either change your query to
Code: Select all
INSERT INTO spikes (type, brand, gender, size, hand, new, price, description, imgname, date, name, userid, phone)
VALUES($type, $brand, $gender,
$size, $hand, $isNew,
$price, $desc, $imgname,
$date, $name, $userid,
$phone)";
Code: Select all
function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
$value = stripslashes($value);
// Quote if not a number
if (!is_numeric($value))
$value = mysql_real_escape_string($value);
return $value;
}