Jump to content

Archived

This topic is now archived and is closed to further replies.

corillo181

a quick mydql quesion

Recommended Posts

i know i could use the ge tmethod to send into mysql the question is how? i tried my way and it doesn't get me no where.. i dont' know wher eot put the double quote or single.. here is the query

[code]$sql=mysql_query("INSERT INTO guestbook(name, comment, datetime)VALUES($_GET['picname'],'$comment', '$datetime')")or die(mysql_error());[/code]
i put the get method with out any quote so you can tell me in wich way i jhave to put single or double first..

thanx :)

and i know i can do it with variable i just want to know how to do it like that..

Share this post


Link to post
Share on other sites
i suggest you do this. it makes all the quotes a bit less confusing. but i strongly advise against inserting a $_GET variable directly into a sql query. you should take $nameofpic and do lots of things with it, like stripslahes/striptags, etc... to prevent sql injection.

$nameofpic = $_GET['picname'];
$sql=mysql_query("INSERT INTO guestbook(name, comment, datetime) VALUES ('$nameofpic','$comment', '$datetime')")or die(mysql_error());

Share this post


Link to post
Share on other sites
ok i'll take your wor dfor it.. but i put this a sonly if the sumit bottum is pressed to inser it in to the database but still it get sent into the data bas eeven if is not pressed..

[code]if(isset($_POST['Submit'])){
$sql1=mysql_query("INSERT INTO guestbook(name, comment, datetime)VALUES('$getpic','$comment', '$datetime')")or die(mysql_error());
}
?>[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.