Page 1 of 1

Adding info into DB with a php script..Problem!

Posted: Sat Oct 18, 2003 1:37 pm
by Seifer
As you have read in my other MySQL post, I have taken a break from PHP and MySQL for about a year and just starting up again. I am attempting to create a script in which takes the registration form and adds the info into the Database. I know how to do it, I am just not sure how exactly to set it up, as in order. Is it something like this:

Code: Select all

<?php
$insert = ("INSERT INTO users uid, uname, pword, email, age, gender VALUES , username, password, email@blank.com, 13, M");
mysql_query($insert);

?>
Is that about right? The order of which they go and the setup of them is what I am asking...Thanks.

Posted: Sat Oct 18, 2003 2:13 pm
by Kriek
Seifer wrote:Script in which takes the registration form and adds the info into the Database
Of course this is assuming uid is not an AUTO_INCREMENT field.

Code: Select all

<?php
    $uid = mysql_escape_string($_POST&#1111;'uid']);
    $username = mysql_escape_string($_POST&#1111;'username']);
    $password = mysql_escape_string($_POST&#1111;'password']);
    $email = mysql_escape_string($_POST&#1111;'email']);
    $age = mysql_escape_string($_POST&#1111;'age']);
    $gender = mysql_escape_string($_POST&#1111;'gender']);
    $insert = "INSERT INTO users(uid, uname, pword, email, age, gender) VALUES('".$uid."', '".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
    mysql_query($insert) or die(mysql_error());
?>

Posted: Sat Oct 18, 2003 2:18 pm
by Seifer
Thanks Kriek, this is Random if you still remember me, and UID is an AUTO_INCREMENT field.

I had read this:
http://us4.php.net/manual/en/function.m ... string.php
and I still don't understand what the mysql_escape_string(); does. Could I get a brief explanation on why you put them there? :)

Posted: Sat Oct 18, 2003 2:22 pm
by Kriek
Been a long time, good to see you man.
Seifer wrote:Don't understand what the mysql_escape_string(); does.
MySQL will literally choke on single quotes, double quotes, and backslashes. Fortunately PHP has thought ahead and has provided us with the mysql_escape_string() function to escape those hazardous characters altogether. Though I've used the addslashes() function with just as much success. Keep in mind that if magic_quotes_gpc is on in php.ini then PHP will automatically escape those characters in all data from GET and POST which will cover form actions. Also see the set_magic_quotes_runtime() function.
Seifer wrote:UID is an AUTO_INCREMENT field.

Code: Select all

<?php 
    $username = mysql_escape_string($_POST&#1111;'username']); 
    $password = mysql_escape_string($_POST&#1111;'password']); 
    $email = mysql_escape_string($_POST&#1111;'email']); 
    $age = mysql_escape_string($_POST&#1111;'age']); 
    $gender = mysql_escape_string($_POST&#1111;'gender']); 
    $insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'"); 
    mysql_query($insert) or die(mysql_error()); 
?>

Posted: Sat Oct 18, 2003 5:33 pm
by McGruff

Posted: Sun Oct 19, 2003 1:26 pm
by Seifer
McGruff wrote:Slashing tutorial article: http://www.pinkgoblin.com/quotesarticle.php
Thanks McGruff :)