Page 1 of 1

Update php mysql to include pdo

Posted: Fri May 10, 2013 8:40 pm
by keyboardman3244
I have an php sql code to add over 100 field to mysql database. I want to include coding for PDO to avoid the sql injection thing but, i'm new to all of this and really I do not know how nor truly understand it. Any help would be greatly appreciated. My form has over 100 fields. I am trying to put an online rental form on the web. This property is available for rental presently with no online forum to fill out. I just want to change this coding to include all pdo coding. I'm using Godaddy hosting. Thank you in advance. Here's the code.

***** Use the PHP Code tag for source code *****

Code: Select all

  <html>

<body>
<?php
>if (isset($_POST['submit'])){

    //Variables for connecting to your database.
    //These variable values come from your hosting account.
    $hostname = "hostname";
    $username = "username";
    $password = "password";
    $dbname = "dbname";
    $mystuff = array(  "tenant_lname","tenant_fname","tenant_mname","ssn","dl_number","dl_state","birthday","tenant_hphone","tenant_wphone","tenant_cphone","curr_street","curr__unit",
"curr_city","curr_state","curr_zip","how_long_from","how_long_to","last_rent_mnt","last_rent_amt","own_man_name","own_man_tel","curr_reason","pre_street","pre_unit",
"pre_city","pre_state","pre_zip","pre_from","pre_to","pre_last_rent","pre_amt","pre_owner","pre_owner_tel","pre_reason","sec_pre_street","sec_pre_unit","sec_pre_city",
"sec_pre_state","sec_pre_zip","sec_pre_from","sec_pre_to","sec_pre_last_paid_mnt","sec_pre_amt","sec_pre_owner","sec_pre_owner_tel","sec_pre_reason","curr_emp_name",
"curr_emp_add","curr_emp_phone","curr_emp_pos","curr_emp_bus_type","curr_emp_sup","curr_emp_from","curr_emp_to","curr_emp_salary","pre_emp_name","pre_emp_add",
"pre_emp_phone","pre_emp_pos","pre_emp_bus_type","pre_emp_sup_name","pre_emp_from","pre_emp_to","pre_emp_salary","move_date","addntl_occ_name","addntl_occ_age",
"addntl_occ_relation","addntl_ft","addntl_pt","addntl_occ1_name","addntl_occ1_age","addntl_occ1_relation","addntl_occ1_ft","addntl_occ1_pt","addntl_occ2_name",
"addntl_occ2_age","addnt2_occ1_relation","addntl_occ2_ft","addntl_occ2_pt","addntl_occ3_name","addntl_occ3_age","addntl_occ3_relation","addntl_occ3_ft",
"addntl_occ3_pt","credit_yes","credit_no","det_yes","det_no","evict_yes","evict_no","bnkry_yes","bnkry_no","fel_yes","fel_no","pet_yes","pet_no","pet_numb","pet_type",
"furn_yes","furn_no","ins_cov_yes","ins_cov_no","ints_yes","ints_no","ints_type","smoke_yes","smoke_no","occ_smoke_yes","occ_smoke_no","explain_smoke","bnk_name",
"bnk_add","checking","checking_bal","saving","saving_bal","bnk_name1","bnk_add1","checking1","checking_bal1","saving1","saving_bal1","other_income","credit_name",
"credit_add","credit_city","credit_acct","credit_bal","credit_payment","credit_name1","credit_add1","credit_city1","credit_acct1","credit_bal1","credit_payment1",
"credit_acct2_name","credit_add2","credit_city2","credit_acc2","credit_bal2","credit_payment2","credit_acc3_name","credit_acc3_add","credit_acc3_city",
"credit_acc3_number","credit_acc3_bal","credit_acc3_payment","emer_contact_name","emer_contact_add","emer_relation","emer_phone","reg_owner_yes","reg_owner_no",
"reg_who","vehicle_year","vehicle_make","vehicle_model","vehicle_color","vehicle_license","veh_state","vehicle2_year","vehicle2_make","vehicle2_model","vehicle2_color",
"vehicle2_license","veh2_state");


    $sql_values=array();
    foreach($mystuff as $fieldname) {
        /* do validation! */

        $sql_values[$fieldname] = "'" . mysql_real_excape_stiring($_POST[$fieldname]) . "'";
    }


    $con = mysql_connect("$hostname","$username","$password");
    if (!$con){
        die ("Can not connect:" . mysql_error());
    }

    mysql_select_db("dbname",$con);

    $sql = "INSERT INTO dbname (".implode(',', $mystuff).") VALUES (" . implode(',', $sql_values) . ")";

    mysql_query($sql,$con);

    mysql_close($con);
}


foreach($mystuff as $fieldname) {
    echo "...an input field...";
}

?>



</body>

Re: Update php mysql to include pdo

Posted: Fri May 10, 2013 10:23 pm
by requinix
I assume you already made sure you have PDO installed and available?

Before you tackle a crazy table like that... really, really crazy, shouldn't have nearly that many columns... try with a small example instead. So you can see how it works. You can use this as a guide of sorts.

Re: Update php mysql to include pdo

Posted: Sat May 11, 2013 1:07 am
by keyboardman3244
This php code works as is but I wanted to include pdo coding for security purposes. This form is a rental
form somewhat like an online employment application. I tried the pdo connection which I have working but,
I don't have the knowledge to set up an array in pdo to post this information to MySql securely. Any help
would be greatly appreciated.

Re: Update php mysql to include pdo

Posted: Sat May 11, 2013 1:44 am
by requinix
You already have something started? Then what's that code?