/    Sign up×
Community /Pin to ProfileBookmark

Proper way to insert user input to mysql table

Copy linkTweet thisAlerts:
Sep 21.2011

Hi. I’m hoping that someone can tell me once and for all how to properly take user input from a textarea or input field, and put it in a mysql table. Then read from the table and display the inputted text exactly how it was entered.

I’d preferably like to do the php stuff via an ajax call that is initialized onclick on some button.

What I’m looking for is the javascript to read from the input and prepare the text for passing to an ajax call to the php file (I don’t need all the ajax stuff, just what to do with the string before passing it).
Then what to do in php before writing it to the table.

Then what do I do with the string I get from mysql_fetch_array before I insert it, say, between <p></p> tags so that it displays exactly how the user entered it.

I looked all over the web and there’s a whole bunch of different ways of doing it. Just applying php’s htmlentities() almost works, but single and double quotes keep screwing it up.

Thanks,

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@fideltfgSep 21.2011 — not sure how your ajax functions work, but this is how I do it ( real quick example)

on the form put something like this
[CODE]<a href='#' onclick="ajax('ajax/posts.ajax.php', getFormValues(formName) + 'otherRequestVar=xyz', 'destiunationDivID');">do ajax post</a>[/CODE]

and the getFormValues function
[CODE]
function getFormValues(formName) {
formdata = document.getElementById(formName);
numElements = document.getElementById(formName).elements.length;
requestString = "";
for (i = 0; i < numElements; i++) {
formElem = document.getElementById(formName).elements[i];
switch (formElem.type) {
case 'text':
case 'hidden':
case 'password':
case 'textarea':
requestString += formElem.name + "=" + escape(formElem.value) + '&';
break;
case 'checkbox':
case 'radio':
if (formElem.checked === true) {
requestString += formElem.name + "=" + formElem.value + '&';
}
break;
case 'select-one':
requestString += formElem.name + "="
+ escape(formElem.options[formElem.selectedIndex].value)
+ '&';
break;
default:
requestString += formElem.name + "=" + escape(formElem.value) + '&';
}
}
return requestString.substr(0, (requestString.length - 3));
}

[/CODE]


this will load up the request string ( get or post how ever your ajax script works) and post it to post.ajax.php script.

in post.ajax.php you can process it just like a regular html form submission ie [CODE]

foreach($_REQUEST as $id => $value){
$q1 .="$id, ";
$q2 .="'$value', ";
}
$query = " INSERT INTO tableName ($q1) VALUES ($q2)";
[/CODE]

than send the query to the DB

As for getting it out again, do you select query, call the fetch array command inside a while loop, and put each fetched row in to an array, then step through the array and display each row in turn like this
[CODE]
<?php
$resultArray = array();
while ($row = $sqlObj->fetchArray()){
$resultArray[] = $row;
}
?>
<table>
<?php
foreach ($resultArray as $key => $result){
?><tr><td>value for <?=$key?> is </td><td><?=$result?></td><tr>
<?php } ?>
</table>
[/CODE]

that's a really quick psudo example of how I get it done, there are as many ways to do this as there are programmers, but this the one that works best for me in most cases. I hope that helps
Copy linkTweet thisAlerts:
@PacopagauthorSep 21.2011 — Cool. Thanks. I'll give that a try. It seems that the key ingredient is the escape() function in javascript.

When would I use php's mysql_real_escape_string()?
Copy linkTweet thisAlerts:
@fideltfgSep 22.2011 — Cool. Thanks. I'll give that a try. It seems that the key ingredient is the escape() function in javascript.

When would I use php's mysql_real_escape_string()?[/QUOTE]

you use it when adding a string to a query to clean up the string and stop errors or hacks in the query
×

Success!

Help @Pacopag spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.16,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...