no offense to you sam, but please dont ever simply place
single quotes around values. you have to escape the values
*themselves*.
what if someone submitted the form field title as:
$title = "'; DELETE FROM seminar; "
if you didn't escape the single quotes in there, it
would get interpreted as a valid DELETE statement
and your seminar table would get wiped.
however, if you escaped $title, you'd end up setting
title to "\'; DELETE FROM SEMINAR; "
(rather than have the contents of $title interpreted
as SQL commands)
> -----Original Message-----
> From: Sam Masiello [mailto:[EMAIL PROTECTED]]
> Subject: RE: [PHP] SQL syntax error in PHP script. dunno what's wrong
>
>
> You will need to put single quotes around your variables in your SQL
> statement. Like this:
>
> $sql = "UPDATE TABLE seminar SET
> title='$title',speaker='$speaker',event_date='$tdate',time='$time',bldg='$bu
> ilding'
> ,rm='$room' WHERE id='$id'";
>
> Without the quotes, SQL doesn't know that Something Amazing is supposed to
> go together in the same string.
>
> HTH
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
