Ok - Thanks. That's working now.
Perhaps you can help me with something else SQL Related... same project...
I am collecting data from a form to insert into the database. This is how I fetch the data from the form:
$originalDate = $_POST['date'];
$newDate = date("Y-m-d", strtotime($originalDate));
$howmany = $_POST['howmany'];
$musicContemp = $_POST['music_contemp'];
$musicReg = $_POST['music_reg'];
$minister = $_POST['minister'];
$topic = $_POST['topic'];
$desc = $_POST['desc'];
$forum = $_POST['forum_topic'];
$presenter = $_POST['presenter'];
$forumDesc = $_POST['forum_desc'];
$religious = $_POST['religious_ed'];
And this is how I build my query:
$query = "INSERT INTO services (
'" . $newDate . "',
'" . $howmany . "',
'" . $musicReg . "',
'" . $musicContemp . "',
'" . $minister . "',
'" . $topic . "',
'" . $desc . "',
'" . $forum . "',
'" . $presenter . "',
'" . $forumDesc . "',
'" . $religious . "')
$update = mysql_query($query);
if (! $update) exit(mysql_error());
else echo '
<span class="result-header">Sunday Services Form</span><br />
The details have been updated and will now appear on the website.
I need to know where in that code I use mysql_real_escape_string to make sure special characters entered into the form are escaped. When somebody enters something like "Let's see if this works" the query fails because it isn't escaped. I know I need to mysql_real_escape_string the values but I don't know where to put it.