Arsench Posted September 19, 2006 Share Posted September 19, 2006 HELLO ALL FRIENDS.I HAVE A HTML FORM WITH ONE FIELD FOR NAME AND PHP FILE WHERE WHEN TYPING ANY NAME AND CLICKING SUBMIT THE NAME MUST BE INSERT INTO DB.i CANT DO IT AND CANT UNDERSTAND WHY LOOK THE BOTH CODE HTML<html><body><form id="nam" name="form1" method="post" action="nme.php">Name<input type="text" name="nm" />INSERT<input type="submit" name="Submit" value="Submit" /></form></body></html>AND THE CODE PHP<?php$usr = "29594";$pwd = "password";$db = "29594";$host = "localhost";if ($REQUEST_METHOD=="post") {mysql_connect ($host,$usr,$pwd);mysql_select_db($db);$SQL = " INSERT INTO adb (Nm)";$SQL .= " VALUES ('$nm')";$result = mysql_query($SQL);echo ("New Name Added\n");}mysql_close($SQL);?> please help me to correct Quote Link to comment Share on other sites More sharing options...
onlyican Posted September 19, 2006 Share Posted September 19, 2006 You are using the post method to parse the data (in your <form method='post')But you are not calling that valueto call that you need$nm = $_POST["nm"];ALSO,You need to secure this value before doing anything to the DB[code]<?phpfunction MakeSafe($str, $make_lower = false){if($make_lower){$str = strtolower($str);}$str = stripslashes($str);$str = trim($str);$str = strip_tags($str);$str = mysql_real_escape_string($str);return $str;}$usr = "29594";$pwd = "password";$db = "29594";$host = "localhost";if ($_POST["nm"]) {mysql_connect ($host,$usr,$pwd);mysql_select_db($db);$nm = MakeSafe($_POST["nm"]);$SQL = " INSERT INTO adb (Nm)";$SQL .= " VALUES ('$nm')";$result = mysql_query($SQL);echo ("New Name Added\n");}?>[/code] Quote Link to comment Share on other sites More sharing options...
Arsench Posted September 19, 2006 Author Share Posted September 19, 2006 thank you very much dear friends realy only you can:)can advise me if i have not only one field for text but many?for example<?php $usr = "29594";$pwd = "password";$db = "29594";$host = "localhost";if ($_POST["cat, stn, sturl, desc"]) { $SQL = " INSERT INTO links (category, sitename, siteurl, description);";$SQL = . "VALUES ('$cat', '$stn','$sturl','$desc') ";$result = mysql_db_query($db,"$SQL",$cid);$result = mysql_query($SQL);echo ("New Link Added\n");} ?> are here any error?Im a begginer and dont know many things.thank you again and again Quote Link to comment Share on other sites More sharing options...
onlyican Posted September 19, 2006 Share Posted September 19, 2006 You need to grab the values$cat = MakeSafe($_POST["cat"]);$stn = MakeSafe($_POST["stn"]);ect ect Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.