I have set up the following form:
<form name="pric" method="post" action="up.php">
<div id="prices_col">Season A<br>
<input type='text' name="date0" maxlength="13" size="15" style="font-size: 9px;" value="<?php echo $_date[0]?>" />
</div>
<div align="middle"><input type="submit" value="EDIT"></div>
</form>
Information in database right now was like this ($_date[0] contains):
04/06 - 25/06
After posting the information, it decided to run the expression and I got something like:
-1.333333333
I use the following code:
$_date[0] = trim($_POST["date0"]);
mysql_query("UPDATE price SET _date=".$_date[0]." WHERE id='0'") or die(mysql_error());
How can I stop it from executing? I need to store the value as a plain text to the database.
mysql_query("UPDATE `price` SET `_date`='".mysql_real_escape_string(trim($_POST["date0"]))."' WHERE `id`=0") or die(mysql_error());
as _date is a text field and mysql_real_escape_string for security