Please help edit this code! Assign an html textbox to a php variable.

[Me1337]

Hello,

 

I'm trying to get an html textbox assigned to a php variable so I can put this on my panel.

Can you please revise and edit this code?

 

<?php
$con = mysql_connect("localhost","root","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("PenguinWorld", $con);
mysql_query("UPDATE pw_users SET Nickname='nick'
WHERE Username='username'");
mysql_close($con);
?>

<html>

<form name="input" action="changed.php" method="get">
Username:<INPUT TYPE = "Text" VALUE ="username" NAME = "username"><br>
New Nick: <INPUT TYPE = "Text" VALUE ="nick" NAME = "nick"><br>
<input type="submit" value="Submit" />
</form>

[requinix]

The hard part is

mysql_query("UPDATE pw_users SET Nickname='" . mysql_real_escape_string(???) . "' WHERE Username='" . mysql_real_escape_string(???) . "'");

The rest you can find with some creative Googling.

[Me1337]

The hard part is

mysql_query("UPDATE pw_users SET Nickname='" . mysql_real_escape_string(???) . "' WHERE Username='" . mysql_real_escape_string(???) . "'");

The rest you can find with some creative Googling.

 

Sorry, I'm not that familiar with PHP, I just started a week ago. I don't understand how that code you pasted would help.

[requinix]

Then you best start learning, eh?

[Genesis730]

Me1337, mysql_real_escape_string or MRES is an important part of handling user input as far as security. You ALWAYS want to sanitize (make sure input is what you expect it to be and ONLY what you expect, nothing that might cause problems) user input cause you never know what might be sent.