|
|
Posted by NC on 08/06/07 00:57
On Aug 5, 12:45 am, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
> NC wrote:
> > $sql = 'INSERT INTO comments (comment, name, quotekey) ' .
> > "VALUES ('$comment', '$name', '$key')";
> > mysql_real_escape_string($sql);
>
> ?? You should not be escaping the entire SQL query like this!
Indeed. Forgot to delete the unnecessary line from the OP's code
after trying to explain why it should be deleted. :) Thanks for
pointing it out!
Cheers,
NC
[Back to original message]
|