PHP Mysql submit form -


i trying submit data html form using php sql database. completed part 5 doesn't appear actual data in of table rows apart auto increment userid. code protected sql injection? best way input datestamp sql database? example clientsince field.

here clientsubmit.php

<?php // create connection echo "made it! part 1"; $con=mysqli_connect("xxx","xxx","xxx","xxx"); echo "made it! part 2"; // check connection if (mysqli_connect_errno())   {   echo "failed connect mysql: " . mysqli_connect_error();   } $txtnam = mysql_real_escape_string($_post["name"]); $txtemail = mysql_real_escape_string($_post["email"]); $txtslots = mysql_real_escape_string($_post["slotcount"]); $txtsecurity = mysql_real_escape_string($_post["passcode"]); echo "made it! part 3"; $sql = "insert accounts (name, email, slotcount, securitycode)     values('$txtnam','$txtemail','$txtslots','$txtsecurity')"; echo "made it! part 4"; if (!mysqli_query($con,$sql))   {   die('error: ' . mysqli_error($con));   }   echo "made it! part 5";  mysqli_close($con); ?> 

and here form:

<form name="form" class="form" action="clientsubmit.php" method="post"> <input type="text" name="sum2" readonly hidden="true" onchange="updatesum()"     value="1.5"/><br> ingame name: <input type="text" name="name" class="txtbox" /><br><br> email address: <input type="text" name="email" class="txtbox" /><br><br> passcode: <input type="text" name="passcode" class="txtbox2" /><br><br> slot count:  <input type="text" name="slotcount" onchange="updatesum()" class="txtbox2"     value="10"/><br><br> per month:  <input name="sum" readonly class="txtboxtotal" style="border: 0px;"     value="15"> million<br><br> <input type="submit"> </form> 

added these:

echo "made here! 3 "; echo "   "; echo $txtnam; echo "   "; echo $txtemail; echo "   "; echo $txtslots; echo "   "; echo $txtsecurity; echo "   "; 

and appears variables not holding data before submitted database.

got working of guys, here finished code:

<?php // create connection $con=mysqli_connect("xxxx","xxxx","xxxx","xxxx"); // check connection if (mysqli_connect_errno())   {   echo "failed connect mysql: " . mysqli_connect_error();   die();   } $txtnam = mysqli_real_escape_string($con, $_post["name"]); $txtemail = mysqli_real_escape_string($con, $_post["email"]); $txtslots = mysqli_real_escape_string($con, $_post["slotcount"]); $txtsecurity = mysqli_real_escape_string($con, $_post["passcode"]); $sql = "insert accounts (name, email, slotcount, securitycode)     values('$txtnam','$txtemail','$txtslots','$txtsecurity')"; if (!mysqli_query($con,$sql))   {   die('error: ' . mysqli_error($con));   }  mysqli_close($con); ?> 

the issue using mysql_real_escape_string() , using mysqli_*()

change mysql_real_escape_string() mysqli_real_escape_string()

$txtnam = mysqli_real_escape_string($con, $_post["name"]); $txtemail =  mysqli_real_escape_string($con,$_post["email"]); $txtslots = mysqli_real_escape_string($con,$_post["slotcount"]); $txtsecurity = mysqli_real_escape_string($con,$_post["passcode"]); 

Comments

Popular posts from this blog

Android layout hidden on keyboard show -

google app engine - 403 Forbidden POST - Flask WTForms -

c - Why would PK11_GenerateRandom() return an error -8023? -