dprichard Posted June 13, 2007 Share Posted June 13, 2007 Okay, I am trying to stop using Macromedia as my crutch and you guys have been a big help. I need some assistance with submitting a form. I have a form on my page and need to do an insert. I have the action posting it back to the same page I am on versus sending it to an insert page. The problem I am having is it trys to do the insert as soon as I pull up the page instead of waiting till the form is submitted. I believe I need to do something with isset, but can't really find a tutorial that goes over it really well. mysql_query("INSERT INTO folders (folder_name, folder_description, folder_creator, folder_status, folder_order, folder_doc_cat) VALUES('$_POST[folder_name]', '$_POST[folder_description]', '$_POST[folder_creator]', '$_POST[folder_status]', '$_POST[folder_order]', '$_POST[folder_doc_cat]')") or die(mysql_error()); Any help would be greatly appreciated. Link to comment https://forums.phpfreaks.com/topic/55451-insert-processes-before-form-is-submitted/ Share on other sites More sharing options...
Caesar Posted June 13, 2007 Share Posted June 13, 2007 <?php if(isset($_POST['submit'])) { $db->query("INSERT INTO $table ($fields) VALUES ($values)"); echo $message; } ?> Link to comment https://forums.phpfreaks.com/topic/55451-insert-processes-before-form-is-submitted/#findComment-274056 Share on other sites More sharing options...
dprichard Posted June 13, 2007 Author Share Posted June 13, 2007 is the submit on this line the form name or does it just go off of the submit button. If I have multiple forms on the page how do I specify which one it is using? Link to comment https://forums.phpfreaks.com/topic/55451-insert-processes-before-form-is-submitted/#findComment-274066 Share on other sites More sharing options...
dprichard Posted June 13, 2007 Author Share Posted June 13, 2007 Okay, so I named the form submit and then it tried to do the insert and it works great!!! What do I need to do to make sure the insert isn't subject to SQL injection attacks? if(isset($_POST['submit'])) { mysql_query("INSERT INTO folders (folder_name, folder_description, folder_creator, folder_status, folder_order, folder_doc_cat) VALUES('$_POST[folder_name]', '$_POST[folder_description]', '$_POST[folder_creator]', '$_POST[folder_status]', '$_POST[folder_order]', '$_POST[folder_doc_cat]')") or die(mysql_error()); } Link to comment https://forums.phpfreaks.com/topic/55451-insert-processes-before-form-is-submitted/#findComment-274076 Share on other sites More sharing options...
Caesar Posted June 13, 2007 Share Posted June 13, 2007 Write a function that cleans the data being input...and Clean/scrub all the data submitted before inserting it. Link to comment https://forums.phpfreaks.com/topic/55451-insert-processes-before-form-is-submitted/#findComment-274079 Share on other sites More sharing options...
dprichard Posted June 13, 2007 Author Share Posted June 13, 2007 Can I use mysql_real_escape_string and do something like this to avoid SQL Injection attacks? if(isset($_POST['submit'])) { mysql_query("INSERT INTO folders (folder_name, folder_description, folder_creator, folder_status, folder_order, folder_doc_cat) VALUES(%$, %$, %$, %$, %$, %$)", mysql_real_escape_string($_POST["folder_name"]), mysql_real_escape_string($_POST["folder_description"]), mysql_real_escape_string($_POST["folder_creator"]), mysql_real_escape_string($_POST["folder_status"]), mysql_real_escape_string($_POST["folder_order"]), mysql_real_escape_string($_POST["folder_doc_cat"])); } Link to comment https://forums.phpfreaks.com/topic/55451-insert-processes-before-form-is-submitted/#findComment-274092 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.