Using Safe-Mode Form Variables in mySQL Query

[QReyes]

I am in a safe mode, I think. Anyway, in order to receive form variables through post method, I have to use $_POST['variable_name'] in order to read that variable. But how do you do it when you want to include it in query? The code is written below:

$result = mysql_query("INSERT INTO mytable ('column1', 'column2') VALUES ($_POST['variable1'], $_POST['variable2']") or die ("Query Error: ".mysql_error());

The code above gives me an mySQL error stating that I should read the manual for the proper format. Isn't the above query in proper format already?

 

[biggulp]

$result = mysql_query("INSERT INTO mytable (column1, column2) VALUES ('{$_POST['variable1']}', '{$_POST['variable2']}'") or die ("Query Error: ".mysql_error());

 

[The Red Guy]

Or you could simply write a function to get the variable, which imho is simpler, although a little overcoding, is neater and more reusable.

 

[awayfromforum]

Originally posted by The Red Guy
Or you could simply write a function to get the variable, which imho is simpler, although a little overcoding, is neater and more reusable.

waste of compilation time. Would slow bigger PHP scripts down if they would do that, since it means another stack call.