On Friday, August 24, 2012 09:27:31 PM Gary Chambers wrote:
> David,
>
> > Just did that like Richard had suggested also and I do get the expected
> > results. I suspect I need to put the same thing in my query correct? like
> > this:
> >
> > mysql_query ("INSERT INTO inventory(image, year, make, model,
> > milage, price)VALUES($_POST['image'], $_POST['year'], $_POST['make'],
> > $_POST['model'], $_POST['milage'] , $_POST['price'])");
>
> I might be stating the obvious here, but you should really validate your
> input. If this is just an exercise or a simple test, that will work. If
> it's an application that, especially, is accessible on the internet, you
> definitely need to validate and ensure that you're receiving sane input.
Yes this is just pretty much a refresher. Validation and sanatizing is my next
quest :-)
I got it, thanks to everyone pointing me in the right direction. It has been a
while since I've written any PHP code and I started last week just to freshen
up and try and learn more. I guess the last time I had written any forms,
register_globals was on. (Long time!) LOL anyway I changed my code to this:
Cut it down to just 1 row & snipped the other stuff. :-)
mysql_query ("INSERT INTO inventory(image)VALUES('$_POST[image]')");
Thanks for pointing me in the right direction I appreciate it.
David M.
