1) make sure you use mysqli_real_escape_string or the mysql_ equivalent if you're using mysql_ for each of your variables.
2) if you build your query in parts, make sure you have a trailing space between sections, so it doesn't turn into "SELECT fieldFROM tableWHERE condition"
3) when you get an error, verify your query before you try to rewrite it etc. usually i'll just add
Code: Select all