If I run a script and it does one query, then immediately inserts the information from that query into another row, do I need to use mysql_real_escape_string on that data or only if it is using variables passed in from the browser?

Hi friend,

I'm not sure what you're getting at but to make sure that you need to use mysql_real_escape_string, echo the query first. The results of the echo will tell you the answer. If there's an extra quote in your query you may need to use mysql_real_escape_string.

Thanks :)

only on variables passed from the browser.

That is what I thought. Thank you guelphdad!!!