Hi people,
Could any anyone help me out with this html and php codes. I keep getting "something went wrong" error message everytime i request the web page from the apache web server.
insert_form.html
----------------
<HTML>
<HEAD>
<TITLE>Insert Form</TITLE>
</HEAD>
<BODY>
<FORM ACTION="insert.php" METHOD=POST>
<P>Text to addbr>
<input type=text name="testField" size=30>
<p><input type=submit name="submit" value="Insert Record"></p>
</FORM>
</BODY>
</HTML>
insert.php
--------
<?php
// open the connection
$olu = mysql_connect("localhost", "root", "olu1bal");
// pick the database to use
mysql_select_db("testDB",$olu);
// create the SQL statement
$sql = "INSERT INTO testTable values ('', '$_POST[testField]')";
// execute the SQL statement
if (mysql_query($sql, $olu)) {
echo "record added!";
} else {
echo "something went wrong";
}
?>
I look 4ward to hearing from anyone a.s.a.p.
black85
Help with this html and PHP codes
Moderator: General Moderators
by the way, use some data filtering on that $_POST variable
Someone could use malicious data to corrupt your table.
Either do a preg_match like
or just a simple
Someone could use malicious data to corrupt your table.
Either do a preg_match like
Code: Select all
$regex = "#^[a-zA-Z0-9_- ]*$#";
if ( preg_match( $regex, $_POST['variable'] ) )
// DO INSERTCode: Select all
$sql = "INSERT INTO `table` SET `variable` = '".mysql_real_escape_string( $_POST['variable'] )."'";- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Re: Help with this html and PHP codes
Please wrap your code in either [ code ] tags or [ php ] tags. This is what your posting should have looked like...
Try this...black85 wrote:Hi people,
Could any anyone help me out with this html and php codes. I keep getting "something went wrong" error message everytime i request the web page from the apache web server.
insert_form.html
----------------insert.phpCode: Select all
<HTML> <HEAD> <TITLE>Insert Form</TITLE> </HEAD> <BODY> <FORM ACTION="insert.php" METHOD=POST> <P>Text to addbr> <input type=text name="testField" size=30> <p><input type=submit name="submit" value="Insert Record"></p> </FORM> </BODY> </HTML>
--------Code: Select all
<?php // open the connection $olu = mysql_connect("localhost", "root", "olu1bal"); // pick the database to use mysql_select_db("testDB",$olu); // create the SQL statement $sql = "INSERT INTO testTable values ('', '$_POST[testField]')"; // execute the SQL statement if (mysql_query($sql, $olu)) { echo "record added!"; } else { echo "something went wrong"; } ?>
I look 4ward to hearing from anyone a.s.a.p.
black85
Code: Select all
<?php
// execute the SQL statement
if (!$result = mysql_query($sql, $olu) || !mysql_affected_rows()) {
die("There was a problem with the insert: " . mysql_error());
} else {
echo "Alls well that queries well";
}
?>