Manu Gupta wrote:
try ..
$q = addslashes("UPDATE episodes SET episode_title = '$_POST[episode_title]'
,
episode_scheduleddate = ".strtotime($_POST['episode_scheduleddate'])."
, episode_description = '$_POST[episode_description]' WHERE episode_id
= $_POST[episode_id]");
or try
$q = "UPDATE episodes SET episode_title = '{$_POST[episode_title]}' ,
episode_scheduleddate = "{.strtotime($_POST['episode_scheduleddate'])}."
, episode_description = '{$_POST[episode_description]}' WHERE episode_id
= {$_POST[episode_id]}";
Good idea but you don't addslashes the whole query (and addslashes is
the wrong thing to use).
Use mysql_real_escape_string around bits and pieces you want to escape:
$q = "update episodes set episode_title='" .
mysql_real_escape_string($_POST['episode_title']) . "', ......
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
