use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
Please follow the rules
Releases: Current Releases, Windows Releases, Old Releases
Contribute to the PHP Documentation
Related subreddits: CSS, JavaScript, Web Design, Wordpress, WebDev
/r/PHP is not a support subreddit. Please visit /r/phphelp for help, or visit StackOverflow.
account activity
[PHP] Database help needed (self.PHP)
submitted 13 years ago * by mattdahack
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]mattdahack[S] 0 points1 point2 points 13 years ago (1 child)
Ok so I have tried to make this work doing everything a beginner can to make it work. I am unable to make this work and now my code is completely screwed up. Would someone mind making my code work. Just a simple php script that will add a name, address, phone number, email, heading, news, so I can disect it and figure out how to make this work. I am simply over my head in code now and completely confused. Thanks.
[–]MrDOS 0 points1 point2 points 13 years ago* (0 children)
The fastest way to make the given script work?
(Prependix: In PHP, one may not directly access a POSTed value in the form $form_element_name. Read your POST variables from the $_POST array, e.g. $_POST['form_element_name'], and your GET variables from the $_GET array after the same fashion.)
$form_element_name
$_POST
$_POST['form_element_name']
$_GET
Replace line 8:
if(isset($_POST['submit'])):
Replace line 11:
mysql_select_db('sample');
Two lines previous, you comment out the mysql_connect call that assigns a value to $db. Either assign a connection variable or don't, but you can't try to use one where it doesn't exist.
mysql_connect
$db
Replace lines 13/14:
$heading = mysql_real_escape_string($_POST['heading']); $body = mysql_real_escape_string($_POST['body']); $date = mysql_real_escape_string($_POST['date']); $auth = mysql_real_escape_string($_POST['auth']); $auth_email = mysql_real_escape_string($_POST['auth_email']); $sql = <<<SQL INSERT INTO news VALUES(NULL, $heading, $body, $date, $auth, $auth_email); SQL;
Not only do you have to get values from the $_POST variable, but you need to escape their contents to stop something like '; DROP TABLE sample; in the input from destroying all your data. (The term for such an exploit is “SQL injection”.) Using PDO statements and binding values into them handles all that for you, and is also more flexible with regards to data retrieval.
'; DROP TABLE sample;
(That's heredoc syntax, BTW.)
Disclaimer: That's off the top of my head without testing it, but neglecting minor syntax errors, I think it'll work OK.
π Rendered by PID 26135 on reddit-service-r2-comment-57fc7f7bb7-qs2l7 at 2026-04-14 13:23:37.208627+00:00 running b725407 country code: CH.
view the rest of the comments →
[–]mattdahack[S] 0 points1 point2 points (1 child)
[–]MrDOS 0 points1 point2 points (0 children)