What "lists" are you referring to? Also this is how the examples show I've
seen.
I know this is basic general stuff but I try many times before posting, and
I have followed all directions given.
So this is what I did, and nothing is set DB still :-(
===========================NEW CODE=========================================
$regName = trim(strip_tags($_POST['conName'])); $regAddress =
trim(strip_tags($_POST['conAddress']));
$regCity = trim(strip_tags($_POST['conCity'])); $regState =
trim(strip_tags($_POST['conState']));
$regZip = trim(strip_tags($_POST['conZip'])); $regPhone =
trim(strip_tags($_POST['conPhone']));
$sclName = trim(strip_tags($_POST['schName'])); $sclAddress =
trim(strip_tags($_POST['schAddress']));
$sclCity = trim(strip_tags($_POST['schCity'])); $sclState =
trim(strip_tags($_POST['schState']));
$sclZip = trim(strip_tags($_POST['schZip']));
$stoName = trim(strip_tags($_POST['strName'])); $stoCity =
trim(strip_tags($_POST['strCity']));
$stoState = trim(strip_tags($_POST['strState']));
//==============================Begin dbPopulation of Form
info===============================================
$dbserver = "localhost"; // This will be where server name goes
$dbuser = "root"; // This will be where username goes
$dbpassword = ""; // This will be where password goes
$dbname = "theDB"; // This will be where database name goes
$connection = mysqli_connect($dbserver, $dbuser, $dbpassword, $dbname) or
die (mysqli_error($connection));
$regName = mysqli_real_escape_string($connection, $regName);
$regAddress = mysqli_real_escape_string($connection, $regAddress);
$regCity = mysqli_real_escape_string($connection, $regCity);
$regState = mysqli_real_escape_string($connection, $regState);
$regZip = mysqli_real_escape_string($connection, $regZip);
$regPhone = mysqli_real_escape_string($connection, $regPhone);
$sclName = mysqli_real_escape_string($connection, $sclName);
$sclAddress = mysqli_real_escape_string($connection, $sclAddress);
$sclCity = mysqli_real_escape_string($connection, $sclCity);
$sclState = mysqli_real_escape_string($connection, $sclState);
$sclZip = mysqli_real_escape_string($connection, $sclZip);
$stoName = mysqli_real_escape_string($connection, $stoName);
$stoCity = mysqli_real_escape_string($connection, $stoCity);
$stoState = mysqli_real_escape_string($connection, $stoState);
$sql_query = "INSERT INTO contestants (conName, conAddress, conCity,
conState, conZip, conPhone, schName, schAddress, schCity, schState, schZip,
strName, strCity, strState) VALUES('$regName', '$regAddress', '$regCity',
'$regState', '$regZip', '$regPhone', '$sclName', '$sclAddress', '$sclCity',
'$sclState', '$sclZip', '$stoName', '$stoCity', '$stoState')";
mysqli_query($connection,$sql_query); ?>
===========================END NEW CODE=====================================
----- Original Message -----
From: "Stut" <stuttle@xxxxxxxxx>
To: "K.Hayes" <k3cheese@xxxxxxxxxxxxx>
Cc: "php-general" <php-general@xxxxxxxxxxxxx>
Sent: Saturday, June 02, 2007 9:52 PM
Subject: Re: Cant set info in DB...HELP
Please include the list on all replies.
K.Hayes wrote:
I don't know if I'm escaping the 'vars correctly'. If I'm wrong can you
give me an example?
<snip>
$sql_query = "INSERT INTO contestants (conName, conAddress, conCity,
conState, conZip, conPhone, schName, schAddress, schCity, schState,
schZip,
strName, strCity, strState) VALUES('$regName', '$regAddress', '$regCity',
'$regState', '$regZip', '$regPhone', '$sclName', '$sclName', '$sclCity',
'sclState', '$sclZip', '$stoName', '$stoCity', '$stoState')";
$insert_query = mysqli_real_escape_string($connection, $sql_query);
mysqli_query($connection,$insert_query); ?>
No, this is not the right way. I suggest you read the manual page on
mysqli_real_escape_string (http://php.net/mysqli_real_escape_string). You
need to run it on every variable you are using *in* the SQL query, not on
the SQL query itself.
Google for a php mysqli tutorial - all this stuff is very basic and should
be covered by most tutorials you'll find.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
