Page 1 of 1

submitting a simple form

Posted: Mon Jul 28, 2008 8:00 pm
by theBond
1. Post values from form
2. If any error is detected show the form with errors along with the submitted values
3. if no error insert into database

Code: Select all

 
$action = $_POST['action'];
if($action == 'submit')
{
  $name = $_POST['name'];
  $address = $_POST['address'];
 
  if(magic_quotes_gpc())
  {
        $name = stripslashes($name);
        $name = mysql_realescape_string($name);
 
        $address = stripslashes($address);
        $address = mysql_realescape_string($address);
  }
  else
  {
        $name = addslashes($name);
        $address = addslashes($address);
  }  
 
if(empty($name))
  {
        $error = 'Please enter your name';
        $action = 'form';
  }
  else
  {
      mysql_query("INSERT INTO my_page SET name='$name', address='$address'");
  }
}
 
if($action == 'form')
{
  echo $error;
<form method="post" action="mypage.php">
<input type="text" name="name" value="<?php echo htmlspecialchars($name, ENT QUOTES) ?>">
<textarea name="addresss"> <?php htmlspecialchars(($address), ENT_QUOTES) ?> </textarea>
<input type='submit' name='action' value='submit'>
</form>
}
 
 

I would like to know,
1. Should i have to use htmlspecialchars to text?
2. Can i use the above code both in php4 and php5?

Re: submitting a simple form

Posted: Tue Jul 29, 2008 12:10 am
by Amit Rathi
This script will work for both php4 and php5, NO need to use htmlspecial chars, browser automatically encode and decode the same.