[SOLVED] html into database

[Q695]

I'm trying to have two fields input data into a database, and don't know how to have it not die on me.  Here is the section of information I' using:

$action=$_GET["action"];

if ($action){

$pw=$_POST["pw"];

$logo=$_POST["logo"];

$precinct_officer_info=$_POST["precinct_officer_info"];

$delegate=$_POST["delegate"];

$map=$_POST["map"];

$mapa=$_POST["mapa"];

$mapb=$_POST["mapb"];

 

 

$sql="UPDATE accounts SET pw=\"$pw\",

logo='$logo',

precinct_officer_info='$precinct_officer_info',

delegate='$delegate',

map='$map', mapa='$mapa',

mapb='$mapb'

WHERE state=\"$state\" and district=\"$district\";";

$result=@mysql_query($sql,$con) or die(death($sql));

//get the results

echo ("Data Changed");

}

 

 

Here is the die statement:

sql error

 

sql : UPDATE accounts SET pw="mn52", logo='images/banner_top2.jpg', precinct_officer_info='hi

[fenway]

Not that helpful... echo mysql_error()... but I would guess it's an escaping issue.

[Q695]

I knew it was escaping on that line, so I was asking how to allow any html code to be inserted into it.

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's, are the real function of Senate District 52 - RPM. Your participation is ' at line 4

[Q695]

I guess I'll just do include src pages.

[fenway]

You need to use mysql_real_escape_string()... and you wouldn't need to quote your strings if you used single quotes inside.