clippa Posted April 17, 2011 Share Posted April 17, 2011 Database Structure CREATE DATABASE `testdb` DEFAULT CHARSET latin1; USE `testdb`; CREATE TABLE `info` ( `fname` char(20), `lname` char(20), `address` varchar(30), `city` char(20), `country` char(10) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; PHP Update Script <?php $fname=$_POST['fname']; $lname=$_POST['lname']; $address=$_POST['address']; $country=$_POST['country']; $city=$_POST['city']; $conn = mysql_connect('localhost','root',"") or die('Error: ' .mysql_error()); $db = mysql_select_db('testdb', $conn); $query="INSERT INTO info(fname,lname,address,country,city)VALUES('$fname','$lname','$address','$country','$city')"; $results = mysql_query($query); if($results) { echo "Your data has been sent"; } else { echo "data not sent"; } ?> <html> <head> <title> </title> </head> <body> <a href = "first.html"> Back </a> </body> </html> PHP Retrieve Script <html> <body> <table border="1" cellspacing="0" cellpadding="0"> <tr> <td> First Name </td> <td> Last Name </td> <td> Address </td> <td> City </td> </tr> <?php $conn = mysql_connect("localhost","root"); $db = mysql_select_db('testdb', $conn); $query = "SELECT * FROM info "; $result = mysql_query($query); if (!$result) { echo "Problem with query " . $query . "<br/>"; // echo pg_last_error(); exit(); } while($myrow = mysql_fetch_array($result)) { //same $myrow[fname] in the orther td:D goodluck echo "<tr><td>".$myrow["fname"]."</td><td>".$myrow["lname"]."</td><td>".$myrow["address"]."</td><td>".$myrow["city"]."</td></tr>"; // printf ("<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>", $myrow['fname'], htmlspecialchars($myrow['lname']), htmlspecialchars($myrow['address']), htmlspecialchars($myrow['city']));htmlspecialchars($myrow['country'])); } ?> </table> </body> </html> MOD EDIT: . . . BBCode tags added. Link to comment https://forums.phpfreaks.com/topic/233977-php-submit-and-retrieve-from-database/ Share on other sites More sharing options...
Pikachu2000 Posted April 17, 2011 Share Posted April 17, 2011 Do you have a question related to that code? When posting code, please enclose it within the forum's . . . BBCode tags. Link to comment https://forums.phpfreaks.com/topic/233977-php-submit-and-retrieve-from-database/#findComment-1202607 Share on other sites More sharing options...
clippa Posted April 17, 2011 Author Share Posted April 17, 2011 No i just pasted it for those who need to know how to update and retrieve from a database im a php beginner and i was able to finally get this update and retrieve to work thats why i pasted it... I hope it is not against forum rules? And i have noted down the quotes thing thank you Link to comment https://forums.phpfreaks.com/topic/233977-php-submit-and-retrieve-from-database/#findComment-1202611 Share on other sites More sharing options...
Pikachu2000 Posted April 17, 2011 Share Posted April 17, 2011 Perhaps you missed the sticky topic at the top of the forum titled THIS IS NOT A CODE REPOSITORY? Link to comment https://forums.phpfreaks.com/topic/233977-php-submit-and-retrieve-from-database/#findComment-1202616 Share on other sites More sharing options...
clippa Posted April 17, 2011 Author Share Posted April 17, 2011 Perhaps you missed the sticky topic at the top of the forum titled THIS IS NOT A CODE REPOSITORY? I guess i did and i am very sorry for my mistake thank you for pointing it out for me Link to comment https://forums.phpfreaks.com/topic/233977-php-submit-and-retrieve-from-database/#findComment-1202623 Share on other sites More sharing options...
aceph Posted April 18, 2011 Share Posted April 18, 2011 Nice, you shared the code. But there's a nightmare involved in it. There's a wide open door for SQL Injection attack, which could lead your system to death. You didn't enclose $fname, $lname ... into some kind of escaping. You should have done it this way: $fname=mysql_real_escape_string($_POST['fname']); $lname=mysql_real_escape_string($_POST['lname']); $address=mysql_real_escape_string($_POST['address']); $country=mysql_real_escape_string($_POST['country']); $city=mysql_real_escape_string($_POST['city']); Link to comment https://forums.phpfreaks.com/topic/233977-php-submit-and-retrieve-from-database/#findComment-1203153 Share on other sites More sharing options...
dougjohnson Posted May 11, 2011 Share Posted May 11, 2011 Or, better yet, you could use "Prepared" queries and not have to worry about user input at all: <?PHP $fname=$_POST['fname']; $lname=$_POST['lname']; $address=$_POST['address']; $country=$_POST['country']; $city=$_POST['city']; $connection = new mysqli('localhost', 'root', '', 'testdb'); $result = $connection->prepare("INSERT INTO info (fname,lname,address,country,city) VALUES (?, ?, ?, ?, ?)"); $result->bind_param("sssss", $fname, $lname, $address, $country, $city); $result->execute(); ?> [attachment deleted by admin] Link to comment https://forums.phpfreaks.com/topic/233977-php-submit-and-retrieve-from-database/#findComment-1213973 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.