php sql syntax

Discussion in 'PHP' started by davenet, Jun 26, 2007.

0
  1. #1
    What's the Php database SQL syntax for INSERT specific option button and specific selected combo box?

    For example:

    mysql_query("INSERT INTO person (FirstName, LastName, Age)
    VALUES ('Peter', 'Griffin', '35')");

    what if Age is option buttons? instead of '35' what should I typed?
     
    davenet, Jun 26, 2007 IP
  2. Datawalke

    Datawalke Peon

    Messages:
    9
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Well, that would be the variable name of the combo box.

    $firstName = $_POST['firstName'];
    $lastName = $_POST['lastName'];
    $age = $_POST['ageDropdown'];

    //Note you SHOULD always run your variables through filters to make sure no illegal data is injected into the database.

    mysql_query("INSERT INTO `person` (FirstName, LastName, Age) VALUES ('$firstName', '$lastName', '$age')");

    -Jim
     
    Datawalke, Jun 26, 2007 IP
  3. ansi

    ansi Well-Known Member

    Messages:
    1,483
    Likes Received:
    65
    Best Answers:
    0
    Trophy Points:
    100
    #3
    you should always check user input. especially before inserting the data into a central database. user's cannot be trusted.

    
<?php
	$f = $_POST['first'];			// input with name == to "first"
	$l = $_POST['last'];			// input with name == to "last"
	$a = $_POST['age_dropdown'];	// select with name == to "age_dropdown"

	if ( isset($f) && isset($l) && isset($a) )
	{
		$sql = "INSERT INTO `person` (FirstName, LastName, Age) VALUES ('".mysql_real_escape_string($f)."', '".mysql_real_escape_string($l)."', '".mysql_real_escape_string($a)."')";
		mysql_query($sql) or die( mysql_error() );
	}
?>
    PHP:
     
    ansi, Jun 26, 2007 IP