> $sql="insert into $table set Name = '$_POST["elementName"]'";
The problem with this is that you need to use curly braces around the
variable being substituted in the string. Also use single quotes around the
array index.
$sql="insert into $table set Name = '{$_POST['elementName']}'";
See the
I concur, assign the superglobal array to a variable ...
$table= 'elements';
$Name = mysql_escape_string($_POST['elementName']);
$sql = "INSERT INTO $table SET Name= '$Name'";
... then use that opportunity to run a check on the output.
--
Jon Kriek
http://phpfreaks.com
--
PHP General M
$sql="insert into $table set Name = '".$_POST["elementName"]."'";
or even better:
$sql="insert into ".$table." set Name = '".$_POST["elementName"]."'";
But the method both Jake and Bao suggested will also work (temporary var)...
--
// DvDmanDT
MSN: [EMAIL PROTECTED]
Mail: [EMAIL PROTECTED]
"Adam
3 matches
Mail list logo
