Thread: php and mySQL
View Single Post
04-05-2007, 01:26 AM
 #5
powerspike is offline powerspike
Status: I'm new around here
Join date: Feb 2007
Location: Sydney, Australia
Expertise:
Software:
 
Posts: 23
iTrader: 0 / 0%
 

powerspike is on a distinguished road

  Old


$query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$e mail','$web')";
i would recomend not using that as an insert method. The reason been if you change the database structor you'll have to go back and change every query that uses that style of data.

you should do something like

$query = "insert into contact (contact_id,first_name,last_name) VALUES('',mysql_escape_string($_POST['first']),mysql_escape_string($_POST['last']));

the mysql_escape_string should stop stuff like sql injections and stuff.