> I think you should try:
> $Sem_No = pg_Exec($conn,"SELECT seminar_id FROM seminar WHERE name
> =\"$Sem\"");
Double quotes are for quoting column names, not string constants.
> $Sem_No = pg_Exec($conn,"SELECT seminar_id FROM seminar WHERE name
> ='$Sem'");
Better, but all strings, especially provided by some user, should be
treated by the function pg_escape_string.
Consider that some user types in a form field a text like this:
'; delete from seminar where ''='
When you add single quotes you get two valid queries. One of them is
what you would never want to be executed ;-)
And, by the way - pg_exec is a deprecated name AFAIK. The new one is
pg_query.
--
Ceterum censeo Internet Explorer esse delendam.
