$sql = "INSERT INTO BOOKS(CopyrightYear,CoverType,DatePurchased,EditionNumber,ISBNNumber,Notes,Pages,Publisher,LOCNumber) VALUES(\"" . $_POST["copyrightyear"] . "\",\"" . $_POST["covertype"] . "\",\"" . $_POST["datepurchased"] . "\"," . $_POST["editionnumber"] . ",\"" . $_POST["isbn"] . "\",\"" . addslashes($_POST["notes"]) . "\"," . (isset($_POST["numberofpages"])?$_POST["numberofpages"]:0) . ",\"" . $_POST["publisher"] . "\",\"" . $_POST["locnumber"] . "\")";
Okay, when $_POST["notes"] contains quotes, it seems to break the series, ie returns an error at that point of the SQL statement, even with addslashes(), am I doing something wrong there?
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
