Actually I didn't. The code that I gave would result in a string like: select * from db where apple = 'blah';
For your reference: \'' means print one single quote then end the current stream. Then the . $_POST['foo'] appends the value of foo to the stream, then . '\';'; prints one more single quote to end the quote's around the value, and adds a semicolon at the end of the string to tell MySQL the query has ended. On Tue, 2003-06-17 at 10:36, Chris Hayes wrote: > At 16:19 17-6-03, you wrote: > >$sql = 'select * from db where apple = \'' . $_POST['foo'] . '\';'; > >Like that? > you missed some quotes: > $sql = 'select * from db where apple = \''' . $_POST['foo'] . '\'"'; > -- Adam Voigt ([EMAIL PROTECTED]) Linux/Unix Network Administrator The Cryptocomm Group -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php