> To answer the question, $query_str.=" AND garage = '$garage' "; > > BUT. If $garage is an id (numeric), then you should use > $garage=abs($garage) first in order to defeat SQL injection. If it's a > string, well, say so and we'll tell you what to do (a lot to explain, > and not useful if it's an ID). > > Bogdan
All values pulled from $_POST are strings such as $garage = "Attached 2 Car" or "Detached 1 Car", etc. There are a few options that will be based on a checkbox. If the box is checked it means you want that option included in the query as well, i.e. (fireplace == "yes".) If the box is not checked it means no, i.e (fireplace == "no".) Thanks, Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
