Hello again, "Quote your data.
If your database allows it (MySQL does), put single quotes around all values in your SQL statements, regardless of the data type." I'm quoting the bottom this page: http://phpsec.org/projects/guide/3.html#3.2 In my PHP I was trying to put single quotes around these PHP variables: $hostname, $username, $password $database, $connection, $query and MySQL returned errors. The query $keyword is also a PHP var and in single quotes but no errors are generated from it. My server runs MySQL 5, do you know why I can't do this? Here are the MySQL statements followed by my page link: ... // Opens a connection to a MySQL server $connection= mysql_connect ($hostname, $username, $password); if (!$connection) { die('Not connected : ' . mysql_error()); } // Set the active MySQL database $db_selected = mysql_select_db($database, $connection); if (!$db_selected) { die ('Can\'t use db : ' . mysql_error()); } // Select all the rows in the markers table $query = "SELECT * FROM markers WHERE MATCH(operator, name, waterway) AGAINST ('$keyword') LIMIT 0, 25"; $result = mysql_query($query); if (!$result) { die('Invalid query: ' . mysql_error()); ... http://www.dockhawk.com/ Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
