On Thu, 16 Oct 2003, Adam Reiswig wrote:

> $sql="insert into $table set Name = '$_POST["elementName"]'";
> Unfortunately this and every other combination I can think of,
> combinations of quotes that is, does not work.  I believe the source of
> the problem is the quotes within quotes within quotes. I also tried:
> $sql='insert into $table set Name = '.$_POST["elementName"];
>    or
> $sql="insert into $table set Name = ".$_POST['elementName'];

 You need to quote the Name.

 $sql = 'insert into '.$table.' set Name = "'.addslashes($_POST['elementName']).'"';

 You've done everything here that you need, no extra variables, no nothing.

 Register_Globals is bad -- if you can avoid using it, do so.

 Performance-wise, it is better to use single quotes and concat the
 variables outside of the quoted line.  Better performance, less problems
 with variables not being expanded correctly.

Peter Beckman                                                  Internet Guy
[EMAIL PROTECTED]                             http://www.purplecow.com/

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to