> I think you should try: > $Sem_No = pg_Exec($conn,"SELECT seminar_id FROM seminar WHERE name > =\"$Sem\""); Double quotes are for quoting column names, not string constants. > $Sem_No = pg_Exec($conn,"SELECT seminar_id FROM seminar WHERE name > ='$Sem'"); Better, but all strings, especially provided by some user, should be treated by the function pg_escape_string. Consider that some user types in a form field a text like this: '; delete from seminar where ''=' When you add single quotes you get two valid queries. One of them is what you would never want to be executed ;-) And, by the way - pg_exec is a deprecated name AFAIK. The new one is pg_query. -- Ceterum censeo Internet Explorer esse delendam.
Attachment:
pgpEMCWofXw6K.pgp
Description: PGP signature
