How to get data into MySQL with PHP?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I know absolutely nothing about this.  I've been banging around various
tutorials.  Most just sort of skip over this.  The closest I came is:

However, their example:

$query = "INSERT INTO contacts VALUES

doesn't work, and got me a "Learn how to use SQL Injection" comment.

I need a tutorial that explains this stuff.  I don't have the vaguest
clue what I'm doing, and when the tutorial assumes any pre-existing
knowledge, I get left behind pretty quickly.

* John Oliver                     *
*     Reform California gun laws - *
* - *
*      San Diego shooters come to *

Re: How to get data into MySQL with PHP?

<02 Dec 2005 04:01:51 GMT>

Quoted text here. Click to load it

I'd say you need to learn how to walk first before trying to run .

Would you give somebody a full auto AK47 as their first learning how to  
shoot lesson ? .

Start by learning how to put a single item into the database - and once  
thats done you can try changing it to add 2 items etc .

Or if that doesnt work then you could try the following I took from a  
old website I had sitting on the hard disk .



This file holds your database connection details , Its from a old  
account and I havent changed anything & they are just what I called them  
when I set up the mysql database in the web host control panel .

This has the advantage you dont need to type them in every time you want  
to connect to your database .

<?php include ("uzi.php"); ?>

This line should be at the top of every webpage that uses or connects to  
your database .

$wsx = date("l dS of F Y h:I:s A");
$edc = substr("$rfv",0,50);

$db = mysql_connect($host,$login,$pass); mysql_select_db($base,$db);
$query = mysql_query("SELECT iipp FROM cwin WHERE hold='$temp';",$db);
$myrow = mysql_fetch_array($query);

$db = mysql_connect($host,$login,$pass); mysql_select_db($base,$db);
$result = mysql_query("UPDATE cwin SET count=count+1 WHERE  
$result = mysql_query("UPDATE cwin SET iipp='$qaz' WHERE hold='$temp'");
$result = mysql_query("UPDATE cwin SET deta='$wsx' WHERE hold='$temp'");
$result = mysql_query("UPDATE cwin SET reff='$edc' WHERE hold='$temp'");

- iipp
- cwin
- etc

Are the actual field names in the mysql database and obviously I dont  
know what you do or dont use on your own database .

Needless to say you will need to create suitable matching tables in your  
own mysql database if you dont want to edit anything in the above .

Trial and error is the only real way to learn .

BTW: all the above is newbie stuff and probably not the best way to do  
it in the fact I cant really remember what each line does - so i'm  
unable to help you any further than I already have .

Re: How to get data into MySQL with PHP?

John Oliver wrote:

Quoted text here. Click to load it

The reason for the "Learn how to use SQL Injection" comments are
justified. If your server hosting has the magic_quotes_gpc setting in
PHP switched off, in addition to having register_globals switched on,
you'll be in trouble with the method above. Then I can delete your
entire address book by entering the following into one of the fields:

'); DELETE FROM contacts;

A better method would be something in the direction of the following:

// remove slashes for magic_quotes_gpc and injection attacks
$first = stripslashes($_REQUEST["first"]);
$last = stripslashes($_REQUEST["last"]);
$phone = stripslashes($_REQUEST["phone"]);
$mobile = stripslashes($_REQUEST["mobile"]);
$fax = stripslashes($_REQUEST["fax"]);
$email = stripslashes($_REQUEST["email"]);
$web = stripslashes($_REQUEST["web"]);

// the following code is all on one line
$query = "INSERT INTO contacts VALUES

// execute the MySQL statement

At least you'll be safer than using your original code. I know, it's a
lot more code, but it's also more secure.

Unfortunately, many tutorials out there teach the absolute simplest
way, which also teache the less secure methods.

Kim André Akerø
(remove NOSPAM to contact me directly)

Site Timeline