>>>>> "Adam" == Adam Reiswig <[EMAIL PROTECTED]> writes:

    Adam> A couple of days ago I placed a post regarding using the
    Adam> $_POST[] variable in an insert sql query.  Both

    Adam> $sql="insert into $table set Name =
    Adam> '".$_POST['elementName']."'"; and $sql="insert into $table
    Adam> set Name = '{$_POST['elementName']}'";

The only remark which I would make here is to beware of SQL injection.
Here are a couple of good resources to explain what an SQL injection
attack is and what you should do to protect your code:

no toll on the internet; there are paths of many kinds;
whoever passes this portal will travel freely in the world

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to