Tijnema wrote: > use this instead: > $foo_sql = mysql_real_escape_string($foo_sql,$connection); Don't escape an entire SQL query. Escaping helps us provide distinction between the query and the data, eliminating cases where data can interfere with the format of the query (SQL injection). If escaping the entire query actually did anything useful, databases would do this for us, and we've never be discussing this topic. Chris -- Chris Shiflett http://shiflett.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
