Php/mysql Update

I am trying to set up a promotion where visitors can vote on samples to add to the product line, but I’m having trouble updating my database.



I was wondering if anyone understood PHP and mysql enough to see what I am doing wrong here



UPDATE:

[QUOTE]


require_once('Connections/prodvote.php');

?>


$total = $_POST['total'];
$approve = $_POST['approve'];
$product = $_POST['product'];


$sql = "UPDATE voteprod SET TOTAL = $total, YES = $approve WHERE product_id = $product";

$query = mysql_query($sql);



if ($query) {

header('Location: http://www.vote.shipfreejewelry.com/');

exit;

}
?>
[/QUOTE]

MySQL injection comes first to mind…