Ver original$sql = "select * from paci where dni= '".mysql_escape_string($_POST['dni'])."'"; $result = mysql_query($sql);