Simple Code Help

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
azylka
Forum Commoner
Posts: 40
Joined: Sat Dec 06, 2008 9:11 pm

Simple Code Help

Post by azylka »

I know that it's very simple, but how can I create a table for each user that registers on my site? On a different page, I need to store their email address and the file that they upload (the name of it). Here's what I have, but since I'm not really comfortable with mySQL, I thought I'd better ask here anyway.

Code: Select all

<?php
$user = $_GET['user'];
// Make a MySQL Connection
mysql_connect("mysql_server", "username", "password") or die(mysql_error());
mysql_select_db("users") or die(mysql_error());
 
// Create a MySQL table in the selected database
mysql_query("CREATE TABLE $user(
id INT NOT NULL AUTO_INCREMENT, 
PRIMARY KEY(id),
 email VARCHAR(80), 
 file VARCHAR(80)")
 or die(mysql_error());  
 
echo "Table "$user" created!";
 
?>
 
and for inserting,

Code: Select all

<?php
$user = $_GET['user'];
$email = $_GET['email'];
$file = $_GET['file'];
// Make a MySQL Connection
mysql_connect("mysql_server", "username", "password") or die(mysql_error());
mysql_select_db("users") or die(mysql_error());
 
// Insert a row of information into the table $user
mysql_query("INSERT INTO $user 
(email, file) VALUES($email, $file ) ") 
or die(mysql_error());   
 
echo "Data inserted!";
 
?>
Is there anything wrong with this, or a better way of going about it?

Thanks,
Alex
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: Simple Code Help

Post by AbraCadaver »

At a minimum, quote the values and escape the variables:

Code: Select all

// Insert a row of information into the table $user
mysql_query("INSERT INTO user
(email, file) VALUES ('" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($file) . "')")
or die(mysql_error());
-Shawn
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Post Reply