Oliver Grätz wrote:
Shaun schrieb:
$qid = mysql_query('INSERT INTO MYTABLE (
column1,
column2,
) VALUES (
"'.$value1.'",
"'.$value2.'"
)');
A bit off-topic but important: Always make sure that you check the
contents of $value1 and $value2 before putting them into the query!
With
$value1 = 'xyz","xyz"); DELETE FROM MYTABLE;';
you might get surprising results!
This is called SQL injection and it's important to escape all the values
before putting them into the statement.
Did you try that? This doesn't work on my machine:
mysql_query("DELETE FROM mytable; DELETE FROM mytable;");
ie, mysql extension won't let me do more than one statement at a time.
--
Open source PHP code generator for DB operations
http://sourceforge.net/projects/bfrcg/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
