Jump to content


Photo

a quick mydql quesion


  • Please log in to reply
3 replies to this topic

#1 corillo181

corillo181
  • Members
  • PipPipPip
  • Advanced Member
  • 896 posts

Posted 05 May 2006 - 08:19 PM

i know i could use the ge tmethod to send into mysql the question is how? i tried my way and it doesn't get me no where.. i dont' know wher eot put the double quote or single.. here is the query

$sql=mysql_query("INSERT INTO guestbook(name, comment, datetime)VALUES($_GET['picname'],'$comment', '$datetime')")or die(mysql_error());
i put the get method with out any quote so you can tell me in wich way i jhave to put single or double first..

thanx :)

and i know i can do it with variable i just want to know how to do it like that..

#2 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 05 May 2006 - 08:22 PM

i suggest you do this. it makes all the quotes a bit less confusing. but i strongly advise against inserting a $_GET variable directly into a sql query. you should take $nameofpic and do lots of things with it, like stripslahes/striptags, etc... to prevent sql injection.

$nameofpic = $_GET['picname'];
$sql=mysql_query("INSERT INTO guestbook(name, comment, datetime) VALUES ('$nameofpic','$comment', '$datetime')")or die(mysql_error());
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#3 corillo181

corillo181
  • Members
  • PipPipPip
  • Advanced Member
  • 896 posts

Posted 05 May 2006 - 08:55 PM

ok i'll take your wor dfor it.. but i put this a sonly if the sumit bottum is pressed to inser it in to the database but still it get sent into the data bas eeven if is not pressed..

if(isset($_POST['Submit'])){
$sql1=mysql_query("INSERT INTO guestbook(name, comment, datetime)VALUES('$getpic','$comment', '$datetime')")or die(mysql_error());
}
?>


#4 corillo181

corillo181
  • Members
  • PipPipPip
  • Advanced Member
  • 896 posts

Posted 05 May 2006 - 09:18 PM

forget it i got it..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users