Thread: Problem involving checkbox and Postgresql
I've got a table with a field called driving_required with a boolean
type and default 'true'. I've built a web page which contains the
following lines for displaying a checkbox:
<tr><td width="25%" class="form">Driver's License Required?</td>
<td width="75%" class="form"><input type="checkbox"
name="driving_required" CHECKED></td></tr>
After the form is submitted, it calls a php file called
jobpostresults.php which enters the data from the form into the database
and displays the results on the page.
Here's the section that enters the form data into the database:
// Add Job Description Details
$jddquery = "INSERT INTO job_description_details (description_id,
effective_date, driving_required, submitted_on, submitted_by,
sm_description, responsibilities, behaviors, skills, experience,
requirements) VALUES
('$description_id','$effective_date','$driving_required',now(),'$submitted_by','$sm_description','$responsibilities','$behaviors','$skills','$experience','$requirements')";
$jddresult = pg_exec($conn, $jddquery);
if (!$jddresult)
exit;
When I input the data and click on submit I get the following error
message:
Warning: pg_exec() query failed: ERROR: Bad boolean external
representation 'on'
in /var/www/nngov/admin/jobpostresults.php on line 46
It looks like the html form is producing 'on' for the value of
driving_required. How do I get this changed to 'true' in PostgreSQL?
--
Jeff Self
Information Technology Analyst
Department of Personnel
City of Newport News
2400 Washington Avenue
Newport News, VA 23607
757-926-6930
Hi Jeff,
Set the value parameter in the input tag
<input type="checkbox"
name="driving_required" CHECKED value='1'>
That should work I believe.
-Surojit
Jeff Self wrote:
>I've got a table with a field called driving_required with a boolean
>type and default 'true'. I've built a web page which contains the
>following lines for displaying a checkbox:
>
><tr><td width="25%" class="form">Driver's License Required?</td>
> <td width="75%" class="form"><input type="checkbox"
>name="driving_required" CHECKED></td></tr>
>
>After the form is submitted, it calls a php file called
>jobpostresults.php which enters the data from the form into the database
>and displays the results on the page.
>
>Here's the section that enters the form data into the database:
>
>// Add Job Description Details
>$jddquery = "INSERT INTO job_description_details (description_id,
>effective_date, driving_required, submitted_on, submitted_by,
>sm_description, responsibilities, behaviors, skills, experience,
>requirements) VALUES
>('$description_id','$effective_date','$driving_required',now(),'$submitted_by','$sm_description','$responsibilities','$behaviors','$skills','$experience','$requirements')";
>
>$jddresult = pg_exec($conn, $jddquery);
>if (!$jddresult)
> exit;
>
>When I input the data and click on submit I get the following error
>message:
>
>Warning: pg_exec() query failed: ERROR: Bad boolean external
>representation 'on'
> in /var/www/nngov/admin/jobpostresults.php on line 46
>
>It looks like the html form is producing 'on' for the value of
>driving_required. How do I get this changed to 'true' in PostgreSQL?
>
>
>
That only works if I leave the checkboxes checked. If I remove the
check, I get the following error:
Warning: pg_exec() query failed: ERROR: Bad boolean external
representation ''
in /var/www/nngov/admin/jobpostresults.php on line 66
On Thu, 2002-06-20 at 13:39, Surojit Niyogi wrote:
> Hi Jeff,
>
> Set the value parameter in the input tag
>
> <input type="checkbox"
> name="driving_required" CHECKED value='1'>
>
> That should work I believe.
>
> -Surojit
>
> Jeff Self wrote:
>
> >I've got a table with a field called driving_required with a boolean
> >type and default 'true'. I've built a web page which contains the
> >following lines for displaying a checkbox:
> >
> ><tr><td width="25%" class="form">Driver's License Required?</td>
> > <td width="75%" class="form"><input type="checkbox"
> >name="driving_required" CHECKED></td></tr>
> >
> >After the form is submitted, it calls a php file called
> >jobpostresults.php which enters the data from the form into the database
> >and displays the results on the page.
> >
> >Here's the section that enters the form data into the database:
> >
> >// Add Job Description Details
> >$jddquery = "INSERT INTO job_description_details (description_id,
> >effective_date, driving_required, submitted_on, submitted_by,
> >sm_description, responsibilities, behaviors, skills, experience,
> >requirements) VALUES
>
>('$description_id','$effective_date','$driving_required',now(),'$submitted_by','$sm_description','$responsibilities','$behaviors','$skills','$experience','$requirements')";
> >
> >$jddresult = pg_exec($conn, $jddquery);
> >if (!$jddresult)
> > exit;
> >
> >When I input the data and click on submit I get the following error
> >message:
> >
> >Warning: pg_exec() query failed: ERROR: Bad boolean external
> >representation 'on'
> > in /var/www/nngov/admin/jobpostresults.php on line 46
> >
> >It looks like the html form is producing 'on' for the value of
> >driving_required. How do I get this changed to 'true' in PostgreSQL?
> >
> >
> >
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
--
Jeff Self
Information Technology Analyst
Department of Personnel
City of Newport News
2400 Washington Avenue
Newport News, VA 23607
757-926-6930
It returns "on" as true. Just test the value of $driving_required and
assign the proper boolen value for postgresql..
If ($driving_required=='on') {
$driving_required=TRUE;
} else {
$driving_required=FALSE;
}
Dave
Jeff Self wrote:
>That only works if I leave the checkboxes checked. If I remove the
>check, I get the following error:
>
>Warning: pg_exec() query failed: ERROR: Bad boolean external
>representation ''
> in /var/www/nngov/admin/jobpostresults.php on line 66
>
>On Thu, 2002-06-20 at 13:39, Surojit Niyogi wrote:
>
>
>>Hi Jeff,
>>
>>Set the value parameter in the input tag
>>
>><input type="checkbox"
>>name="driving_required" CHECKED value='1'>
>>
>>That should work I believe.
>>
>>-Surojit
>>
>>Jeff Self wrote:
>>
>>
>>
>>>I've got a table with a field called driving_required with a boolean
>>>type and default 'true'. I've built a web page which contains the
>>>following lines for displaying a checkbox:
>>>
>>><tr><td width="25%" class="form">Driver's License Required?</td>
>>> <td width="75%" class="form"><input type="checkbox"
>>>name="driving_required" CHECKED></td></tr>
>>>
>>>After the form is submitted, it calls a php file called
>>>jobpostresults.php which enters the data from the form into the database
>>>and displays the results on the page.
>>>
>>>Here's the section that enters the form data into the database:
>>>
>>>// Add Job Description Details
>>>$jddquery = "INSERT INTO job_description_details (description_id,
>>>effective_date, driving_required, submitted_on, submitted_by,
>>>sm_description, responsibilities, behaviors, skills, experience,
>>>requirements) VALUES
>>>('$description_id','$effective_date','$driving_required',now(),'$submitted_by','$sm_description','$responsibilities','$behaviors','$skills','$experience','$requirements')";
>>>
>>>$jddresult = pg_exec($conn, $jddquery);
>>>if (!$jddresult)
>>> exit;
>>>
>>>When I input the data and click on submit I get the following error
>>>message:
>>>
>>>Warning: pg_exec() query failed: ERROR: Bad boolean external
>>>representation 'on'
>>>in /var/www/nngov/admin/jobpostresults.php on line 46
>>>
>>>It looks like the html form is producing 'on' for the value of
>>>driving_required. How do I get this changed to 'true' in PostgreSQL?
>>>
>>>
>>>
>>>
>>>
>>---------------------------(end of broadcast)---------------------------
>>TIP 3: if posting/reading through Usenet, please send an appropriate
>>subscribe-nomail command to majordomo@postgresql.org so that your
>>message can get through to the mailing list cleanly
>>
>>
Then check if($driving_required==1) { $bleh='t'} else { $bleh='f'}
On 20 Jun 2002, Jeff Self wrote:
> That only works if I leave the checkboxes checked. If I remove the
> check, I get the following error:
>
> Warning: pg_exec() query failed: ERROR: Bad boolean external
> representation ''
> in /var/www/nngov/admin/jobpostresults.php on line 66
>
> On Thu, 2002-06-20 at 13:39, Surojit Niyogi wrote:
> > Hi Jeff,
> >
> > Set the value parameter in the input tag
> >
> > <input type="checkbox"
> > name="driving_required" CHECKED value='1'>
> >
> > That should work I believe.
> >
> > -Surojit
> >
> > Jeff Self wrote:
> >
> > >I've got a table with a field called driving_required with a boolean
> > >type and default 'true'. I've built a web page which contains the
> > >following lines for displaying a checkbox:
> > >
> > ><tr><td width="25%" class="form">Driver's License Required?</td>
> > > <td width="75%" class="form"><input type="checkbox"
> > >name="driving_required" CHECKED></td></tr>
> > >
> > >After the form is submitted, it calls a php file called
> > >jobpostresults.php which enters the data from the form into the database
> > >and displays the results on the page.
> > >
> > >Here's the section that enters the form data into the database:
> > >
> > >// Add Job Description Details
> > >$jddquery = "INSERT INTO job_description_details (description_id,
> > >effective_date, driving_required, submitted_on, submitted_by,
> > >sm_description, responsibilities, behaviors, skills, experience,
> > >requirements) VALUES
> >
>('$description_id','$effective_date','$driving_required',now(),'$submitted_by','$sm_description','$responsibilities','$behaviors','$skills','$experience','$requirements')";
> > >
> > >$jddresult = pg_exec($conn, $jddquery);
> > >if (!$jddresult)
> > > exit;
> > >
> > >When I input the data and click on submit I get the following error
> > >message:
> > >
> > >Warning: pg_exec() query failed: ERROR: Bad boolean external
> > >representation 'on'
> > > in /var/www/nngov/admin/jobpostresults.php on line 46
> > >
> > >It looks like the html form is producing 'on' for the value of
> > >driving_required. How do I get this changed to 'true' in PostgreSQL?
> > >
> > >
> > >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 3: if posting/reading through Usenet, please send an appropriate
> > subscribe-nomail command to majordomo@postgresql.org so that your
> > message can get through to the mailing list cleanly
> --
> Jeff Self
> Information Technology Analyst
> Department of Personnel
> City of Newport News
> 2400 Washington Avenue
> Newport News, VA 23607
> 757-926-6930
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
> --
> Virus scanned by edNET.
>
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender. Any
offers or quotation of service are subject to formal specification.
Errors and omissions excepted. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of edNET or lightershade ltd. Finally, the
recipient should check this email and any attachments for the presence of
viruses. edNET and lightershade ltd accepts no liability for any damage
caused by any virus transmitted by this email.
--
--
Virus scanned by edNET.
on 6/20/02 1:01 PM, jself@nngov.com purportedly said: > That only works if I leave the checkboxes checked. If I remove the > check, I get the following error: > > Warning: pg_exec() query failed: ERROR: Bad boolean external > representation '' > in /var/www/nngov/admin/jobpostresults.php on line 66 if( ! $driving_required ) $driving_required = 'f'; Keary Suska Esoteritech, Inc. "Leveraging Open Source for a better Internet"
I find that an if() statement helps quite a bit.
Example:
if ($driving_required = 'on')
{
$driving_required = 1;
}
else
{
$driving_required = 0;
}
Also keep in mind that you can always manipulate ALL of your $_POST or
$_GET variables through a foreach() loop and a bunch of if() statements...
Hope this helps:)
On 20 Jun 2002, Jeff Self wrote:
> That only works if I leave the checkboxes checked. If I remove the
> check, I get the following error:
>
> Warning: pg_exec() query failed: ERROR: Bad boolean external
> representation ''
> in /var/www/nngov/admin/jobpostresults.php on line 66
>
> On Thu, 2002-06-20 at 13:39, Surojit Niyogi wrote:
> > Hi Jeff,
> >
> > Set the value parameter in the input tag
> >
> > <input type="checkbox"
> > name="driving_required" CHECKED value='1'>
> >
> > That should work I believe.
> >
> > -Surojit
> >
> > Jeff Self wrote:
> >
> > >I've got a table with a field called driving_required with a boolean
> > >type and default 'true'. I've built a web page which contains the
> > >following lines for displaying a checkbox:
> > >
> > ><tr><td width="25%" class="form">Driver's License Required?</td>
> > > <td width="75%" class="form"><input type="checkbox"
> > >name="driving_required" CHECKED></td></tr>
> > >
> > >After the form is submitted, it calls a php file called
> > >jobpostresults.php which enters the data from the form into the database
> > >and displays the results on the page.
> > >
> > >Here's the section that enters the form data into the database:
> > >
> > >// Add Job Description Details
> > >$jddquery = "INSERT INTO job_description_details (description_id,
> > >effective_date, driving_required, submitted_on, submitted_by,
> > >sm_description, responsibilities, behaviors, skills, experience,
> > >requirements) VALUES
> >
>('$description_id','$effective_date','$driving_required',now(),'$submitted_by','$sm_description','$responsibilities','$behaviors','$skills','$experience','$requirements')";
> > >
> > >$jddresult = pg_exec($conn, $jddquery);
> > >if (!$jddresult)
> > > exit;
> > >
> > >When I input the data and click on submit I get the following error
> > >message:
> > >
> > >Warning: pg_exec() query failed: ERROR: Bad boolean external
> > >representation 'on'
> > > in /var/www/nngov/admin/jobpostresults.php on line 46
> > >
> > >It looks like the html form is producing 'on' for the value of
> > >driving_required. How do I get this changed to 'true' in PostgreSQL?
> > >
> > >
> > >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 3: if posting/reading through Usenet, please send an appropriate
> > subscribe-nomail command to majordomo@postgresql.org so that your
> > message can get through to the mailing list cleanly
> --
> Jeff Self
> Information Technology Analyst
> Department of Personnel
> City of Newport News
> 2400 Washington Avenue
> Newport News, VA 23607
> 757-926-6930
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
>
-Chadwick
I suppose it works well with radio buttons where you at least have a "Yes" and "No" option.<br /><br /> Chris Thompson
wrote:<br/><blockquote cite="midPine.LNX.4.33L2.0206202101340.24168-100000@boyce.ednet.co.uk" type="cite"><pre
wrap="">Thencheck if($driving_required==1) { $bleh='t'} else { $bleh='f'}
On 20 Jun 2002, Jeff Self wrote:
</pre><blockquote type="cite"><pre wrap="">That only works if I leave the checkboxes checked. If I remove the
check, I get the following error:
Warning: pg_exec() query failed: ERROR: Bad boolean external
representation ''in /var/www/nngov/admin/jobpostresults.php on line 66
On Thu, 2002-06-20 at 13:39, Surojit Niyogi wrote: </pre><blockquote type="cite"><pre wrap="">Hi Jeff,
Set the value parameter in the input tag
<input type="checkbox"
name="driving_required" CHECKED value='1'>
That should work I believe.
-Surojit
Jeff Self wrote:
</pre><blockquote type="cite"><pre wrap="">I've got a table with a field called driving_required with a boolean
type and default 'true'. I've built a web page which contains the
following lines for displaying a checkbox:
<tr><td width="25%" class="form">Driver's License Required?</td> <td width="75%"
class="form"><inputtype="checkbox"
name="driving_required" CHECKED></td></tr>
After the form is submitted, it calls a php file called
jobpostresults.php which enters the data from the form into the database
and displays the results on the page.
Here's the section that enters the form data into the database:
// Add Job Description Details
$jddquery = "INSERT INTO job_description_details (description_id,
effective_date, driving_required, submitted_on, submitted_by,
sm_description, responsibilities, behaviors, skills, experience,
requirements) VALUES
('$description_id','$effective_date','$driving_required',now(),'$submitted_by','$sm_description','$responsibilities','$behaviors','$skills','$experience','$requirements')";
$jddresult = pg_exec($conn, $jddquery);
if (!$jddresult) exit;
When I input the data and click on submit I get the following error
message:
Warning: pg_exec() query failed: ERROR: Bad boolean external
representation 'on'
in /var/www/nngov/admin/jobpostresults.php on line 46
It looks like the html form is producing 'on' for the value of
driving_required. How do I get this changed to 'true' in PostgreSQL?
</pre></blockquote><pre wrap="">
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to <a class="moz-txt-link-abbreviated"
href="mailto:majordomo@postgresql.org">majordomo@postgresql.org</a>so that your
message can get through to the mailing list cleanly </pre></blockquote><pre wrap="">--
Jeff Self
Information Technology Analyst
Department of Personnel
City of Newport News
2400 Washington Avenue
Newport News, VA 23607
757-926-6930
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to <a class="moz-txt-link-abbreviated"
href="mailto:majordomo@postgresql.org">majordomo@postgresql.org</a>so that your
message can get through to the mailing list cleanly
--
Virus scanned by edNET.
</pre></blockquote><pre wrap=""> </pre></blockquote>
You have to process the values yourself to make sure it's right.
Just do something like this:
if ($driving_required == "1") $driving_required = 't';
else $driving_required = 'f';
Then use it in your update / insert statement as usual.
On 20 Jun 2002, Jeff Self wrote:
> That only works if I leave the checkboxes checked. If I remove the
> check, I get the following error:
>
> Warning: pg_exec() query failed: ERROR: Bad boolean external
> representation ''
> in /var/www/nngov/admin/jobpostresults.php on line 66
>
> On Thu, 2002-06-20 at 13:39, Surojit Niyogi wrote:
> > Hi Jeff,
> >
> > Set the value parameter in the input tag
> >
> > <input type="checkbox"
> > name="driving_required" CHECKED value='1'>
> >
> > That should work I believe.
> >
> > -Surojit
> >
> > Jeff Self wrote:
> >
> > >I've got a table with a field called driving_required with a boolean
> > >type and default 'true'. I've built a web page which contains the
> > >following lines for displaying a checkbox:
> > >
> > ><tr><td width="25%" class="form">Driver's License Required?</td>
> > > <td width="75%" class="form"><input type="checkbox"
> > >name="driving_required" CHECKED></td></tr>
> > >
> > >After the form is submitted, it calls a php file called
> > >jobpostresults.php which enters the data from the form into the database
> > >and displays the results on the page.
> > >
> > >Here's the section that enters the form data into the database:
> > >
> > >// Add Job Description Details
> > >$jddquery = "INSERT INTO job_description_details (description_id,
> > >effective_date, driving_required, submitted_on, submitted_by,
> > >sm_description, responsibilities, behaviors, skills, experience,
> > >requirements) VALUES
> >
>('$description_id','$effective_date','$driving_required',now(),'$submitted_by','$sm_description','$responsibilities','$behaviors','$skills','$experience','$requirements')";
> > >
> > >$jddresult = pg_exec($conn, $jddquery);
> > >if (!$jddresult)
> > > exit;
> > >
> > >When I input the data and click on submit I get the following error
> > >message:
> > >
> > >Warning: pg_exec() query failed: ERROR: Bad boolean external
> > >representation 'on'
> > > in /var/www/nngov/admin/jobpostresults.php on line 46
> > >
> > >It looks like the html form is producing 'on' for the value of
> > >driving_required. How do I get this changed to 'true' in PostgreSQL?
> > >
> > >
> > >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 3: if posting/reading through Usenet, please send an appropriate
> > subscribe-nomail command to majordomo@postgresql.org so that your
> > message can get through to the mailing list cleanly
>
--
"Force has no place where there is need of skill.", "Haste in every
business brings failures.", "This is the bitterest pain among men, to have
much knowledge but no power." -- Herodotus
All of which brings up the fact that you should never just trust all the
values being submitted to a page. That's how SQL insertion attacks succeed.
On Thursday 20 June 2002 13:22, Scott Marlowe wrote:
> You have to process the values yourself to make sure it's right.
>
> Just do something like this:
>
> if ($driving_required == "1") $driving_required = 't';
> else $driving_required = 'f';
>
> Then use it in your update / insert statement as usual.
>
> On 20 Jun 2002, Jeff Self wrote:
> > That only works if I leave the checkboxes checked. If I remove the
> > check, I get the following error:
> >
> > Warning: pg_exec() query failed: ERROR: Bad boolean external
> > representation ''
> > in /var/www/nngov/admin/jobpostresults.php on line 66
> >
> > On Thu, 2002-06-20 at 13:39, Surojit Niyogi wrote:
> > > Hi Jeff,
> > >
> > > Set the value parameter in the input tag
> > >
> > > <input type="checkbox"
> > > name="driving_required" CHECKED value='1'>
> > >
> > > That should work I believe.
> > >
> > > -Surojit
> > >
> > > Jeff Self wrote:
> > > >I've got a table with a field called driving_required with a boolean
> > > >type and default 'true'. I've built a web page which contains the
> > > >following lines for displaying a checkbox:
> > > >
> > > ><tr><td width="25%" class="form">Driver's License Required?</td>
> > > > <td width="75%" class="form"><input type="checkbox"
> > > >name="driving_required" CHECKED></td></tr>
> > > >
> > > >After the form is submitted, it calls a php file called
> > > >jobpostresults.php which enters the data from the form into the
> > > > database and displays the results on the page.
> > > >
> > > >Here's the section that enters the form data into the database:
> > > >
> > > >// Add Job Description Details
> > > >$jddquery = "INSERT INTO job_description_details (description_id,
> > > >effective_date, driving_required, submitted_on, submitted_by,
> > > >sm_description, responsibilities, behaviors, skills, experience,
> > > >requirements) VALUES
> > > >('$description_id','$effective_date','$driving_required',now(),'$submi
> > > >tted_by','$sm_description','$responsibilities','$behaviors','$skills',
> > > >'$experience','$requirements')";
> > > >
> > > >$jddresult = pg_exec($conn, $jddquery);
> > > >if (!$jddresult)
> > > > exit;
> > > >
> > > >When I input the data and click on submit I get the following error
> > > >message:
> > > >
> > > >Warning: pg_exec() query failed: ERROR: Bad boolean external
> > > >representation 'on'
> > > > in /var/www/nngov/admin/jobpostresults.php on line 46
> > > >
> > > >It looks like the html form is producing 'on' for the value of
> > > >driving_required. How do I get this changed to 'true' in PostgreSQL?
> > >
> > > ---------------------------(end of
> > > broadcast)--------------------------- TIP 3: if posting/reading through
> > > Usenet, please send an appropriate subscribe-nomail command to
> > > majordomo@postgresql.org so that your message can get through to the
> > > mailing list cleanly
On Mon, 17 Jun 2002, Digital Wokan wrote: > All of which brings up the fact that you should never just trust all the > values being submitted to a page. That's how SQL insertion attacks succeed. > > On Thursday 20 June 2002 13:22, Scott Marlowe wrote: > > You have to process the values yourself to make sure it's right. > > > > Just do something like this: > > > > if ($driving_required == "1") $driving_required = 't'; > > else $driving_required = 'f'; > > > > Then use it in your update / insert statement as usual. > > > > On 20 Jun 2002, Jeff Self wrote: > > > That only works if I leave the checkboxes checked. If I remove the > > > check, I get the following error: > > > > > > Warning: pg_exec() query failed: ERROR: Bad boolean external > > > representation '' > > > in /var/www/nngov/admin/jobpostresults.php on line 66 > > > > > > On Thu, 2002-06-20 at 13:39, Surojit Niyogi wrote: > > > > Hi Jeff, > > > > > > > > Set the value parameter in the input tag > > > > > > > > <input type="checkbox" > > > > name="driving_required" CHECKED value='1'> > > > > > > > > That should work I believe. > > > > > > > > -Surojit I just looked it up, and the value attribute is optional EXCEPT when the type is either radio or checkbox. Therefore you must specify some sort of value; it could even be 'on' if you want ;) See here: http://www.w3.org/TR/html4/interact/forms.html#h-17.4 Either way, as stated above, all values should be checked in a production state, but to manipulate your $_POST or $_GET arrays and turn them into sql query strings, it is sometimes necessary to individually search and replace values that do not work with sql. In other words, html form values were not meant to be sent to database back ends in the form of sql, hence we have php to change them for us :) Hooray for that! -Chadwick