On Sat, Dec 25, 2004 at 12:18:50AM -0500, Peter Jay Salzman wrote: > This piece of code kept giving error messages that looked like some of my > VALUES were getting parsed by php: > > > sqlite_query( $handle, " > INSERT INTO course VALUES ( > sqlite_escape_string($semester), > sqlite_escape_string($course), > sqlite_escape_string($course_desc), > sqlite_escape_string($college), > sqlite_escape_string($reference) > ) > ");
<snip> > I want to do the Right Thing. It seems like using a built in function to > escape strings would be the preferable way of doing this. I was surprised > to see it not work, but even more surprised that just normal quoting worked. > > Am I not using sqlite_escape_string() correctly? no, you're not. sqlite_query($db, "INSERT INTO whints (whid, whregex, " . "whcatid) VALUES (NULL, '" . sqlite_escape_string($val) . "', '" . sqlite_escape_string($_REQUEST["whcatid_new"]) . "')"); since your questions are more php-related than sqlite-related, please consider sending them to a php related mailing list: http://www.php.net/mailing-lists.php