submitting a simple form
Posted: Mon Jul 28, 2008 8:00 pm
1. Post values from form
2. If any error is detected show the form with errors along with the submitted values
3. if no error insert into database
I would like to know,
1. Should i have to use htmlspecialchars to text?
2. Can i use the above code both in php4 and php5?
2. If any error is detected show the form with errors along with the submitted values
3. if no error insert into database
Code: Select all
$action = $_POST['action'];
if($action == 'submit')
{
$name = $_POST['name'];
$address = $_POST['address'];
if(magic_quotes_gpc())
{
$name = stripslashes($name);
$name = mysql_realescape_string($name);
$address = stripslashes($address);
$address = mysql_realescape_string($address);
}
else
{
$name = addslashes($name);
$address = addslashes($address);
}
if(empty($name))
{
$error = 'Please enter your name';
$action = 'form';
}
else
{
mysql_query("INSERT INTO my_page SET name='$name', address='$address'");
}
}
if($action == 'form')
{
echo $error;
<form method="post" action="mypage.php">
<input type="text" name="name" value="<?php echo htmlspecialchars($name, ENT QUOTES) ?>">
<textarea name="addresss"> <?php htmlspecialchars(($address), ENT_QUOTES) ?> </textarea>
<input type='submit' name='action' value='submit'>
</form>
}
I would like to know,
1. Should i have to use htmlspecialchars to text?
2. Can i use the above code both in php4 and php5?