Actually, I meant to suggest addslashes() and mysql_espace_string() -- Jon Kriek http://phpfreaks.com
"Jon Kriek" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I concur, assign the superglobal array to a variable ... > > > > $Name = strip_slashes($_POST['elementName']); > $sql="INSERT INTO $table SET Name='$Name'"]; > > ... and then use that opportunity to run additional checks on the content. > > -- > Jon Kriek > http://phpfreaks.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php