> At 16:19 17-6-03, you wrote: > >$sql = 'select * from db where apple = \'' . $_POST['foo'] . '\';'; > >Like that? > you missed some quotes: > $sql = 'select * from db where apple = \''' . $_POST['foo'] . '\'"';
Go back and count the quotes again. The original post is correct as far as quotes go. Yours is not, though, since you have three single quotes in a row and have thrown in a double quote by itself. Without color coding, this is all very hard to tell. That's why I prefer to do it such as: $sql = "SELECT * FROM db WHERE apple = '{$_POST['foo']}' "; or, like someone else said, the following is perfectly valid: $sql = "SELECT * FROM db WHERE apple = '$_POST[foo]' "; There are way to many methods to do this, though, so just use the one that makes the most sense to you. I've changed my mind about this a few times in the past. :) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php