PHP Mysql submit form -
i trying submit data html form using php sql database. completed part 5 doesn't appear actual data in of table rows apart auto increment userid. code protected sql injection? best way input datestamp sql database? example clientsince field.
here clientsubmit.php
<?php // create connection echo "made it! part 1"; $con=mysqli_connect("xxx","xxx","xxx","xxx"); echo "made it! part 2"; // check connection if (mysqli_connect_errno()) { echo "failed connect mysql: " . mysqli_connect_error(); } $txtnam = mysql_real_escape_string($_post["name"]); $txtemail = mysql_real_escape_string($_post["email"]); $txtslots = mysql_real_escape_string($_post["slotcount"]); $txtsecurity = mysql_real_escape_string($_post["passcode"]); echo "made it! part 3"; $sql = "insert accounts (name, email, slotcount, securitycode) values('$txtnam','$txtemail','$txtslots','$txtsecurity')"; echo "made it! part 4"; if (!mysqli_query($con,$sql)) { die('error: ' . mysqli_error($con)); } echo "made it! part 5"; mysqli_close($con); ?>
and here form:
<form name="form" class="form" action="clientsubmit.php" method="post"> <input type="text" name="sum2" readonly hidden="true" onchange="updatesum()" value="1.5"/><br> ingame name: <input type="text" name="name" class="txtbox" /><br><br> email address: <input type="text" name="email" class="txtbox" /><br><br> passcode: <input type="text" name="passcode" class="txtbox2" /><br><br> slot count: <input type="text" name="slotcount" onchange="updatesum()" class="txtbox2" value="10"/><br><br> per month: <input name="sum" readonly class="txtboxtotal" style="border: 0px;" value="15"> million<br><br> <input type="submit"> </form>
added these:
echo "made here! 3 "; echo " "; echo $txtnam; echo " "; echo $txtemail; echo " "; echo $txtslots; echo " "; echo $txtsecurity; echo " ";
and appears variables not holding data before submitted database.
got working of guys, here finished code:
<?php // create connection $con=mysqli_connect("xxxx","xxxx","xxxx","xxxx"); // check connection if (mysqli_connect_errno()) { echo "failed connect mysql: " . mysqli_connect_error(); die(); } $txtnam = mysqli_real_escape_string($con, $_post["name"]); $txtemail = mysqli_real_escape_string($con, $_post["email"]); $txtslots = mysqli_real_escape_string($con, $_post["slotcount"]); $txtsecurity = mysqli_real_escape_string($con, $_post["passcode"]); $sql = "insert accounts (name, email, slotcount, securitycode) values('$txtnam','$txtemail','$txtslots','$txtsecurity')"; if (!mysqli_query($con,$sql)) { die('error: ' . mysqli_error($con)); } mysqli_close($con); ?>
the issue using mysql_real_escape_string()
, using mysqli_*()
change mysql_real_escape_string()
mysqli_real_escape_string()
$txtnam = mysqli_real_escape_string($con, $_post["name"]); $txtemail = mysqli_real_escape_string($con,$_post["email"]); $txtslots = mysqli_real_escape_string($con,$_post["slotcount"]); $txtsecurity = mysqli_real_escape_string($con,$_post["passcode"]);
Comments
Post a Comment