I saw on my shoutbox something like "I\'m busy", but edited then removing \ and saved was disappearing (on db wasn't coded as html first time but was coded on second one) :knuppel2:
so I openend editor :D on tpshout.php source file and found:
// register the IP and userID, if any
$ip=$user_info['ip'];
if($shout!='')
tp_query("INSERT INTO " . $tp_prefix . "shoutbox (value1,value2,value3,type,value4, value5) VALUES('". mysql_real_escape_string($shout)."','".$shout_time."','".$shout_name."','shoutbox','".$ip."',".$memID.")", __FILE__, __LINE__);
I cannot understand the meaning of mysql_real_escape_string, is it needed?
for me I fixed like this
// register the IP and userID, if any
$ip=$user_info['ip'];
if($shout!='')
tp_query("INSERT INTO " . $tp_prefix . "shoutbox (value1,value2,value3,type,value4, value5) VALUES('". htmlspecialchars($shout,ENT_QUOTES)."','".$shout_time."','".$shout_name."','shoutbox','".$ip."',".$memID.")", __FILE__, __LINE__);
is it good? it seems to work
I searched, but I found this (marked as fixed):
http://www.tinyportal.net/index.php?issue=21.0
http://www.simplemachines.org/community/index.php?topic=27642.msg2851774#msg2851774
:)