David Vallner wrote: > Hugh Sasse wrote: >> MySQL needs backticks `` for strings. Coming from Unix this was something >> I didn't expect. > > Since it works for the strings 'check', that's obviously not the > problem. tested it to see if it changed anything. it doesnt. so you are right. > Also, I'd use a database API that supports parameter placeholders and > does query escaping for you. > > Interpolating a string to get a SQL query is Bad (tm). Google around for > "sql injection", "pain", "anguish", "death" (right, some of those aren't > really related). > > If anything, use Mysql.escape on strings first at the very least. > > David Vallner I know about sql injection. I just want to get a working way of taking in data to my db first. Since Im having problems with even that, im not too worried about anything else. Plus this is going to be attached to the net. Its going to be on a stand alone. Does anyone see anything I might be forgetting or doing wrong in the sample code. Where am i dropping the data? Am I getting the data right? Am i doing anything else wrong? -- Posted via http://www.ruby-forum.com/.