Using Safe-Mode Form Variables in mySQL Query
I am in a safe mode, I think. Anyway, in order to receive form variables through post method, I have to use $_POST['variable_name'] in order to read that variable. But how do you do it when you want to include it in query? The code is written below:
<?php
$result = mysql_query(\"INSERT INTO mytable ('column1', 'column2') VALUES ($_POST['variable1'], $_POST['variable2']\") or die (\"Query Error: \".mysql_error());
?>The code above gives me an mySQL error stating that I should read the manual for the proper format. Isn't the above query in proper format already?