garry Posted May 16, 2008 Share Posted May 16, 2008 So i'm trying to make a form that will add an artist to the database for my music review website. I'm doing this with a form and want to do the actions on the same page. I'm sorta confused about how I can do this :/ I don't want to parse the information through the URL because description will often be very big. Can someone also please help me with how I should filter the information that is added, I've heard about html_strip_chars and html_entities but i'm not sure exactly what they do and what should be used. Here's what I've got so far for the page: <h3> Add Artist </h3> <?php ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> <table width="615" border="0"> <tr> <td width="144" height="32"><div align="right">Artist Name:</div></td> <td width="461"><input type="text" name="artist" value="" /></td> </tr> <tr> <td height='32'><div align="right">Artist Description: </div></td> <td><input type="text" name="description" value=""> </td> </tr> <tr> <td> </td> <td><input name="submit" type="submit" value="Submit" /></td> </tr> </table> </form> Any help would be greatly appreciated Link to comment https://forums.phpfreaks.com/topic/105909-adding-to-the-database/ Share on other sites More sharing options...
[email protected] Posted May 16, 2008 Share Posted May 16, 2008 You seem to be on the right track! Firstly $_SERVER['PHP_SELF'] will ensure that he page submits back to its self. I assume that you will be putting the php code that does the database logic into the same page. In regards to not sending the form variables over the url, once again you are on the right track with using the POST method.. This will pass the data in the body of the request, hence hiding it from the url. In regards to filtering, I would suggest that you use add_slashes() to prevent security issues such as sql injection and use htmlspecialchars() to prevent javascript injection and cross site scripting. Other people might have other suggestions, but this is what I would be using. Hope this helps. Damien Link to comment https://forums.phpfreaks.com/topic/105909-adding-to-the-database/#findComment-542734 Share on other sites More sharing options...
garry Posted May 16, 2008 Author Share Posted May 16, 2008 Thanks for your reply I wanted to know how how exactly to make it so that when the page is submitted, the information is added and confirmed but the form is not displayed again. I'm pretty sure you can do this with a hidden field in the form which sets a variable but I'm not exactly sure how you do it so I thought I'd ask here! Thanks again Link to comment https://forums.phpfreaks.com/topic/105909-adding-to-the-database/#findComment-542737 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.