thegringo Posted September 18, 2015 Share Posted September 18, 2015 Hi Can anyone help me with this form processor file, I have tried to change the script so it comply's with newer php source. I'm pretty new to php and have some basic knowledge, I usaully find something on the internet that will point me in the right direction but everything i try just stinks. Can someone give me some examples how to change this code. <?php $where_form_is="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/")); include("config.inc.php"); $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) die ('Could not connect to database: '.mysql_error()); mysql_select_db(DB_DATABASE,$link); $query = "INSERT INTO `".scores."` (field_1,field_2,field_3,field_4,field_5,field_6,field_7,field_8,field_9,field_10,field_11,field_12,field_13,field_14,field_15,field_16,field_17,field_18,field_19,field_20,field_21,field_22,field_23,hiddenField) VALUES ('" . $_POST['field_1'] . "','" . $_POST['field_2'] . "','" . $_POST['field_3'] . "','" . $_POST['field_4'] . "','" . $_POST['field_5'] . "','" . $_POST['field_6'] . "','" . $_POST['field_7'] . "','" . $_POST['field_8'] . "','" . $_POST['field_9'] . "','" . $_POST['field_10'] . "','" . $_POST['field_11'] . "','" . $_POST['field_12'] . "','" . $_POST['field_13'] . "','" . $_POST['field_14'] . "','" . $_POST['field_15'] . "','" . $_POST['field_16'] . "','" . $_POST['field_17'] . "','" . $_POST['field_18'] . "','" . $_POST['field_19'] . "','" . $_POST['field_20'] . "','" . $_POST['field_21'] . "','" . $_POST['field_22'] . "','" . $_POST['field_23'] . "','" . $_POST['hiddenField'] . "')"; mysql_query($query); mysql_close($link); $ToEmail = 'myemail@home.co.uk'; $mailheader = "From: ".$ToEmail."\r\n"; $mailheader .= "Cc: ".$_POST["hiddenField"] . "," . $_POST["field_23"] . ""; mail($ToEmail, "From: " . $_POST['field_1'] . " Week: " . $_POST['field_2'] . " - PredictaScores","Form data: Name: " . $_POST['field_1'] . " Week: " . $_POST['field_2'] . " Game1: " . $_POST['field_3'] . "," . $_POST['field_4'] . " Game2: " . $_POST['field_5'] . "," . $_POST['field_6'] . " Game3: " . $_POST['field_7'] . "," . $_POST['field_8'] . " Game4: " . $_POST['field_9'] . "," . $_POST['field_10'] . " Game5: " . $_POST['field_11'] . "," . $_POST['field_12'] . " Game6: " . $_POST['field_13'] . "," . $_POST['field_14'] . " Game7: " . $_POST['field_15'] . "," . $_POST['field_16'] . " Game8: " . $_POST['field_17'] . "," . $_POST['field_18'] . " Game9: " . $_POST['field_19'] . "," . $_POST['field_20'] . " Game10: " . $_POST['field_21'] . "," . $_POST['field_22'] . " E-mail!: " . $_POST['field_23'] . " ",$mailheader); include("confirm.html"); ?> Thanks thegringo Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted September 18, 2015 Share Posted September 18, 2015 switching to a different database api requires that you learn enough about the statements you are using, so that you can apply them to your own code. the PDO database api is the best and most consistent choice as a replacement for the mysql_ statements. the best place to start learning about any of the php statements is the php.net documentation. there are usually workable code examples in the documentation. next, your database table design is bad. databases are not spread-sheets. laying out a table with a sequence of name/numbered columns makes for a lot of extra code and queries to create, find/display, update, or delete any of the data. there should be one row for each separate data item in a database table. Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted September 18, 2015 Share Posted September 18, 2015 Use the mysqli_* functions instead http://php.net/manual/en/book.mysqli.php http://php.net/manual/en/mysqli.quickstart.connections.php http://php.net/manual/en/mysqli.select-db.php Escape anything being used in mysql queries http://php.net/manual/en/mysqli.real-escape-string.php http://php.net/manual/en/mysqli.query.php http://php.net/manual/en/mysqli.close.php Quote Link to comment Share on other sites More sharing options...
hansford Posted September 19, 2015 Share Posted September 19, 2015 include('config.inc.php'); // would need error handling if production code // look up mysqli prepared statements $db = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $query = "INSERT INTO table_name(field_1,field_2,field_3) VALUES(?,?,?)"; $stmt = $db->prepare($query); $stmt->bind_param('iii',$_POST['field_1'],$_POST['field_2'],$_POST['field_3']); $stmt->execute(); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.