Always echo out your SQL string, it will make it a lot more obvious.
You want to see the result. I php concatenated string can be
confusing at times.
Also, you are not escaping your data, so if you had a word of 'stops,
here' that would break it as well.
So in your case, you very well may break it by changing the data you
put in. You could also do something like stuffing "drop database
foo;" into your data, and be in for real fun.
Pass every string to http://us2.php.net/mysql_real_escape_string
On Apr 30, 2009, at 9:27 PM, Antonio PHP wrote:
I thought I couldn't have missed ','(comma) before. But today
somehow it works... ;;
I wasted hours figuring this out, but you saved me!
Maybe I'm still a complete newbie!
--
Scott * If you contact me off list replace talklists@ with scott@ *
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
