I am trying to execute a simple query using $_POST variables, so that variable poisoning is not possible. note: I have register_globals ON on my site. I am getting the error shown below . Please advise ... as I can't seem to figure out why !
<?
// connect to the BD/Table etc
// Formulate the query
$sql1 = "INSERT INTO `contacts`
VALUES (
$_POST['company'],
$_POST['pri_name'],
$_POST['sec_name'],
$_POST['assistant_1'],
$_POST['assistant_2'],
$_POST['pri_practice'],
$_POST['sec_practice'],
$_POST['sic'],
$_POST['date_established'],
$_POST['size'],
$_POST['phone_1'],
$_POST['phone_2'],
$_POST['phone_3'],
$_POST['email_1'],
$_POST['email_2'],
$_POST['email_3'],
$_POST['url'],
$_POST['city'],
$_POST['msa'],
$_POST['status'],
$_POST['timezone'],
$_POST['first_contact'],
$_POST['next_contact'],
$_POST['last_contact'],
$_POST['notes'],
$_POST['email_history'],
$_POST['battery_started'],
$_POST['details'],
TIMESTAMP();
$_POST['source']
)";
$result1 = mysql_query($sql1)
or die ( 'Database Error has occured.');
$num_results = mysql_num_rows($result1); echo $num_results." rows added !!";
?> ��Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in /home/ABCD/CRM/add.php
Thanks in advance. Pushpinder
