I was just selecting the data by it's timestamp, but as it only goes out to minutes, if two messages were posted within that same minute, the SELECT query would choose the previous one, instead of the most recent. I fixed that now with an auto_increment column. The strange thing though, I was using $message2 originally, but it wouldn't show up -- after I looked in the vB.com manual supplied in the thread you gave me, I tried using $vbulletin->GPC and that worked.

Thanks again for all your help, it's working swimmingly now!