On 11/09/2020 19:50, Andy Burns wrote:
> The Natural Philosopher wrote:
>
>> $query = "insert into data set";
>> $flag=0;
>> foreach($fields as $name) //read variables and add to query
>> {
>> if($flag) $query .=',';
>> if(isset($_GET[$name]))
>> $query.= sprintf(" %s='%s'",$name,$_POST[$name]);
>> else
>> $query.= sprintf(" %s='%s'",$name,"");
>> $flag++;
>> }
>
>
funny, but obviously you don't understand sql as the sample code
specifically cannot do that kind of thing.
That is the reason why the SQL command is not passed.
And it is the reason why all the arguments are 'quoted'.
--
“But what a weak barrier is truth when it stands in the way of an
hypothesis!”
Mary Wollstonecraft
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
|