I have magic_quotes on though so useless lecture thanks for the advice

JJ Harrison

"Miguel Cruz" <[EMAIL PROTECTED]> wrote in message
> On Sat, 6 Jul 2002, JJ Harrison wrote:
> > $query = "INSERT INTO tececo_stats values ('', $id, $visited, $time,
> > $remote_dns, $remote_ip, $referer, $browser, $system)";
> > mysql_query($query);
> You should always do the following if you are having trouble:
> 1) print out $query and try it yourself at the mysql command line.
> 2) print mysql_error().
> In this case I think the problem is that you've failed to quote the
> strings in your INSERT. Try something like
>   INSERT INTO tececo_stats values ('', '$id', '$visited', '$time' ...
> Also note that as it stands, I could potentially make big trouble for you
> by putting clever values into HTTP_REFERER (which is totally under my
> control as a visitor to your site). So make sure you mysql_escape_string
> or addslashes those values (unless you have magic_quotes turned on, in
> which case you can ignore this lecture).
> miguel

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to