I am to insert 10 field's value in mysql from php code as it is. The problem is that whenever the user inserts apostrophe and comma(',) the query code is disturbed. some functions are there. But is it necessary to parse all field's value from these functions?? would it not be time consuming :P
here is my php code
$rs = mysql_query("
insert into
_{$pid}_item
values (
'$pid',
'$item_brand',
'$item_code',
'$item_name',
'$item_quantity',
'$item_mrp',
'$item_discount',
'$item_vat',
'$item_sat',
'$item_selling_price',
'$item_rating',
'$item_image'
)
");
I am passing the values to these variables..