Re: [PHP-DB] $_POST in MySQL query issue...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 16 Oct 2003, Adam Reiswig wrote:

> $sql="insert into $table set Name = '$_POST["elementName"]'";
>
> Unfortunately this and every other combination I can think of,
> combinations of quotes that is, does not work.  I believe the source of
> the problem is the quotes within quotes within quotes. I also tried:
>
> $sql='insert into $table set Name = '.$_POST["elementName"];
>    or
> $sql="insert into $table set Name = ".$_POST['elementName'];

 You need to quote the Name.

 $sql = 'insert into '.$table.' set Name = "'.addslashes($_POST['elementName']).'"';

 You've done everything here that you need, no extra variables, no nothing.

 Register_Globals is bad -- if you can avoid using it, do so.

 Performance-wise, it is better to use single quotes and concat the
 variables outside of the quoted line.  Better performance, less problems
 with variables not being expanded correctly.

Beckman
---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman@purplecow.com                             http://www.purplecow.com/
---------------------------------------------------------------------------

-- 
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]

  Powered by Linux