mysql query from post

[gmaster_PT]

hi all i have this code

<?php
if (substr($_POST['tag'], 0, 15) == 'chave|commando|'){
include 'db_con.php';
session_start();
$sql = substr($_POST['tag'], 15, 2000);
mysql_real_escape_string();											  
$result = mysql_query($sql);
//if(mysql_num_rows($result) > 0)
//while($row=mysql_fetch_row($result,MYSQL_ASSOC))
//$results=$row['nome'].";".$row['creditos'].";".$row['comeu'].";".$row['entradasp'].";".$row['saidasp'].";".$row['entradast'].";".$row['saidast'].";".$row['percmax'].";".$row['percmin'].";".$//row['premio'];
mysql_close($con);
echo $results;
} else { 
"<script>window.location = 'http://www.google.com'</script>";
}


?>

this codes recives a complete string from vb.net aplication the problem is

this code updates ok if the string contains only number but if i try to send any leters they dont write or insert on my sql can anybody tellme way ?

i think that it because of quotes but i dont know how to use it.. realy thanks alll

[Barand]

As we have no idea what $sql contains then what do expect us say?

 

Have you tried checking what mysql_error() returns after running the query?

 

That call to mysql_real_escape string() does nothing and is totally useless.

 

What does this have to do with maths (this is the php maths forum)?

[gmaster_PT]

sorry im new at this forum...

and the $sql recive something like "UPDATE table SET pgtobtn = S" i know that it should be with coutes

how i can move the topic??? 

thanks alll