My advice is to always use a DB abstraction layer when talking to SQL databases from PHP (or any other language for that matter) I recommend ADOdb, and the use of prepared statements in conjunction with input filtering to make sure no nasties make their way into your SQL from 'user' input.
It's a much cleaner interface than using mysql_*, plus it makes it very easy to change databases (e.g. to PostgreSQL) later on.. Don Gould wrote on 08/11/06 16:47: > What function should I be using to execute an INSERT statement? > > See: http://au3.php.net/manual/en/ref.mysql.php > > I'm suspecting mysql_query() > > See: http://au3.php.net/manual/en/function.mysql-query.php > > INSERT INTO tblMACOwner (MAC, Name, Address, PhoneNumber, EmailAddress, > RoomNumber) VALUES ("00:02:44:ac:26:a0", "do\\\"n", "2/5\\\'9", > "33\\\"3\\\'4", "[EMAIL PROTECTED]'n", "ASD\\\'W"); > > Cheers Don >
