Joomla 3.1 mysql error with @

Question

I am trying to insert a contact form into a custom table in Joomla 3.1 and it seems to be removing the "@" and then throwing a MySQL error.

EDIT NOTE There is a plugin called "Content - Email Cloaking", disabling it did not help. In fact, it actually did nothing.

Code

$db = JFactory::getDBO();

$input = new JInput;
$email = $input->get('email',NULL);
$usname = $input->get('usname',NULL);
$town = $input->get('town',NULL);
$thisDate = gmdate('d-m-Y H:i:s');
$thisPass = md5($input->get('pawd',NULL));
$uniqueKey = md5($usname.gmdate('YmdHis'));
$setActivation = 0;
$thisDate = strtotime(gmdate('Y-m-d H:i:s'));

$query = $db->getQuery(true);
$columns = array("username", "email", "town", "password", "unique_key", "activation", "registered_date");
$values = array($usname,$email,$town,$thisPass,$uniqueKey,$setActivation,$thisDate);
$query
    ->insert($db->quoteName('#__aa_fan_user'))
    ->columns($db->quoteName($columns))
    ->values(implode(',', $values));
$db->setQuery($query);
$db->query();   

The Error

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.com,dofsw,e83d31748e85aa40539d4466dfd71a49,fe4793343f087e0890444bfb31b667b7,0,13' at line 3 SQL=INSERT INTO jos_aa_fan_user (username,email,town,password,unique_key,activation,registered_date) VALUES (n911an,someoneexample.com,London,e83d31748e85aa40539d4466dfd71a49,fe4793343f087e0890444bfb31b667b7,0,1383241398)

Answer 1

Joomla takes care of escaping string by wrapping values in $db->Quote() like so:

$values = array($db->Quote($username), $db->Quote($email));

Seeing as you're using Joomla 3.1, I would also use $db->execute(); instead of $db->query();. It will still work, however it's deprecated.

Just on a side note, I would also look into salting the password as well as using md5 for that extra security. This is also what Joomla use for passwords ;)

Hope this helps