Jump to content

SQL Double


Colourtheory
 Share

Recommended Posts

$con = mysql_connect(my sql information is here and works dont worry about that);if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("u486827913_accounts", $con); $sql="INSERT INTO Accounts (Username, Password, Email, Age)VALUES('$_POST[username]','$_POST[password]','$_POST','$_POST[age]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); }echo "1 record added"; mysql_close($con);?> </div></body>

Link to comment
Share on other sites

I'm sending this post request. <form action="insert.php" method="post">Username:<br> <input class="register" type="text" name="username"><br>Lastname:<br> <input class="register" type="text" name="password"><br>Email:<br> <input class="register" type="text" name="email"><br>Age:<br><input class="register" type="text" name="age"<br><input type="submit"></form>

Link to comment
Share on other sites

i think all they were saying was you just needed to add something like this to your script, at the least

if(isset($_POST['submit']){  $con = mysql_connect(my sql information is here and works dont worry about that);  if (!$con)  {  die('Could not connect: ' . mysql_error());  }   mysql_select_db("u486827913_accounts", $con);   $sql="INSERT INTO Accounts (Username, Password, Email, Age)  VALUES	('$_POST[username]','$_POST[password]','$_POST[email]','$_POST[age]')"; 	if (!mysql_query($sql,$con)) {	  die('Error: ' . mysql_error());	}   echo "1 record added";    mysql_close($con);}?></div></body>

basically, you should be as agressive as possible with dealing with user input. First off, just using the $_POST['xxx'] value directly is a terrible idea. So make sure the form was submitted at least, sanitize each $_POST param, and then validate each one make sure it is what kind of input you are expecting. Even if you are using JS validation, consider it a convenience to the user, because they could have it turned off, and you need your PHP script to be able to carry the slack.

Edited by thescientist
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...