On Aug 27, 2008, at 12:24 PM, Evert Lammerts wrote:

Your index.php looks very strange:


<form method="post" action="purlprocess.php">


I'm guessing you're echoing this? I never echo from my scripts so I
don't know if this is new functionality, but in my days you echoed
either by <?="...";?> or by <? echo "..."; ?>.

It is a index.php page using the HEREDOC syntax... so basically:
echo <<<HTML <P>any HTML code goes here

pretty nifty I feel.

Anyway, since you're using the $_POST variable, did you check if it
contains any values? You can do this with var_dump($_POST); Let us
know what the results are.

Another tip:

$FName= $_POST['txtFName'];

is terrible practice - if anybody writes an SQL command into one of
your textfields it WILL be executed; this is called SQL injection. A
less terrible scenario, but still one that messes up your page, is if
somebody uses quotes. So always use mysql_real_escape_string() on your
post variables before using them in a query.

mysql_real_escape_string() won't help with my mysqlI connection though :)

I will be wrapping the whole thing in a prepared statement before going to production with this. At this point this is simply a proof of concept for the boss.

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
11287 James St
Holland, MI 49424

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to