Tycoon Talk
Become a Big fish!
The number 1 forum for online business!
Post topics, ask questions, share your knowledge.
Tycoon Talk is part of Freelancer.com - find skilled workers online at a fraction of the cost.

Coding Forum


You are currently viewing our Coding Forum as a guest. Please register to participate.
Login


Tycoon Talk > Web Development and Programming Support > Coding Forum > Using Safe-Mode Form Variables in mySQL Query

Reply
Using Safe-Mode Form Variables in mySQL Query
Old 07-27-2003, 07:23 AM Using Safe-Mode Form Variables in mySQL Query
Friend_Al_23's Avatar
Novice Talker

Posts: 9
Location: Philippines
Trades: 0
I am in a safe mode, I think. Anyway, in order to receive form variables through post method, I have to use $_POST['variable_name'] in order to read that variable. But how do you do it when you want to include it in query? The code is written below:

PHP Code:
$result mysql_query("INSERT INTO mytable ('column1', 'column2') VALUES ($_POST['variable1'], $_POST['variable2']") or die ("Query Error: ".mysql_error()); 
The code above gives me an mySQL error stating that I should read the manual for the proper format. Isn't the above query in proper format already?
__________________
The
Please login or register to view this content. Registration is FREE
Community
Friend_Al_23 is offline
Reply With Quote
View Public Profile Visit Friend_Al_23's homepage!
 
 
Register now for full access!
Old 07-27-2003, 12:15 PM
david's Avatar
King Spam Talker

Posts: 1,314
Location: Glasgow, UK
Trades: 0
Talkupation: david is on a distinguished road
How about:
PHP Code:
$result mysql_query("INSERT INTO mytable ('column1', 'column2') VALUES (".$_POST['variable1'].", ".$_POST['variable2']) or die ("Query Error: ".mysql_error()); 
__________________

Please login or register to view this content. Registration is FREE
- Everything a webmaster needs - for free

Please login or register to view this content. Registration is FREE
- Free web hosts reviewed and rated

Please login or register to view this content. Registration is FREE
- Impartial hosting directory - Add your host today for FREE
david is offline
Reply With Quote
View Public Profile
 
Old 07-27-2003, 12:29 PM
Experienced Talker

Posts: 33
Location: Portsmouth, UK
Trades: 0
Talkupation: neOnbubble is on a distinguished road
I don't think I need mention how unbelievably unsafe that code is regardless of how safe you think you are and how you really should do some preprocessing on the posted variables before throwing them at a sql query but I think the original problem was partly because you didn't close the parentheses after the second $_POST and before the double quotes:

PHP Code:
$result mysql_query("INSERT INTO mytable ('column1', 'column2') VALUES ($_POST['variable1'], $_POST['variable2']     )    ") or die ("Query Error: ".mysql_error()); 
neOnbubble is offline
Reply With Quote
View Public Profile Visit neOnbubble's homepage!
 
Reply     « Reply to Using Safe-Mode Form Variables in mySQL Query
 
Previous Thread | Next Thread Tycoon Talk > Web Development and Programming Support > Coding Forum > Using Safe-Mode Form Variables in mySQL Query

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML



Page generated in 0.57774 seconds with 12 queries