here my code-
$things = serialize($_POST['things']);
$q = "INSERT INTO tblslider(src) values($things)";
echo "Slider saved successfully.";
You forgot quotes around
$q = "INSERT INTO tblslider(src) values('" . mysql_real_escape_string($things) . "')";
mysql_real_escape_string() is really the least you should ever do!
Also as @sanders mentions, you should always output your complete query (via
var_dump()) as a first step in debugging.
I prefer to build queries like this to enhance readability:
$q = sprintf( 'INSERT INTO tblslider(src) VALUES ("%s")', mysql_real_escape_string($things) );
That is, whenever I absolutely have to build and escape them myself. You should really have a look at PDO.
Comments in this thread suggests that OP actually wants to insert
651603.jpg,7184512.jpg,3659637.jpg,569839.jpg into the database. In that case
implode() could be used (provided that
$_POST['things'] only contains items to insert!):
$q = sprintf( 'INSERT INTO tblslider(src) VALUES ("%s")', mysql_real_escape_string(implode(',', $_POST['things'])) );
Note, that I'm using
$_POST['things'] directly here. No
serialize(). (I did, however, not realize this erro until just now.)