Code: Select all
<?php
$insert = ("INSERT INTO users uid, uname, pword, email, age, gender VALUES , username, password, email@blank.com, 13, M");
mysql_query($insert);
?>Moderator: General Moderators
Code: Select all
<?php
$insert = ("INSERT INTO users uid, uname, pword, email, age, gender VALUES , username, password, email@blank.com, 13, M");
mysql_query($insert);
?>Of course this is assuming uid is not an AUTO_INCREMENT field.Seifer wrote:Script in which takes the registration form and adds the info into the Database
Code: Select all
<?php
$uid = mysql_escape_string($_POSTї'uid']);
$username = mysql_escape_string($_POSTї'username']);
$password = mysql_escape_string($_POSTї'password']);
$email = mysql_escape_string($_POSTї'email']);
$age = mysql_escape_string($_POSTї'age']);
$gender = mysql_escape_string($_POSTї'gender']);
$insert = "INSERT INTO users(uid, uname, pword, email, age, gender) VALUES('".$uid."', '".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
mysql_query($insert) or die(mysql_error());
?>MySQL will literally choke on single quotes, double quotes, and backslashes. Fortunately PHP has thought ahead and has provided us with the mysql_escape_string() function to escape those hazardous characters altogether. Though I've used the addslashes() function with just as much success. Keep in mind that if magic_quotes_gpc is on in php.ini then PHP will automatically escape those characters in all data from GET and POST which will cover form actions. Also see the set_magic_quotes_runtime() function.Seifer wrote:Don't understand what the mysql_escape_string(); does.
Seifer wrote:UID is an AUTO_INCREMENT field.
Code: Select all
<?php
$username = mysql_escape_string($_POSTї'username']);
$password = mysql_escape_string($_POSTї'password']);
$email = mysql_escape_string($_POSTї'email']);
$age = mysql_escape_string($_POSTї'age']);
$gender = mysql_escape_string($_POSTї'gender']);
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
mysql_query($insert) or die(mysql_error());
?>Thanks McGruffMcGruff wrote:Slashing tutorial article: http://www.pinkgoblin.com/quotesarticle.php