My form variables don't work anymore

[pvmaddox]

Evidently in the new version of PHP the values sent in the command from the form are no longer available as $variable, but must be accessed using $_post['variable']. My MySQL Insert command no longer works using
$sql = "INSERT INTO q<removed> (K_Q<removed>,F<removed>,L<removed>) values VALUES ($_POST['K_Q<removed>'],$_POST['F<removed>'],$_POST['L<removed>'])";
gives me an indecipherable error message
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /big/dom/x<removed>.php on line 35

What am I doing wrong?

[kitchin]

Take out the single quotes. It's a weird aspect of PHP double-quoting. By the way, that code is unsafe unless you trust your users not to craft any old MySQL statement they want.

[kitchin]

The quoting is explained by the 'banana' examples here:
http://us2.php.net/manual/en/languag...string.parsing

[Kevin]

Kitchen is right. Any input needs to be sanitized before using it in an SQL query or even worse shell code.

[pvmaddox]

Thanks. I no longer get the error message, but it still won't save the record to the database. My $result is always false and no new records are added.
Any suggestions for that?

[pvmaddox]

And how is that done?

[jmihawkins]

Kevin, fell out of my chair laughing so hard - printed the page, had to show it around some as explanation/example of my sense of humor (even tho I knew the comments would be unkind). Thankyou for lightening my day !!

[Kevin]

To be fair, that was a cartoon from xkcd.com not something I made. It is one of their better ones though.

[kitchin]

The basic technique is described here:
http://us3.php.net/manual/en/functio...ape-string.php

I can't say it's always sufficient, but it is much better.

[pvmaddox]

Thanks.