Actually, I meant to suggest addslashes() and mysql_espace_string() -- Jon Kriek http://phpfreaks.com "Jon Kriek" <kriek@phpfreaks.com> wrote in message 20031017010154.41053.qmail@pb1.pair.com">news:20031017010154.41053.qmail@pb1.pair.com... > I concur, assign the superglobal array to a variable ... > > > > $Name = strip_slashes($_POST['elementName']); > $sql="INSERT INTO $table SET Name='$Name'"]; > > ... and then use that opportunity to run additional checks on the content. > > -- > Jon Kriek > http://phpfreaks.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
