Scud Posted March 21, 2008 Share Posted March 21, 2008 Hi guys; after a day of experimenting i finally got it all to work, i am now able to add records to my database through html field and i can not search for a usercode in a html field and it will bring up the matching record. Now i am happy, or at least i thought i would be. I made an earlier post and another guy mentioned to make sure the database entries, viewing and so on are secure, something about mysql injections and so on. I am still new to all this and therefore i have no idea what this is, regardless i would like my ste to be secure as possible, at the moment it is as follows; insert.php: <?php $con = mysql_connect("localhost","user","password"); if (!$con) { die('Could not connect: ' . mysql_error()); }mysql_select_db("mydata", $con);$sql="INSERT INTO my table(var1, var2, var3, var4, var5, var6) VALUES ('$_POST[var1]','$_POST[var2]','$_POST[var3]','$_POST[var4]','$_POST[var5]','$_POST[var6]')";if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "Record has been added";mysql_close($con) ?> an insert from my index page: <td colspan="4" background="http://www.mysite.com.au/images/index_13.gif"><form action="insert.php" method="post"> <table width="541" border="0" align="center"> <tr> <td width="69"><div align="right"><span class="style2">CustomerName:*</span></div></td> <td width="151"><label> <input type="text" name="var1" id="var1" tabindex="1" /> </label></td> <td width="175" class="style2"><div align="right">Store:*</div></td> <td width="128"><label> <input type="text" name="var2" id="var2" tabindex="2"/> </label></td> </tr> <tr> <td class="style2"><div align="right">Code*</div></td> <td><label> <input type="text" name="var3" id="var3" tabindex="3"/> </label></td> <td class="style2"><div align="right">Status*:</div></td> <td><label> <select id="anrede" name="var4" tabindex="4" onFocus="FocusCol(this)" onBlur="BlurCol(this)" tabindex="4"/> <option value="Complete - Awaiting Pick-Up" selected>Complete</option> <option value="Not Yet Complete. Please Check Back Soon" selected>Uncomplete</option> </select> </label></td> </tr> <tr> <td class="style2"><div align="right">Notes*</div></td> <td><label> <input type="text" name="var5" id="var5" tabindex="5"/> </label></td> <td class="style2"><div align="right">Staff Member*</div></td> <td><label> <input type="text" name="var6" id="var6" tabindex="5"/> </label></td> </tr> </table> <label></label> <div align="center"> <input name="button" type="submit" id="button" value="Submit" tabindex="13"/> </div> </form></td> now to read database entries findcode.php file <?php $q=$_GET["q"]; $con = mysql_connect("localhost","username","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("mydb", $con); $result = mysql_query("SELECT * FROM tabel WHERE row='$q'"); while($row = mysql_fetch_array($result)) { echo "Customer Code: " . $row['var1'] . " Code: " . $row['var2'] . " Store: " . $row['var3'] . " Notes: " . $row['var4'] . " Status: " . $row['var5']; echo "<br/>"; } ?> <html> <head> <script src="selectuser.js"></script> </head> <body><form name="form" action="findcode.php" method="get"> <input type="text" name="q" /> <input type="submit" name="Submit" value="Search" /> </form></body> </html> thanks guy, hopefully its secure enough for me not to have to make alteration... ill be waitin for feedback ,thanks in advance Link to comment https://forums.phpfreaks.com/topic/97216-got-mysql-to-work-with-html-and-php-fields-and-forms/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.