[nycphp-talk] inserting data into MySQL table.
David Krings
ramons at gmx.net
Mon Jul 23 14:39:53 EDT 2007
PaulCheung wrote:
> I have been having real difficulties try to insert a 20 column record
> into a table (using PHP not MySQL monitor).
I'd echo the query before sending it to the db engine, copy and paste it
into the query browser, and then see what happens. It seems as if you
do not escape anything and if one of the POST values has some single
quote or other objectionable character in it the query will not go
through because of a syntax error. If that is the case, you hit the best
case scenario of failure, because the worst case is SQL injection.
Since the only difference is the values that you get from $_POST I'f
take a look at those and print_r the$_POST array for testing (or use a
debugger for that).
David
More information about the talk
mailing list