Please include the list on all replies.
K.Hayes wrote:
I don't know if I'm escaping the 'vars correctly'. If I'm wrong can you
give me an example?
<snip>
$sql_query = "INSERT INTO contestants (conName, conAddress, conCity,
conState, conZip, conPhone, schName, schAddress, schCity, schState, schZip,
strName, strCity, strState) VALUES('$regName', '$regAddress', '$regCity',
'$regState', '$regZip', '$regPhone', '$sclName', '$sclName', '$sclCity',
'sclState', '$sclZip', '$stoName', '$stoCity', '$stoState')";
$insert_query = mysqli_real_escape_string($connection, $sql_query);
mysqli_query($connection,$insert_query); ?>
No, this is not the right way. I suggest you read the manual page on
mysqli_real_escape_string (http://php.net/mysqli_real_escape_string).
You need to run it on every variable you are using *in* the SQL query,
not on the SQL query itself.
Google for a php mysqli tutorial - all this stuff is very basic and
should be covered by most tutorials you'll find.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
