Jump to content

admin panel help

fantomel

By fantomel
in PHP Coding Help

 Share

Recommended Posts

fantomel Regular Member

fantomel

Posted
Posted

hello i've got some problems with a code from an admin panel i'm begginer in doing stuff like this one .. :) can someone help me with the code cuz.. it doesn't insterting the right stuff and i dunno why i can't understand... :D thanks for helping me out

 

 

 

<form method="POST" action="locatie_add.php">
<table>
   <tr>
      <td>Titlu: </td>
      <td><input type="text" name="title"></td>
   </tr>
   <tr>
       <td>Tara: </td>
       <td><input type="text" name="tara"></td>
   </tr>
   <tr>
       <td>Locatie: </td>
       <td><input type="text" name="locatie"></td>
   </tr>
   <tr>
       <td></td>
       <td><input type="submit" value="submit"></td>
   </tr>
</table>
</form>

 

 

 

 

<?php    
$title = $_POST['title'];  
$tara = $_POST['tara'];  
$locatie = $_POST['locatie'];  
  
$sql = "insert into vacante_locatii (title, tara, locatie) VALUES ('$title', '$tara', '$locatie')";  
if (!$sql) {
    die('Nnu am putut adauga nimic. ' . mysql_error());
    echo ("am reusit");
   }
$result = mysql_query($sql) or die ( mysql_error() );
?> 

 

 

 

 

CREATE TABLE IF NOT EXISTS `vacante_locatii` (
  `vacante_locatii_id` tinyint(11) unsigned NOT NULL auto_increment,
  `title` varchar(30) NOT NULL,
  `tara` text NOT NULL,
  `locatie` text NOT NULL,
  PRIMARY KEY  (`vacante_locatii_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=31 ;

Link to comment
Share on other sites
LemonInflux Advanced Member

LemonInflux

Posted
Posted

Right, for a start...

 

<?php    
$title = $_POST['title'];  
$tara = $_POST['tara'];  
$locatie = $_POST['locatie'];  
  
$sql = "insert into vacante_locatii (title, tara, locatie) VALUES ('$title', '$tara', '$locatie')";  
if (!$sql) {
    die('Nnu am putut adauga nimic. ' . mysql_error());
    echo ("am reusit"); // <- this line isn't needed. You called the die() function, so nothing after this will work.
   }
$result = mysql_query($sql) or die ( mysql_error() );
?> 

 

Why not use..

 

<?php    
$title = mysql_real_escape_string($_POST['title']); // by using mysql_real_escape_string, this combats mysql injection hacking 
$tara = mysql_real_escape_string($_POST['tara']);
$locatie = mysql_real_escape_string($_POST['locatie']);

$sql = mysql_query("INSERT INTO `vacante_locatii` (title, tara, locatie) VALUES ('$title', '$tara', '$locatie')") or die('Nnu am putut adauga nimic. ' . mysql_error()); // A bit tidier. Also, your if(!sql) will never be called, because there you're checking if the var was set, not whether the query was successful.

?>

 

Tell me if you have any luck :)

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.