Ford, Mike <mailto:[EMAIL PROTECTED]>
on Wednesday, December 08, 2004 5:18 AM said:
>> $sql = "INSERT INTO testTable values ('', '$_POST[testField]')";
>>
>> should be
>>
>> $var = $_POST["testField"];
>> $sql = "INSERT INTO testTable values ('', '$var')";
>
> Nope -- the original is functionally identical to your suggested
> correction.
Hmm... I thought arrays don't work correctly within a string unless they
are wrapped with { and }?
<?php
$sql = "INSERT INTO ... ('', '{$_POST['testField']}')";
?>
Also you should always wrap the index name in single quotes (or maybe
double quotes work also.)
Chris.
p.s. It's a bad idea to directly insert data from outside your script
into your database. Check the recent PHP Security thread for more info.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
