liquidity-zero Posted August 12, 2009 Share Posted August 12, 2009 I cant get this to work right:P // Create an SQL query (MySQL version) $insertQuery = "INSERT INTO cmsarticles (title,tagline,section,thearticle) VALUES (".$_POST['title'].", ".$_POST['tagline'].", ".$_POST['section'].", ".$_POST['thearticle'].")"; Link to comment https://forums.phpfreaks.com/topic/169877-query-error/ Share on other sites More sharing options...
PFMaBiSmAd Posted August 12, 2009 Share Posted August 12, 2009 String data values must be enclosed in single-quotes to make them strings and you need to use mysql_real_escape_string() on all string data that can contain special SQL characters put into a query to prevent sql injection and to prevent the special SQL characters from breaking the query syntax. Link to comment https://forums.phpfreaks.com/topic/169877-query-error/#findComment-896183 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.