valoukh Posted March 6, 2008 Share Posted March 6, 2008 Hi all, I'm trying to insert 4 pieces of information into a MySQL table from a HTML form. 3 of the items are user-input and I'd like to have the fourth one (the date) automatically entered. I'm new to this so if anyone can quickly explain what I'm doing wrong that would be great! update_news.php: <form action="update_news_doupdate.php" method="post"> Title: <input type="text" name="title" /> Content: <input type="text" name="content" /> Image: <input type="text" name="image" /> <input type="submit" /> </form> update_news_doupdate.php: <? $sql="INSERT INTO News (Date, Title, Content, Image) VALUES ('CURDATE()','$_POST[title]','$_POST[content]','$_POST[image]')"; if (!mysql_query($sql,$dbh)) { die('Error: ' . mysql_error()); } echo "News item added, thanks!"; mysql_close($dbh) ?> The 3 fields enter perfectly, just can't get today's date in there (I'm getting 0000-00-00). Thanks a lot, valoukh. Quote Link to comment Share on other sites More sharing options...
shocker-z Posted March 6, 2008 Share Posted March 6, 2008 CURDATE() doesnt need to be wrapped in quotes as it's a built in mysql function. <? $sql="INSERT INTO News (Date, Title, Content, Image) VALUES (CURDATE(),'"mysql_real_ escape_string($_POST['title'])"','"mysql_real_ escape_string($_POST['content'])"','"mysql_real_ escape_string($_POST['image'])"')"; if (!mysql_query($sql,$dbh)) { die('Error: ' . mysql_error()); } echo "News item added, thanks!"; mysql_close($dbh) ?> I've also added mysql_real_ escape_string() to help protect you against a few attacks that can be done. Regards Liam Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.