Ross wrote:
> Can I put post values directly into insert statements?
> 
> $query = "INSERT INTO categories (category_name) VALUES 
> ('$_POST['cat_name'])"; 
> 

Yes you can, but it is not secure to do that!

use (insecure):

$query = "INSERT INTO categories (category_name) VALUES
('{$_POST['cat_name']}')";

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to