and , you need to escape the values that you are inputing ie. htmlspecialchars() or htmlentities() those values
Jim ----- Original Message ----- From: "rentAweek Ltd" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 22, 2003 9:50 AM Subject: [PHP] Separators in variable values causing MySQL commands to fail > In my PHP script I have coded e.g.: > > $sql = "INSERT INTO `$owners` ( `FirstName`, `LastName`) VALUES ( > '$firstname' , '$lastname' )"; > > $result = mysql_query($sql); > > So along comes e.g. John O'Groats and nothing gets inserted into the > database. > > OK, I can bypass my oversight by stripping out apostophes from the > variable values. There has to be a better way please. > > TIA > > Mike > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
