2. If any error is detected show the form with errors along with the submitted values
3. if no error insert into database
Code: Select all
$action = $_POST['action'];
if($action == 'submit')
{
$name = $_POST['name'];
$address = $_POST['address'];
if(magic_quotes_gpc())
{
$name = stripslashes($name);
$name = mysql_realescape_string($name);
$address = stripslashes($address);
$address = mysql_realescape_string($address);
}
else
{
$name = addslashes($name);
$address = addslashes($address);
}
if(empty($name))
{
$error = 'Please enter your name';
$action = 'form';
}
else
{
mysql_query("INSERT INTO my_page SET name='$name', address='$address'");
}
}
if($action == 'form')
{
echo $error;
<form method="post" action="mypage.php">
<input type="text" name="name" value="<?php echo htmlspecialchars($name, ENT QUOTES) ?>">
<textarea name="addresss"> <?php htmlspecialchars(($address), ENT_QUOTES) ?> </textarea>
<input type='submit' name='action' value='submit'>
</form>
}
I would like to know,
1. Should i have to use htmlspecialchars to text?
2. Can i use the above code both in php4 and php5?