On Friday, August 24, 2012 09:27:31 PM Gary Chambers wrote:
> David,
> > Just did that like Richard had suggested also and I do get the expected
> > results. I suspect I need to put the same thing in my query correct? like
> > this:
> > 
> > mysql_query ("INSERT INTO inventory(image, year, make, model,
> > milage, price)VALUES($_POST['image'], $_POST['year'], $_POST['make'],
> > $_POST['model'], $_POST['milage'] , $_POST['price'])");
> I might be stating the obvious here, but you should really validate your
> input.  If this is just an exercise or a simple test, that will work.  If
> it's an application that, especially, is accessible on the internet, you
> definitely need to validate and ensure that you're receiving sane input.

Yes this is just pretty much a refresher. Validation and sanatizing is my next 
quest :-)

I got it, thanks to everyone pointing me in the right direction. It has been a 
while since I've written any PHP code and I started last week just to freshen 
up and try and learn more. I guess the last time I had written any forms, 
register_globals was on. (Long time!) LOL anyway I changed my code to this:

Cut it down to just 1 row & snipped the other stuff. :-)

mysql_query ("INSERT INTO inventory(image)VALUES('$_POST[image]')");

Thanks for pointing me in the right direction I appreciate it.

David M.

Reply via email to