Thread: Problem with INSERT!
View Single Post
Old 12-22-2012, 08:29 AM   PM User | #3
Clawed
New Coder

 
Join Date: Nov 2012
Location: United Kingdom
Posts: 29
Thanks: 3
Thanked 0 Times in 0 Posts
Clawed is an unknown quantity at this point
Quote:
Originally Posted by Fou-Lu View Post
This is invalid: INSERT INTO (feedback title, .... Perhaps you mean INSERT INTO feedback (title, ...?

Noticed you are using mysqli. You should used prepared statements to save the trouble from needing to run through a real_escape_string. As is, this is open to SQL Injection.
Yes, i also recommend you use:
PHP Code:
$name mysql_real_escape_string$_POST['name'] ); 
Clawed is offline   Reply With Quote