Posted by Carl on 11/15/06 01:05

Christo wrote:
> $sqlquery = "INSERT INTO tnews VALUES('$id','$title','$news','$date')";
>
> //print "<html><body><center>";
> //print "<p>You have just entered this record<p>";
> //print "Title : $title<br><hr>";
> //print "$news<br>$date";
> //print "</body></html>";
>
> print $sqlquery;
> $results = mysql_query($sqlquery);
>
> mysql_close($dbc);
>
> ?>
>

Christo,

You should always check the value returned by mysql_query() to ensure
that it did what you think it did. If you find (from the return value)
that there was a problem, a call to mysql_error() should give you the
details.
See the examples here: http://php.net/mysql_query

Also, You should never allow user input ($_POST in your case) to get
sent directly to the database server. See
http://www.php.net/mysql_real_escape_string for more info on why and
how to minimize potential problems.

Hope that helps,
Carl.

[Back to original message]