Hello, my name is Ben Stones. I am quite a beginner to PHP, and as a new
years resolution I am going to learn PHP (finally!)
Cut to the chase I have created a basic looping script that would display
anything submitted in a form, on seperate lines; here is the PHP code:
$con =
once.
2. handle the errors that can happen on running a query. ex.
$mysql_query_one = mysql_query(SELECT * FROM `comments`) or
die(mysql_error());
bastien Date: Thu, 3 Jan 2008 02:57:00 + From: [EMAIL PROTECTED] To:
php-db@lists.php.net Subject: [PHP-DB] PHP Beginners Help Hello, my
Ben:
First, using a $_POST value directly into a MySQL query is EXTREMELY
unsafe. Always filter data from any source to make sure it's what you
expect. SQL injection is one of the easiest ways to cause real damage
to a website. http://en.wikipedia.org/wiki/SQL_injection
Check out this fuction
Thanks all for your replies. Much appreciated. I have edited the code and
took points into account:
$con = mysql_connect(localhost,ben_test,removed) or die(con);
$db = mysql_select_db(ben_test) or die(db);
$sql1 = mysql_query(INSERT INTO `comments` (`messages`) VALUES
($comments)) or
Ben Stones wrote:
Thanks all for your replies. Much appreciated. I have edited the code and
took points into account:
$con = mysql_connect(localhost,ben_test,removed) or die(con);
$db = mysql_select_db(ben_test) or die(db);
$sql1 = mysql_query(INSERT INTO `comments` (`messages`) VALUES