|
|
Posted by Alvaro G. Vicario on 09/09/06 22:38
*** drakorq escribió/wrote (7 Sep 2006 08:10:05 -0700):
> I was trying setting up these scripts following instructions in a book
> from 2003, so I thought maybe some of the code might be outdated.
Certainly it is. It also have several typos.
> <p>Enter the product number: <input type="text" name"number" size="10"
> value="128"></p>
name="number"
> $sql = "INSERT INTO table_productspecs
> (product_number, product_name, kiloprice)
> VALUES
> ($number, '$name', $price_punkt)";
> mysql_query($sql);
Rather than:
"INSERT INTO table (column) VALUES ('$foo')"
Use this:
"INSERT INTO table (column) VALUES ('" . mysql_escape_string($foo) . "')"
You can also use mysql_real_escape_string()
> <p>Product number: <?php print $number ?>.</p>
<p>Product number: <?php print htmlspecialchars($number) ?>.</p>
or
<p>Product number: <?=htmlspecialchars($number)?>.</p>
> $dbconnection = mysql_pconnect("localhost","dbuser","password")
> or die("Could not establish connection with mysql_connect.");
Using a persistent connection means that PHP will remain connected to the MySQL server even when no one is visiting the site. This can make MySQL run out of connection slots even under low load. I suggest you use mysql_connection() unless you have a good reason.
--
-+ http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
++ Mi sitio sobre programación web: http://bits.demogracia.com
+- Mi web de humor con rayos UVA: http://www.demogracia.com
--
Navigation:
[Reply to this message]
|