Jump to content

Recommended Posts

Database Structure

 

CREATE DATABASE `testdb` DEFAULT CHARSET latin1;

 

USE `testdb`;

 

CREATE TABLE `info` (

  `fname` char(20),

  `lname` char(20),

  `address` varchar(30),

  `city` char(20),

  `country` char(10)

) ENGINE=InnoDB DEFAULT CHARSET=latin1;

 

 

 

PHP Update Script

<?php
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$address=$_POST['address'];
$country=$_POST['country'];
$city=$_POST['city'];

$conn = mysql_connect('localhost','root',"") or die('Error: ' .mysql_error());

$db = mysql_select_db('testdb', $conn);

$query="INSERT INTO info(fname,lname,address,country,city)VALUES('$fname','$lname','$address','$country','$city')";

$results = mysql_query($query);

if($results)
{
   echo "Your data has been sent";
}
else
{
   echo "data not sent";
}


?>

<html>
<head> <title> </title> </head>
<body>
   <a href = "first.html"> Back </a>
</body>
</html>

PHP Retrieve Script

<html>
    <body>
        <table border="1" cellspacing="0" cellpadding="0">
            <tr>
                <td>
                    First Name
                </td>
                <td>
                    Last Name
                </td>
                <td>
                    Address
                </td>
                <td>
                    City
                </td>
            </tr>
        <?php
        $conn = mysql_connect("localhost","root");
      $db = mysql_select_db('testdb', $conn);
        $query = "SELECT * FROM info ";

        $result = mysql_query($query);
        if (!$result) {
            echo "Problem with query " . $query . "<br/>";
          //  echo pg_last_error();
            exit();
        }
      

        while($myrow = mysql_fetch_array($result)) {
      //same $myrow[fname] in the orther td:D goodluck
      echo "<tr><td>".$myrow["fname"]."</td><td>".$myrow["lname"]."</td><td>".$myrow["address"]."</td><td>".$myrow["city"]."</td></tr>";
           // printf ("<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>", $myrow['fname'], htmlspecialchars($myrow['lname']), htmlspecialchars($myrow['address']), htmlspecialchars($myrow['city']));htmlspecialchars($myrow['country']));
        }
        ?>
        </table>
    </body>
</html>

   

 

MOD EDIT:

 . . . 

BBCode tags added.

Link to comment
https://forums.phpfreaks.com/topic/233977-php-submit-and-retrieve-from-database/
Share on other sites

No i just pasted it for those who need to know how to update and retrieve from a database im a php beginner and i was able to finally get this update and retrieve to work thats why i pasted it... I hope it is not against forum rules? And i have noted down the quotes thing thank you

Nice, you shared the code. But there's a nightmare involved in it.

 

There's a wide open door for SQL Injection attack, which could lead your system to death. You didn't enclose $fname, $lname ... into some kind of escaping. You should have done it this way:

 

$fname=mysql_real_escape_string($_POST['fname']);
$lname=mysql_real_escape_string($_POST['lname']);
$address=mysql_real_escape_string($_POST['address']);
$country=mysql_real_escape_string($_POST['country']);
$city=mysql_real_escape_string($_POST['city']);

  • 4 weeks later...

Or, better yet, you could use "Prepared" queries and not have to worry about user input at all:

 

<?PHP

$fname=$_POST['fname'];

$lname=$_POST['lname'];

$address=$_POST['address'];

$country=$_POST['country'];

$city=$_POST['city'];

 

$connection = new mysqli('localhost', 'root', '', 'testdb');

 

$result = $connection->prepare("INSERT INTO info (fname,lname,address,country,city) VALUES (?, ?, ?, ?, ?)");

$result->bind_param("sssss", $fname, $lname, $address, $country, $city);

$result->execute();

?>

 

[attachment deleted by admin]

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.