Jump to content

script VS database


asherinho

Recommended Posts

$query="INSERT INTO viewz(name,title,mail,choice,comments,) VALUES('$_POST[name]','$_POST[title]','$_POST[mail]','$_POST[choice]',
'$_POST[comments]')";

 

Instead, try this:

 

$query="INSERT INTO viewz(name,title,mail,choice,comments) VALUES('{$_POST['name']}','{$_POST['title']}','{$_POST['mail']}','{$_POST['choice']}',
'{$_POST['comments']}')";

 

Changes: Remove comma after comments.

Add {} around variables

Add '' around array indexes for $_POST

 

This doesn't handle escaping of the input data, so it's not secure.  It is vulnerable to mysql injection.

Link to comment
https://forums.phpfreaks.com/topic/62795-script-vs-database/#findComment-312606
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.