Jump to content

processor.php

thegringo

By thegringo
in PHP Coding Help

 Share

Recommended Posts

thegringo Newbie

thegringo

Posted
Posted

Hi Can anyone help me with this form processor file, I have tried to change the script so it comply's with newer php source.

 

I'm pretty new to php and have some basic knowledge, I usaully find something on the internet that will point me in the right direction but everything i try just stinks. Can someone give me some examples how to change this code.

 

<?php
 
$where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));
 
include("config.inc.php");
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) die ('Could not connect to database: '.mysql_error());
mysql_select_db(DB_DATABASE,$link);
$query = "INSERT INTO `".scores."`
(field_1,field_2,field_3,field_4,field_5,field_6,field_7,field_8,field_9,field_10,field_11,field_12,field_13,field_14,field_15,field_16,field_17,field_18,field_19,field_20,field_21,field_22,field_23,hiddenField) VALUES ('" . $_POST['field_1'] . "','" . $_POST['field_2'] . "','" . $_POST['field_3'] . "','" . $_POST['field_4'] . "','" . $_POST['field_5'] . "','" . $_POST['field_6'] . "','" . $_POST['field_7'] . "','" . $_POST['field_8'] . "','" . $_POST['field_9'] . "','" . $_POST['field_10'] . "','" . $_POST['field_11'] . "','" . $_POST['field_12'] . "','" . $_POST['field_13'] . "','" . $_POST['field_14'] . "','" . $_POST['field_15'] . "','" . $_POST['field_16'] . "','" . $_POST['field_17'] . "','" . $_POST['field_18'] . "','" . $_POST['field_19'] . "','" . $_POST['field_20'] . "','" . $_POST['field_21'] . "','" . $_POST['field_22'] . "','" . $_POST['field_23'] . "','" . $_POST['hiddenField'] . "')";
mysql_query($query);
mysql_close($link);
$ToEmail = 'myemail@home.co.uk';
$mailheader = "From: ".$ToEmail."\r\n";
$mailheader .= "Cc: ".$_POST["hiddenField"] . "," . $_POST["field_23"] . "";
mail($ToEmail, "From: " . $_POST['field_1'] . " Week: " . $_POST['field_2'] . " - PredictaScores","Form data:
Name: " . $_POST['field_1'] . " 
Week: " . $_POST['field_2'] . " 
Game1: " . $_POST['field_3'] . "," . $_POST['field_4'] . " 
Game2: " . $_POST['field_5'] . "," . $_POST['field_6'] . " 
Game3: " . $_POST['field_7'] . "," . $_POST['field_8'] . " 
Game4: " . $_POST['field_9'] . "," . $_POST['field_10'] . " 
Game5: " . $_POST['field_11'] . "," . $_POST['field_12'] . " 
Game6: " . $_POST['field_13'] . "," . $_POST['field_14'] . " 
Game7: " . $_POST['field_15'] . "," . $_POST['field_16'] . " 
Game8: " . $_POST['field_17'] . "," . $_POST['field_18'] . " 
Game9: " . $_POST['field_19'] . "," . $_POST['field_20'] . " 
Game10: " . $_POST['field_21'] . "," . $_POST['field_22'] . " 
E-mail!: " . $_POST['field_23'] . "
 
",$mailheader); include("confirm.html");
 
?>
 
Thanks
thegringo
Link to comment
https://forums.phpfreaks.com/topic/298216-processorphp/
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted

switching to a different database api requires that you learn enough about the statements you are using, so that you can apply them to your own code. the PDO database api is the best and most consistent choice as a replacement for the mysql_ statements. the best place to start learning about any of the php statements is the php.net documentation. there are usually workable code examples in the documentation.

 

next, your database table design is bad. databases are not spread-sheets. laying out a table with a sequence of name/numbered columns makes for a lot of extra code and queries to create, find/display, update, or delete any of the data. there should be one row for each separate data item in a database table.

Link to comment
https://forums.phpfreaks.com/topic/298216-processorphp/#findComment-1521117
Share on other sites
QuickOldCar Regular Member

QuickOldCar

Posted
Posted

Use the mysqli_* functions instead

http://php.net/manual/en/book.mysqli.php

 

http://php.net/manual/en/mysqli.quickstart.connections.php

http://php.net/manual/en/mysqli.select-db.php

 

Escape anything being used in mysql queries

http://php.net/manual/en/mysqli.real-escape-string.php

 

http://php.net/manual/en/mysqli.query.php

 

http://php.net/manual/en/mysqli.close.php

Link to comment
https://forums.phpfreaks.com/topic/298216-processorphp/#findComment-1521118
Share on other sites
hansford Member

hansford

Posted
Posted 


include('config.inc.php');


// would need error handling if production code

// look up mysqli prepared statements


$db = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);  


$query = "INSERT INTO table_name(field_1,field_2,field_3) VALUES(?,?,?)";


$stmt = $db->prepare($query); 

$stmt->bind_param('iii',$_POST['field_1'],$_POST['field_2'],$_POST['field_3']);

$stmt->execute();
Link to comment
https://forums.phpfreaks.com/topic/298216-processorphp/#findComment-1521159
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.