Menu
What would be the correct way to write a line of PHP code that inserts data into your MySQL database?
[code=php]
$db = new mysqli('localhost', 'user', 'pwd', 'db_name') or die('DB connection error');
$stmt = $db->prepare('INSERT INTO table (col1, col2, col3) VALUES (?, ?, ?)';
$stmt->bind_param('ssi', $var1, $var2, $var3);
if(!$stmt->execute())
{
error_log($stmt->error);
echo "Insert failed, error logged";
}
else
{
echo $stmt->affected_rows . " rows inserted.";
}
[/code]
[code=php]<?php /* Check to see if the session is set.
If it is empty, or if it is not equal
to true, redirect the user to the homepage.
*/
session_start();
if (empty($_SESSION['wiggles']) || $_SESSION['wiggles'] != true) {
header('Location:http://www.uhrebirth.com/index.php');
}
// something to use to destroy the session
if (array_key_exists('log_out', $_POST) && !empty($_POST['log_out'])) {
sesstion_destroy();
exit;
}
$username = 'myusername';
$password = 'mypassword';
if (array_key_exists('submit', $_POST) && !empty($_POST['submit'])) {
// assign the form elements to variables
$userid = $_POST['userid'];
$username = $_POST['username'];
$userpwd = $_POST['password'];
$useremail = $_POST['useremail'];
// connect to MySQL
$conn = mysql_connect('news.uhrebirth.com', $username, $password);
// select the correct database
$selected_db = 'news_test_1';
$query = "INSERT INTO users WHERE (user_id, user_name, user_pwd, user_email) VALUES ('$userid', '$username', '$userpwd', '$useremail')";
$result = mysql_query($query);
if (!$result) {
die ('Sorry, but there was a problem with your request : ' . mysql_error());
}
mysql_close($conn);
}
?>[/code]
[code=html]<html>
<head>
<title>Test</title>
<LINK href="css/general.css" rel="stylesheet" type="text/css">
</head>
<body>
<div align="center">
<?php if (!$result) { echo 'Sorry, but there was a problem with your request'; } ?>
<form id="news_test" name="news_test" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<label for="username">Username</label>
<input type="text" id="username" name="username" maxlength="30"> <br> <br>
<label for="useremail">Email</label>
<input type="text" id="useremail" name="useremail"> <br> <br>
<label for="userid">User ID</label>
<input type="text" id="userid" name="userid"> <br> <br>
<label for="password">Password</label>
<input type="text" id="password" name="password"> <br> <br>
<input type="submit" id="submit" name="submit" alt="Submit" value="Submit">
<input type="reset" alt="Reset" value="Reset">
</form>
<br> <br>
<form id="logout" name="logout" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="submit" id="log_out" name="log_out" value="Logout">
</body>
</html>
[/code]
[CODE]if (empty($_SESSION['wiggles']) || $_SESSION['wiggles'] != true)[/CODE]
[CODE]if (empty($_SESSION['wiggles']) or !isset($_SESSION['wiggles']) )[/CODE]
[code=php]
$query = "INSERT INTO users (user_id, user_name, user_pwd, user_email) VALUES ('" .
mysql_real_escape_string($_POST['userid']) . "', '" .
mysql_real_escape_string($_POST['username']) . "', '" .
mysql_real_escape_string($_POST['password']) . "', '" .
mysql_real_escape_string($_POST['useremail']) . "')";
[/code]
Well, I just realized that I need to parse the userid form field into an integer, since that's what that field in the database is set to. However, I've never done that in PHP, so could someone help me out?[/quote]
Also, what are all the extra quote after the mysql_real_escape_string for?[/QUOTE]
[code=php]
$query = sprintf(
"INSERT INTO users (user_id, user_name, user_pwd, user_email) VALUES ('%s', %s', '%s', '%s')",
mysql_real_escape_string($_POST['userid']),
mysql_real_escape_string($_POST['username']),
mysql_real_escape_string($_POST['password']),
mysql_real_escape_string($_POST['useremail'])
);
[/code]
[code=php]%c[/code]
[code=php]
$string = sprintf("The string: '%s', the integer: %d, the float: %f", $string, $integer, $float);
[/code]
Each argument supplied to sprintf() after the first one (the pattern string) is correlated to each successive %<char> place-holder. So in the following, $string is applied to %s, $integer to %d, and $float to %f:[/QUOTE]
[code=php]
$var1 = 'Hello';
$var2 = 'World';
echo sprintf("<p>%s, %s!</p>", $var1, $var2);
[/code]
[code=php]
echo sprintf("</p>%s, %s!</p>", $var2, $var1);
[/code]
$query = sprintf(
"INSERT INTO users (user_id, user_name, user_pwd, user_email) VALUES ('%s', %s', '%s', '%s')",
mysql_real_escape_string($_POST['userid']),
mysql_real_escape_string($_POST['username']),
mysql_real_escape_string($_POST['password']),
mysql_real_escape_string($_POST['useremail'])
); [/QUOTE]
0.1.9 — BETA 6.2