Adding info into DB with a php script..Problem!

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
Seifer
Forum Commoner
Posts: 25
Joined: Wed Oct 15, 2003 10:03 pm
Location: Columbia City, IN
Contact:

Adding info into DB with a php script..Problem!

Post by Seifer »

As you have read in my other MySQL post, I have taken a break from PHP and MySQL for about a year and just starting up again. I am attempting to create a script in which takes the registration form and adds the info into the Database. I know how to do it, I am just not sure how exactly to set it up, as in order. Is it something like this:

Code: Select all

<?php
$insert = ("INSERT INTO users uid, uname, pword, email, age, gender VALUES , username, password, email@blank.com, 13, M");
mysql_query($insert);

?>
Is that about right? The order of which they go and the setup of them is what I am asking...Thanks.
User avatar
Kriek
Forum Contributor
Posts: 238
Joined: Wed May 29, 2002 3:46 am
Location: Florida
Contact:

Post by Kriek »

Seifer wrote:Script in which takes the registration form and adds the info into the Database
Of course this is assuming uid is not an AUTO_INCREMENT field.

Code: Select all

<?php
    $uid = mysql_escape_string($_POST&#1111;'uid']);
    $username = mysql_escape_string($_POST&#1111;'username']);
    $password = mysql_escape_string($_POST&#1111;'password']);
    $email = mysql_escape_string($_POST&#1111;'email']);
    $age = mysql_escape_string($_POST&#1111;'age']);
    $gender = mysql_escape_string($_POST&#1111;'gender']);
    $insert = "INSERT INTO users(uid, uname, pword, email, age, gender) VALUES('".$uid."', '".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
    mysql_query($insert) or die(mysql_error());
?>
Last edited by Kriek on Sat Oct 18, 2003 2:23 pm, edited 1 time in total.
Seifer
Forum Commoner
Posts: 25
Joined: Wed Oct 15, 2003 10:03 pm
Location: Columbia City, IN
Contact:

Post by Seifer »

Thanks Kriek, this is Random if you still remember me, and UID is an AUTO_INCREMENT field.

I had read this:
http://us4.php.net/manual/en/function.m ... string.php
and I still don't understand what the mysql_escape_string(); does. Could I get a brief explanation on why you put them there? :)
Last edited by Seifer on Sat Oct 18, 2003 2:22 pm, edited 1 time in total.
User avatar
Kriek
Forum Contributor
Posts: 238
Joined: Wed May 29, 2002 3:46 am
Location: Florida
Contact:

Post by Kriek »

Been a long time, good to see you man.
Seifer wrote:Don't understand what the mysql_escape_string(); does.
MySQL will literally choke on single quotes, double quotes, and backslashes. Fortunately PHP has thought ahead and has provided us with the mysql_escape_string() function to escape those hazardous characters altogether. Though I've used the addslashes() function with just as much success. Keep in mind that if magic_quotes_gpc is on in php.ini then PHP will automatically escape those characters in all data from GET and POST which will cover form actions. Also see the set_magic_quotes_runtime() function.
Seifer wrote:UID is an AUTO_INCREMENT field.

Code: Select all

<?php 
    $username = mysql_escape_string($_POST&#1111;'username']); 
    $password = mysql_escape_string($_POST&#1111;'password']); 
    $email = mysql_escape_string($_POST&#1111;'email']); 
    $age = mysql_escape_string($_POST&#1111;'age']); 
    $gender = mysql_escape_string($_POST&#1111;'gender']); 
    $insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'"); 
    mysql_query($insert) or die(mysql_error()); 
?>
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

Seifer
Forum Commoner
Posts: 25
Joined: Wed Oct 15, 2003 10:03 pm
Location: Columbia City, IN
Contact:

Post by Seifer »

McGruff wrote:Slashing tutorial article: http://www.pinkgoblin.com/quotesarticle.php
Thanks McGruff :)
Post Reply