Php post name & age to MySql database

Back to the basics.
I have a simple form to post in my database.
Can anybody suggest how I make a variable to catch the list selection and text field?
Your name: A value is required.
Your age: 22
23
24
25
then below is the action.php file that posts to the page first, and to the db.
It works except I don`t get the input values passed into the db.
I get name & age (no numbers and only the default `name`)
Hi .
You are years old.
Thank you for any help!

I declared the variables in the php file, and it works now thank you.
<?php $name=$_POST['name'];$age=$_POST['age'];?>
<?php mysql_query("INSERT INTO example
(name, age) VALUES('$name', '$age' ) ")
or die(mysql_error()); 
echo "Data Inserted!";?>
I have 2 questions about this;
1.) Is this the proper format or does the var declaration go inside the other php code?
2.) how would I add the function to the above code to stop SQL injection?
Here is what I found, just not sure where to put it:
//NOTE: you must be connected to the database to use this function!
// connect to MySQL
$name_bad = "' OR 1'";
$name_bad = mysql_real_escape_string($name_bad);
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
echo "Escaped Bad Injection: <br />" . $query_bad . "<br />";
$name_evil = "'; DELETE FROM customers WHERE 1 or username = '";
$name_evil = mysql_real_escape_string($name_evil);
$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";
echo "Escaped Evil Injection: <br />" . $query_evil;

Similar Messages

  • Php/mysql: can't write to mysql database [SOLVED]

    I'm writing a login script using php and mysql. I got it to work on my server about a week ago, and then I set up apache, php and mysql on my netbook so that I could take my code with me and test it. Now it doesn't work. My registration script doesn't write to the mysql database but has no errors. Here is register.php:
    <?php
    define("DB_SERVER", "localhost");
    define("DB_USER", "root");
    define("DB_PASS", "swordfish");
    define("DB_NAME", "users");
    define("TBL_USERS", "users");
    $connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
    mysql_select_db(DB_NAME, $connection) or die(mysql_error());
    function addUser($username, $password)
    global $connection;
    $password = md5($password);
    echo("adding $username,$password<br />");
    $q = "INSERT INTO " . TBL_USERS . " VALUES ('$username', '$password')";
    echo("query: $q<br />");
    $result = mysql_query($q, $connection);
    echo("$result<br />");
    if (isset($_POST["reg"]))
    addUser($_POST["username"], $_POST["password"]);
    echo("<a href='index.php'>click here to login</a>");
    ?>
    <html>
    <head>
    <title>Register</title>
    </head>
    <body>
    <form method="Post" name="login">
    <input type="text", name="username" /> Username<br />
    <input type="text", name="password" /> Password<br />
    <input type="submit" name="reg", value="Register" />
    </form>
    </body>
    </html>
    and here is the output (without the form):
    adding lexion,6f1ed002ab5595859014ebf0951522d9
    query: INSERT INTO users VALUES ('lexion', '6f1ed002ab5595859014ebf0951522d9')
    Also, I tried manually adding the content to the database:
    $ mysql -p -u root
    Enter password:
    Welcome to the MySQL monitor. Commands end with ; or \g.
    Your MySQL connection id is 9
    Server version 5.1.42 Source distribution
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    mysql> users
    -> INSERT INTO users VALUES('lexion', 'foo')
    -> ^D
    -> Bye
    I would assume that I got something wrong with the last bit, but the php script seems like it should work. Does anybody know why it doesn't?
    Last edited by Lexion (2010-01-10 19:04:15)

    What is wrong with your PHP? Why do you think it is failing? An INSERT query doesn't return anything. Also, it's a good idea to specify which fields you are inserting into, unless you want to have to provide something for every field (tedious for tables with many fields with default values). eg:
    $q = "INSERT INTO `" . TBL_USERS . "`(`username`, `password`) VALUES ('$username', '$password')";
    As for your experiment with the mysql prompt; queries have to end with a semicolon. PHP is nice and hides that little detail from you.
    edit: Also, you're echoing text out before the HTML starts. That won't produce valid HTML. I also noticed a few other things which I corrected; look at my comments:
    <?php
    define("DB_SERVER", "localhost");
    define("DB_USER", "root");
    define("DB_PASS", "swordfish");
    define("DB_NAME", "users");
    define("TBL_USERS", "users");
    $connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
    mysql_select_db(DB_NAME, $connection) or die(mysql_error());
    function addUser($username, $password)
    global $connection;
    $password = md5($password);
    // echo("adding $username,$password<br />"); - Don't echo stuff before HTML starts.
    // Also, clean up user-supplied data before plugging it into a query unless you want to be vulnerable to SQL injection.
    $cleanusername = mysql_real_escape_string($username, $connection);
    $cleanpassword = mysql_real_escape_string($password, $connection); // Obviously you'd generally use some hashing algorithm like md5 or sha1 for passwords
    $q = "INSERT INTO `" . TBL_USERS . "`(`username`, `password`) VALUES ('{$cleanusername}', '{$cleanpassword}')"; // The backticks tell MySQL not to interpret any text within as a keyword (good for field names, eg a field called `date`. The curly brackets tell PHP that the stuff within refers to a variable; it's nice as PHP knows exactly what the variable name is with no possible ambiguity.
    // echo("query: $q<br />");
    $result = mysql_query($q, $connection);
    // echo("$result<br />"); - This won't do anything; in addition to INSERT queries not returning anything, the $result variable doesn't contain the results of the query, it's a pointer to them for use with mysql_result().
    ?>
    <html>
    <head>
    <title>Register</title>
    </head>
    <body>
    <?php
    if (isset($_POST["reg"]))
    addUser($_POST["username"], $_POST["password"]);
    echo("<a href='index.php'>click here to login</a>");
    ?>
    <form method="Post" name="login">
    <input type="text" name="username" /> Username<br />
    <input type="text" name="password" /> Password<br />
    <input type="submit" name="reg" value="Register" />
    </form>
    </body>
    </html>
    <?php
    mysql_close($connection); // Not strictly needed, as PHP will tidy up for you if you forget.
    ?>
    Last edited by Barrucadu (2010-01-10 17:34:20)

  • Populate Livecycle PDF from mySQL database using PHP

    I'm trying to set up a database of loan agreements, where users will submit a form through Acrobat and their information will be stored in a mySQL database. Later, they can go back and download the PDF, which will be repopulated with their data in the mySQL db.
    I made the form in Livecycle Designer and submit the information through HTTP POST. I can easily get the information from the form into the database...my only problem is getting that information back out into the PDF.
    What would allow me to write back to the PDF, preferably using PHP? What kind of syntax would that require?
    Thanks!

    I have a vital form that clients fill out, which is passed to many people in the company along the workflow. The form is a Planner and we have in the following PDF, Word Doc..
    Well before, the Planner.pdf was originally created in Word, since most people have access to Word.. but evolved to a PDF form created from the Word Doc via Adobe LiveCycle Designer 8.0 w/ User Rights enabled so that the form could be filled out and saved using Adobe Reader.. which was a step better than Word.. being that it is free. But this needed to be easier and more to the point b/c some clients don't particularly like installing the latest version of Reader, even if you provide them the link. Nor do they like saving the form, filling the form, and attaching the form to send back.
    My goal is to have the client fill an HTML version of the form, submit and be done with it, but everyone in the workflow be able to easily receive the filled Planner as a PDF form.
    So some months ago I ran into this post Chris Trip, "Populate Livecycle PDF from mySQL database using PHP" #8, 22 Sep 2007 4:37 pm
    which uses the command line Win32 pdftk.exe to merge an FDF file into an existing PDF on the remote server, and serve this to whoever.
    My problem was with shared hosting and having the ability to use the Win32 pdftk.exe along with PHP which is predominantly used on Linux boxes. And we used a Linux box.
    so i created the following unorthodox method, which a client fills the HTML version of the Planner, all field values are INSERTED into a table in MySQL DB, I and all filled planners that have been filled by clients to date can be viewed from a repository page where an XML file is served up of the corresponding client, but someone would have to have Acrobat Professional, to import the form data from the XML file into a blank form.. altoughh this is simple for me.. I have the PHP file already created so that when a Planner is filled and client submits. >> the an email is sent to me with a table row from the repository of the client name, #, email, and a link to d-load the XML file,
    But I also have the PHP files created so that the Planner can be sent to by email to various people in the workflow with certain fileds ommitted they they do not need to see, but instead of the XML file beiong served up i need the filled PDF Planner to be served.
    I can do this locally with ease on a testing server, but I am currently trying to use another host that uses cross-platform compatibility so i can use PHP and the pdftk.exe to achieve this, as that is why I am having to serve up an XML file b/c we use a Linux server for our website, and cant execute the exe.
    Now that I am testing the other server (cross-platform host), just to use them to do the PDF handling (and it's only $5 per month) I am having problems with getting READ, WRITE, EXECUTE permissions..
    Si guess a good question to ask is can PHP do the same procedure as the pdftk.exe, and i can eleminate it.
    or how in the heck can i get this data from the DB into a blank PDF form, like i have described??
    here are some link to reference
    Populating a LiveCycle PDF with PHP and MySQL
    http://www.andrewheiss.com/Tutorials?page=LiveCycle_PDFs_and_MySQL
    HTML form that passed data into a PDF
    http://www.mactech.com/articles/mactech/Vol.20/20.11/FillOnlinePDFFormsUsingHTML/index.htm l
    and an example
    http://accesspdf.com/html_pdf_form/

  • Access MySQL Database on Server with PHP Services

    Hi there
    There are lots of tutorials on how to connect to a MySQL database on your local machine but I'd like to access a database on my server.
    When creating a new Flex Project the wizard asks me to define a Web root and a Root URL. I used '/home/ecoflexer/public_html' as Web root and 'http://ecoflexer.com' as Root URL. However, the Web root coudn't be validated. So I've chosen the local folder 'C:\ecoflexer' as Web root. Though it was possibly wrong Flash Builder generated a debug folder at the defined location. After that I went to "Connect to Data/Service" and selected "PHP Service". I tried to generate a sample using the same credentials I use for a standard PHP login script ("Server Port" was left empty). After clicking on "Connect to Database" Zend was installed and returned an error. 'gateway.php' couldn't be found on 'http://ecoflexer.com/testProject-debug/gateway.php'.
    So I went into my local Web root and copied the 'testProject-debug' folder to my server to the destination the previous error mentioned. Then another error occured concerning a Zend file. So I went back and copied the whole 'ZendFramework' folder as well to my server. It connects now successfully to my database. I can chose a table but soon after that the introspection of the service fails. I modified the 'amf_config.ini' by adding 'webroot =/home/ecoflexer/public_html' and 'zend_path =/home/ecoflexer/public_html/ZendFramework/library' but it's still not working. Anithing I've done wrong or forgot to do?
    Cheers!
    ecoFLEXER

    iam doing client server application,the database is on the server,and iam doing the log in part,so i need to access the database to match the entered user name and password?so i should implement the accessing database part on the server side with the above code,right?i didn't test that i will test it now,but i thought that it's a different way

  • MySql database and php code on different servers

    I created a table on a MySql database on server A. Now I'm
    trying to create
    a page to display the contents of the table. I know that the
    html code ( and
    php) is on a different server (server B). I managed to create
    a database
    connection however when I try this connection I cannot see
    the table I
    created. When I click on the Connection name I get the Stored
    Procedures,
    Tables and View list. I click on the Tables and although I
    get a connection
    to the server A, no table is displayed.
    Am I trying to do something silly here?
    any help will be appreciated.
    Twanny

    > Am I trying to do something silly here?
    I do it this way all the time. My testing server is local to
    my development
    LAN, but the MySQL server and database is remote (on the
    remote site). To
    make this work, you would have to make sure that the remote
    server permits
    an external connection. If it does, you should be golden.
    Murray --- ICQ 71997575
    Adobe Community Expert
    (If you *MUST* email me, don't LAUGH when you do so!)
    ==================
    http://www.projectseven.com/go
    - DW FAQs, Tutorials & Resources
    http://www.dwfaq.com - DW FAQs,
    Tutorials & Resources
    ==================
    "Twanny" <[email protected]> wrote in message
    news:gabbu1$ngv$[email protected]..
    >I created a table on a MySql database on server A. Now
    I'm trying to create
    >a page to display the contents of the table. I know that
    the html code (
    >and php) is on a different server (server B). I managed
    to create a
    >database connection however when I try this connection I
    cannot see the
    >table I created. When I click on the Connection name I
    get the Stored
    >Procedures, Tables and View list. I click on the Tables
    and although I get
    >a connection to the server A, no table is displayed.
    >
    > Am I trying to do something silly here?
    >
    > any help will be appreciated.
    >
    >
    >
    >
    > --
    > Twanny
    >

  • Send form data via email after posting to MySQL database

    I have created a form in DreamweaverMX 2004 and then tied it to mySQL database so that on submit the data posts to the database.
    This works fine. It also goes to a "success" page just fine. I then added in some php code to also email a few of the fields from the form to a specific email address. This functions correctly using this code below (the email does go - the "from" email address has my login for MySQL database) EXCEPT that the data from the fields does not come through. The field labels are there as indicated below and the email is formatted correctly, but the data doesn't come through.
    mail( $to = "[email protected]", $subject = "Someone has submitted an application",
    $content= "Essay 1: ".$Essay1."\r\n"
    ."Essay 2: ".$Essay2."\r\n"
    ."Essay 3: ".$Essay3."\r\n"
    ."Essay 4: ".$Essay4."\r\n"
    ."Essay 5: ".$Essay5."\r\n");
    What am I doing wrong?
    That's problem #1 - then problem #2 is that I actually also need to send the ID code in this email for the specific record which has been created in my database so the end recipient can associate the email with that specific ID later for other purposes. So even if I figure out problem #1, I'm not sure that I can use this code for problem #2 because the field isn't on the html form, but actually created by the database upon submission.
    Any suggestions would be helpful!
    Thanks

    Moved to the Dreamweaver Application Development forum, which deals with PHP and other server-side issues.

  • CS3 mysql database connection using php

    Hi, this is my first time trying to connect to a database.  I have created a mysql database with my hosting provider.  I am also configured to use php. I have ready numerous threads on this topic, but am still confused.
    I am getting the following error message:
    When I enter the following information into the connection string, I get the following error Error http error code 404 file not found. The site does not map to ftp.readyhosting.com/_mmserverscripts/mmhttdb.php Is the location of mysql server correct? Connection name ? user defined ?aosprod?
    Mysql server = aoswebeditor.readyhostingmysql.com.  Also, this is not the same location as the web server. 
    The hosting company provides the following php code to connect to the database. 
    <?php
    $link = mysql_connect('aoswebeditor.readyhostingmysql.com', 'aosweb', '*password*');
    if (!$link) {
        die('Could not connect: ' . mysql_error());
    echo 'Connected successfully';
    mysql_select_db(aos);
    ?>
    Because of the connection dialog boxes in CS3, I have not used this php code but only used the mysql server aoswebeditor.readyhostingmysql.com.
    My requirements are very simple, I want to use the same remote database for the dreamweaver connection for the remote and testing server.
    Any ideas would be appreciated.
    Thanks. George

    First of all, you seem to be mixed up about terminology. ASP stands for Active Server Pages, and is a type of server technology similar to PHP. I think you mean ISP (Internet Service Provider). However, this is not correct, either. An ISP provides your connection to the internet. Although some ISPs also host websites for their customers, your website is normally located at a hosting company. You need to get that mixup out of the way. Otherwise, you might confuse people with future questions about ASP, when you actually mean something completely different.
    OK, lecture over...
    Your hosting company is following standard procedure by preventing remote access to MySQL databases. However, Dreamweaver does make it possible to use your remote database and website for testing purposes. It does so by uploading a hidden folder called _mmServerScripts to your remote server. This performs a local connection with your database, and then sends the results back to your local computer. When setting up your testing server definition in Dreamweaver, you need to provide the details as I indicated before. When creating a MySQL connection in Dreamweaver, fill in the server name and account details as given to you by your hosting company. If everything is set up correctly, you should be able to use your remote server and database for testing.
    Having said that, it is much better to install a local testing environment. You'll find it faster, and it also lets you make mistakes (an essential part of the learning process) in the security of a closed environment. For details of how to set up a local testing environment, see this article in the Adobe Developer Connection.

  • How to get the data from mysql database which is being accessed by a PHP application and process the data locally in adobe air application and finally commit the changes back in to mysql database through the PHP application.

    How to get the data from mysql database which is being accessed by a PHP application and process the data locally in adobe air application and finally commit the changes back in to mysql database through the PHP application.

    If the data is on a remote server (for example, PHP running on a web server, talking to a MySQL server) then you do this in an AIR application the same way you would do it with any Flex application (or ajax application, if you're building your AIR app in HTML/JS).
    That's a broad answer, but in fact there are lots of ways to communicate between Flex and PHP. The most common and best in most cases is to use AMFPHP (http://amfphp.org/) or the new ZEND AMF support in the Zend Framework.
    This page is a good starting point for learning about Flex and PHP communication:
    http://www.adobe.com/devnet/flex/flex_php.html
    Also, in Flash Builder 4 they've added a lot of remote-data-connection functionality, including a lot that's designed for PHP. Take a look at the Flash Builder 4 public beta for more on that: http://labs.adobe.com/technologies/flashbuilder4/

  • Submitting Pdf form fields to a MySQL database via PhP

    Hi there,
    I have recently created a Pdf in Adobe LiveCycle which looks great, and I have added a submit button which is set up to send all the form data in HTML to a PhP file on the server side. The PhP file then collects the form data and inserts it into my MySQL database.
    When I run this form from Adobe reader or Professional it works great and the new record is inserted in the database. However I am trying to embed the form into a HTML page, which again looks fine, and all other buttons i.e. Save As, Print work fine.
    The submit button however is not working properly now. It inserts a new record into my database, but the fields are blank as if the form data has not been sent or received?
    Can you possibly advise me where i'm going wrong.
    Much appreciated
    Cane

    Hi Cane,
    I'm relatively new to creating Adobe Forms but I'm looking to do exactly what you have set up, submitting the results to php which sends the results to a database. I don't like the responses being sent to a pdf response file then every so often you have to export to csv then import the results into a database....too tedious. Can you perhaps provide the code that goes behind the submit button and maybe the code that you use on the php/server side? Again, relatively new to this and don't know where to begin but if I can look at the code behind this it would make things a lot easier.
    Thanks,
    Ed

  • Php/MySQL database insert record issue...

    I have a php page that adds an "order" to a mysql database table (orders). One text field in the form is for tires/wheels. The description of the wheels often includes the " symbol for inches after a number....Everything submits fine, however when I look at the page that displays the orders all the data after the " symbol including the " symbol is gone... DOes anyone have any idea why this may be happening? It is requiring us to return and edit that area repeatedly. Any help is appreciated greatly. Thanks for your time.

    Ok, so just to summarize so I am understanding this correctly.  You have an ordering page for tires/wheels.  A customer places an order for tires/wheels and the data is submitted successfully and this includes a symbol for measurement (in.).  But on another summary page the symbol is returning a blank value.
    If this is correct we need to see:
    - First, the code that is inserting the symbol to the database table in question
    - Second, the query and code where you are printing the data to the screen.

  • PHP MySQL database

    How to send a number count to the PHP MySQL database everytime a details page is opened from the results page?

    Assuming your DB table named 'stats' has fields for article_id, hits and the article id is passed to the detail page through the URL parameter article_id then your query would look like this:
    mysql_select_db($database_XXXXXX, $XXXXXX);
    if (isset($_GET['article_id'])) {
    $article_id = $_GET['article_id'];
    $query_hits = sprintf("UPDATE stats
    SET hits = hits+1
    WHERE article_id = %s", GetSQLValueString($article_id, "int"));
    $hits = mysql_query($query_hits, $XXXXXX) or die(mysql_error());

  • PHP Connection to a MySQL database "An unidentified err has occurred"

    This is driving me up the wall.... With my hosting provider
    at work I cannot make a connection to a MySQL database with
    dreamweaver using the new connection in the databases tab. "an
    unidentified error has occurred"
    I am certain that I am entering the info correctly and have
    the correct permissions to access the database, I think it has to
    do with the _mmServerScripts folder and the testing server.
    With the hosting provider that I use for personal websites I
    make connections all day long doing the exact same thing that I am
    doing here at work and I'm stumped. I even read a lenghty article
    on this forum with possible solutions... none of them worked.
    Is there any way around the _mmServerScripts directory and
    testing server to make a connection and then use the bindings and
    server behaviors tabs to creat recordsets, etc??
    Thanks in advance for any help!
    George

    o0knightro wrote:
    > Is there any way around the _mmServerScripts directory
    and testing server to
    > make a connection and then use the bindings and server
    behaviors tabs to creat
    > recordsets, etc??
    Not if you want to use Dreamweaver server behaviors, no. The
    usual
    meaning of "an unidentified error has occurred" is failure to
    connect
    because communication is blocked by a firewall.
    David Powers, Adobe Community Expert
    Author, "The Essential Guide to Dreamweaver CS3" (friends of
    ED)
    Author, "PHP Solutions" (friends of ED)
    http://foundationphp.com/

  • What's the default mysql database name in Crystal Report Server XIR2

    Hi Experts,
    I am upgrading Crystal Report Server from XIR2 to XI3.1.
    I need to know the default mysql database name when upgrading.
    Anyone knows?

    Hi,
    In XI3.1, when BOE installed with default mySQL DB then the installer creates a DataSource with name "Business Objects CMS".
    And the DB name will be "BOE120".
    I guess in XIR2 DB name will be ''BOE115".
    Also, if you launch the CMC admin page then in the settings link the DB info will be displayed.
    -Noor.
    Edited by: Nooreazam Sayyad Abdullas Peerzade on Dec 15, 2010 1:54 PM

  • Connect mysql database php

    I HAVE HOST ON YAHOO AND THIS SCRIPT DOSN'T WORK WITH YAHOO
    can u help me ....
    <?php
    # FileName="Connection_php_mysql.htm"
    # Type="MYSQL"
    # HTTP="true"
    $hostname_midcommerce = "localhost";
    $database_midcommerce = "DATABASE";
    $username_midcommerce = "USER";
    $password_midcommerce = "PASSWORD";
    $midcommerce = mysql_pconnect($hostname_DATABASE,
    $username_DATABASE, $password_DATABASE) or
    trigger_error(mysql_error(),E_USER_ERROR);
    ?>

    > # FileName="Connection_php_mysql.htm"
    Is that the correct filename? Shouldn't it be a php file?
    Murray --- ICQ 71997575
    Adobe Community Expert
    (If you *MUST* email me, don't LAUGH when you do so!)
    ==================
    http://www.dreamweavermx-templates.com
    - Template Triage!
    http://www.projectseven.com/go
    - DW FAQs, Tutorials & Resources
    http://www.dwfaq.com - DW FAQs,
    Tutorials & Resources
    http://www.macromedia.com/support/search/
    - Macromedia (MM) Technotes
    ==================
    "amooor" <[email protected]> wrote in message
    news:et677e$seq$[email protected]..
    > I HAVE HOST ON YAHOO AND THIS SCRIPT DOSN'T WORK WITH
    YAHOO can u help me
    > ....
    >
    > <?php
    > # FileName="Connection_php_mysql.htm"
    > # Type="MYSQL"
    > # HTTP="true"
    >
    > $hostname_midcommerce = "localhost";
    > $database_midcommerce = "DATABASE";
    > $username_midcommerce = "USER";
    > $password_midcommerce = "PASSWORD";
    > $midcommerce = mysql_pconnect($hostname_DATABASE,
    $username_DATABASE,
    > $password_DATABASE) or
    trigger_error(mysql_error(),E_USER_ERROR);
    > ?>
    >

  • Need to re-download PHP Event Calendar with MySQL Database

    How do I re-download PHP Event Calendar with MySQL Database purchased earlier.  I need link without having to repurchase.

    This has nothing to do with Adobe or Dreamweaver.  Contact the company from whom you purchased your extension or widget.
    Nancy O.

Maybe you are looking for