Jump to content

PHP submit and Retrieve from database


clippa

Recommended Posts

Database Structure

 

CREATE DATABASE `testdb` DEFAULT CHARSET latin1;

 

USE `testdb`;

 

CREATE TABLE `info` (

  `fname` char(20),

  `lname` char(20),

  `address` varchar(30),

  `city` char(20),

  `country` char(10)

) ENGINE=InnoDB DEFAULT CHARSET=latin1;

 

 

 

PHP Update Script

<?php
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$address=$_POST['address'];
$country=$_POST['country'];
$city=$_POST['city'];

$conn = mysql_connect('localhost','root',"") or die('Error: ' .mysql_error());

$db = mysql_select_db('testdb', $conn);

$query="INSERT INTO info(fname,lname,address,country,city)VALUES('$fname','$lname','$address','$country','$city')";

$results = mysql_query($query);

if($results)
{
   echo "Your data has been sent";
}
else
{
   echo "data not sent";
}


?>

<html>
<head> <title> </title> </head>
<body>
   <a href = "first.html"> Back </a>
</body>
</html>

PHP Retrieve Script

<html>
    <body>
        <table border="1" cellspacing="0" cellpadding="0">
            <tr>
                <td>
                    First Name
                </td>
                <td>
                    Last Name
                </td>
                <td>
                    Address
                </td>
                <td>
                    City
                </td>
            </tr>
        <?php
        $conn = mysql_connect("localhost","root");
      $db = mysql_select_db('testdb', $conn);
        $query = "SELECT * FROM info ";

        $result = mysql_query($query);
        if (!$result) {
            echo "Problem with query " . $query . "<br/>";
          //  echo pg_last_error();
            exit();
        }
      

        while($myrow = mysql_fetch_array($result)) {
      //same $myrow[fname] in the orther td:D goodluck
      echo "<tr><td>".$myrow["fname"]."</td><td>".$myrow["lname"]."</td><td>".$myrow["address"]."</td><td>".$myrow["city"]."</td></tr>";
           // printf ("<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>", $myrow['fname'], htmlspecialchars($myrow['lname']), htmlspecialchars($myrow['address']), htmlspecialchars($myrow['city']));htmlspecialchars($myrow['country']));
        }
        ?>
        </table>
    </body>
</html>

   

 

MOD EDIT:

 . . . 

BBCode tags added.

Link to comment
https://forums.phpfreaks.com/topic/233977-php-submit-and-retrieve-from-database/
Share on other sites

No i just pasted it for those who need to know how to update and retrieve from a database im a php beginner and i was able to finally get this update and retrieve to work thats why i pasted it... I hope it is not against forum rules? And i have noted down the quotes thing thank you

Nice, you shared the code. But there's a nightmare involved in it.

 

There's a wide open door for SQL Injection attack, which could lead your system to death. You didn't enclose $fname, $lname ... into some kind of escaping. You should have done it this way:

 

$fname=mysql_real_escape_string($_POST['fname']);
$lname=mysql_real_escape_string($_POST['lname']);
$address=mysql_real_escape_string($_POST['address']);
$country=mysql_real_escape_string($_POST['country']);
$city=mysql_real_escape_string($_POST['city']);

  • 4 weeks later...

Or, better yet, you could use "Prepared" queries and not have to worry about user input at all:

 

<?PHP

$fname=$_POST['fname'];

$lname=$_POST['lname'];

$address=$_POST['address'];

$country=$_POST['country'];

$city=$_POST['city'];

 

$connection = new mysqli('localhost', 'root', '', 'testdb');

 

$result = $connection->prepare("INSERT INTO info (fname,lname,address,country,city) VALUES (?, ?, ?, ?, ?)");

$result->bind_param("sssss", $fname, $lname, $address, $country, $city);

$result->execute();

?>

 

[attachment deleted by admin]

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.