Page 1 of 1
Adding info into DB with a php script..Problem!
Posted: Sat Oct 18, 2003 1:37 pm
by Seifer
As you have read in my other MySQL post, I have taken a break from PHP and MySQL for about a year and just starting up again. I am attempting to create a script in which takes the registration form and adds the info into the Database. I know how to do it, I am just not sure how exactly to set it up, as in order. Is it something like this:
Code: Select all
<?php
$insert = ("INSERT INTO users uid, uname, pword, email, age, gender VALUES , username, password, email@blank.com, 13, M");
mysql_query($insert);
?>
Is that about right? The order of which they go and the setup of them is what I am asking...Thanks.
Posted: Sat Oct 18, 2003 2:13 pm
by Kriek
Seifer wrote:Script in which takes the registration form and adds the info into the Database
Of course this is assuming uid is not an AUTO_INCREMENT field.
Code: Select all
<?php
$uid = mysql_escape_string($_POSTї'uid']);
$username = mysql_escape_string($_POSTї'username']);
$password = mysql_escape_string($_POSTї'password']);
$email = mysql_escape_string($_POSTї'email']);
$age = mysql_escape_string($_POSTї'age']);
$gender = mysql_escape_string($_POSTї'gender']);
$insert = "INSERT INTO users(uid, uname, pword, email, age, gender) VALUES('".$uid."', '".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
mysql_query($insert) or die(mysql_error());
?>
Posted: Sat Oct 18, 2003 2:18 pm
by Seifer
Thanks Kriek, this is Random if you still remember me, and UID is an AUTO_INCREMENT field.
I had read this:
http://us4.php.net/manual/en/function.m ... string.php
and I still don't understand what the mysql_escape_string(); does. Could I get a brief explanation on why you put them there?

Posted: Sat Oct 18, 2003 2:22 pm
by Kriek
Been a long time, good to see you man.
Seifer wrote:Don't understand what the mysql_escape_string(); does.
MySQL will literally choke on single quotes, double quotes, and backslashes. Fortunately PHP has thought ahead and has provided us with the
mysql_escape_string() function to escape those hazardous characters altogether. Though I've used the
addslashes() function with just as much success. Keep in mind that if
magic_quotes_gpc is on in php.ini then PHP will automatically escape those characters in all data from GET and POST which will cover form actions. Also see the
set_magic_quotes_runtime() function.
Seifer wrote:UID is an AUTO_INCREMENT field.
Code: Select all
<?php
$username = mysql_escape_string($_POSTї'username']);
$password = mysql_escape_string($_POSTї'password']);
$email = mysql_escape_string($_POSTї'email']);
$age = mysql_escape_string($_POSTї'age']);
$gender = mysql_escape_string($_POSTї'gender']);
$insert = "INSERT INTO users(uname, pword, email, age, gender) VALUES('".$username."', '".$password."', '".$email."', '".$age."', '".$gender."'");
mysql_query($insert) or die(mysql_error());
?>
Posted: Sat Oct 18, 2003 5:33 pm
by McGruff
Posted: Sun Oct 19, 2003 1:26 pm
by Seifer
Thanks McGruff
