Page 1 of 1

Simple Code Help

Posted: Sat Dec 05, 2009 10:48 am
by azylka
I know that it's very simple, but how can I create a table for each user that registers on my site? On a different page, I need to store their email address and the file that they upload (the name of it). Here's what I have, but since I'm not really comfortable with mySQL, I thought I'd better ask here anyway.

Code: Select all

<?php
$user = $_GET['user'];
// Make a MySQL Connection
mysql_connect("mysql_server", "username", "password") or die(mysql_error());
mysql_select_db("users") or die(mysql_error());
 
// Create a MySQL table in the selected database
mysql_query("CREATE TABLE $user(
id INT NOT NULL AUTO_INCREMENT, 
PRIMARY KEY(id),
 email VARCHAR(80), 
 file VARCHAR(80)")
 or die(mysql_error());  
 
echo "Table "$user" created!";
 
?>
 
and for inserting,

Code: Select all

<?php
$user = $_GET['user'];
$email = $_GET['email'];
$file = $_GET['file'];
// Make a MySQL Connection
mysql_connect("mysql_server", "username", "password") or die(mysql_error());
mysql_select_db("users") or die(mysql_error());
 
// Insert a row of information into the table $user
mysql_query("INSERT INTO $user 
(email, file) VALUES($email, $file ) ") 
or die(mysql_error());   
 
echo "Data inserted!";
 
?>
Is there anything wrong with this, or a better way of going about it?

Thanks,
Alex

Re: Simple Code Help

Posted: Sat Dec 05, 2009 1:26 pm
by AbraCadaver
At a minimum, quote the values and escape the variables:

Code: Select all

// Insert a row of information into the table $user
mysql_query("INSERT INTO user
(email, file) VALUES ('" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($file) . "')")
or die(mysql_error());
-Shawn