PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
seriousdamage
Forum Commoner
Posts: 30 Joined: Sat Nov 27, 2004 10:18 am
Post
by seriousdamage » Mon Dec 17, 2007 3:46 am
Hi,
I have the below code which I will use to add a record into a database.
Could someone help me to create an html interface where I have a field to add the record and a submit button to process the form?
Code: Select all
<?PHP
$user_name = "root";
$password = "";
$database = "addressbook";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$SQL = "INSERT INTO tb_address_book (First_Name, Surname, Address) VALUES ('bill', 'gates', 'Microsoft')";
$result = mysql_query($SQL);
mysql_close($db_handle);
print "Records added to the database";
}
else {
print "Database NOT Found ";
mysql_close($db_handle);
}
?>
Inkyskin
Forum Contributor
Posts: 282 Joined: Mon Nov 19, 2007 10:15 am
Location: UK
Post
by Inkyskin » Mon Dec 17, 2007 4:09 am
This is assuming the name fields are varchar and the address field takes longtext or similar:
Code: Select all
<?PHP
if(isset($_POST[action]) && $_POST[action] == 'Submit'){
$user_name = "root";
$password = "";
$database = "addressbook";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$SQL = "INSERT INTO tb_address_book (First_Name, Surname, Address) VALUES ('".$_POST[first_name]."', '".$_POST[last_name]."', '".$_POST[address]."')";
$result = mysql_query($SQL);
mysql_close($db_handle);
print "Records added to the database";
}
else {
print "Database NOT Found ";
mysql_close($db_handle);
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>My Form</title>
</head>
<body>
<form name="address" action="" method="post">
<input type="text" name="first_name" />
<input type="text" name="last_name" />
<textarea name="address"></textarea>
<input type="submit" name="action" value="Submit">
</form>
</body>
</html>
That should work, its a form in it's most basic form.
webspider
Forum Commoner
Posts: 52 Joined: Sat Oct 27, 2007 3:29 am
Post
by webspider » Mon Dec 17, 2007 7:57 am
Inkyskin wrote:
<form name="address" action="" method="post">
in action attribute of form tag we are supposed to give a file name that will process the form. In this case
Code: Select all
<form name="address" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
if no file name is given in action attributes it takes the current file for processing the form. So is there any difference using blank or $_SERVER['PHP_SELF'] ?
Inkyskin
Forum Contributor
Posts: 282 Joined: Mon Nov 19, 2007 10:15 am
Location: UK
Post
by Inkyskin » Mon Dec 17, 2007 8:11 am
Im not sure if there is a right way or not, but both ways would validate.
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Mon Dec 17, 2007 9:32 am
Never ever ever use PHP_SELF. It contains user input and can therefore also contain XSS. You can often use alternate actions like "#" instead with the same outcome and no XSS possibilities.
seriousdamage
Forum Commoner
Posts: 30 Joined: Sat Nov 27, 2004 10:18 am
Post
by seriousdamage » Mon Dec 17, 2007 9:52 am
Hi, I think I went way over my head in posting the above message,
it is already getting way to complicated for me.
I have posted a new message with different subject,
I really think I should start from the beginning with this
Thanks a lot all for your help.
Regards
Nic
Mordred
DevNet Resident
Posts: 1579 Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria
Post
by Mordred » Mon Dec 17, 2007 10:06 am
Not
but
and actually in this case
Code: Select all
mysql_real_escape_string($_POST['first_name'])