I concur, assign the superglobal array to a variable ...
$table= 'elements'; $Name = mysql_escape_string($_POST['elementName']); $sql = "INSERT INTO $table SET Name= '$Name'"; ... then use that opportunity to run a check on the output. -- Jon Kriek http://phpfreaks.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
