Posted by Chris Hope on 10/01/56 11:34

cover wrote:

> On Mon, 12 Dec 2005 21:39:05 -0700, Christopher Pomasl
> <pomasl-NOSpam@starband.net> wrote:
>
>>Someone already noted the extra comma at the end before the close
>>paren. You are also, seemingly, missing a comma between keisize and
>>uhmwsize in the last line.
>
> WOW - that was it and how did I miss it? thanks very much and thanks
> to everyone who replied and helped me with this...
>
> One question - as I used the indicator for feet and inches (' and "
> respectively), I received error codes in the query. Is there a way to
> tell MySQL to ignore feet or inch inputs when they're inserted through
> the form? TIA

It's because you need to escape special characters such as single and
double quotes.

Refer to
http://www.php.net/manual/en/function.mysql-escape-string.php
http://www.php.net/manual/en/function.mysql-real-escape-string.php

You really need to be aware of sql injection:
http://www.google.com/search?q=sql+injection

It's quite possible to delete records, tables and entire databases with
sql injection. Believe me, I've done it to prove a point in the past.

--
Chris Hope | www.electrictoolbox.com | www.linuxcdmall.com

[Back to original message]