Thank you for the thought, however, I don't have a shell that I can run in,
hence, I have to rely on help from others.
JupiterHost.Net [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Grae Wolfe - PHP wrote:
Sorry I have been out of touch... I thought I had this problem beat,
but I was wrong. I decided that the best thing to do was to filter the
variables as the $sql statement was being created. I tried using the
following code, and got a message back that it was invalid and my Query
couldn't execute... Can anyone tell me where I screwed this one up??
Print out $sql and then try to manually do it in your mysql (or whatver DB
engine) shell.
I imagine you have a syntax error and that will tell you exactly what and
where it is :)
And I hope you're only criteria for the value of each colum isn't that its
just not empty.
If so you will be vilnerable to SQL injection attacks and your data will
be compromised. You should at the very least quote the values with a valid
SQL quoting function. (IE not just wraping it in quotes but one that
actually escapes certain characters and wraps it in quotes as need be)
Do not rely on that automaticaly being done (IE think how crappliy
unreliable and dangerous relying on Magic Quotes is, oi what pile *that*
is...)
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php