|
|
Posted by Matt Madrid on 08/05/07 03:14
zach wrote:
>
> $sql = "INSERT INTO comments (id, comment, name, quotekey) VALUES (NULL,
> '$comment', '$name', '$key')";
>
> mysql_real_escape_string($sql);
Normally, you want to escape the string, not the whole query.
$comment = mysql_real_escape_string($comment);
Now create your query.
Navigation:
[Reply to this message]
|