Rij wrote:
I input the values from a HTML form. Here is the partial code.
$phone = $_POST['phone'];
$name = $_POST['name'];
$address = $_POST['address'];
$query = "INSERT INTO contacts VALUES ('$phone', '$name', '$address')";
if (mysql_query($query, $con)) echo "Values inserted";
else die('Unable to create table : '.mysql_error());
This is unsafe code. I suggest you lookup "prepared statements" and the
PDO library (which is part of PHP).
Daniel.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
