hi all i have this code
<?php
if (substr($_POST['tag'], 0, 15) == 'chave|commando|'){
include 'db_con.php';
session_start();
$sql = substr($_POST['tag'], 15, 2000);
mysql_real_escape_string();
$result = mysql_query($sql);
//if(mysql_num_rows($result) > 0)
//while($row=mysql_fetch_row($result,MYSQL_ASSOC))
//$results=$row['nome'].";".$row['creditos'].";".$row['comeu'].";".$row['entradasp'].";".$row['saidasp'].";".$row['entradast'].";".$row['saidast'].";".$row['percmax'].";".$row['percmin'].";".$//row['premio'];
mysql_close($con);
echo $results;
} else {
"<script>window.location = 'http://www.google.com'</script>";
}
?>
this codes recives a complete string from vb.net aplication the problem is
this code updates ok if the string contains only number but if i try to send any leters they dont write or insert on my sql can anybody tellme way ?
i think that it because of quotes but i dont know how to use it.. realy thanks alll