On Aug 27, 2008, at 12:24 PM, Evert Lammerts wrote:
Your index.php looks very strange:
<form method="post" action="purlprocess.php">
I'm guessing you're echoing this? I never echo from my scripts so I
don't know if this is new functionality, but in my days you echoed
either by <?="...";?> or by <? echo "..."; ?>.
It is a index.php page using the HEREDOC syntax... so basically:
echo <<<HTML <P>any HTML code goes here
pretty nifty I feel.
Anyway, since you're using the $_POST variable, did you check if it
contains any values? You can do this with var_dump($_POST); Let us
know what the results are.
is terrible practice - if anybody writes an SQL command into one of
your textfields it WILL be executed; this is called SQL injection. A
less terrible scenario, but still one that messes up your page, is if
somebody uses quotes. So always use mysql_real_escape_string() on your
post variables before using them in a query.
mysql_real_escape_string() won't help with my mysqlI connection
I will be wrapping the whole thing in a prepared statement before
going to production with this. At this point this is simply a proof of
concept for the boss.
11287 James St
Holland, MI 49424
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php