|
|
Posted by Steve on 10/17/06 19:59
"Breklin" <breklin@sbcglobal.net> wrote in message
news:vtaZg.632$T_1.76@newssvr14.news.prodigy.com...
| Linda,
|
| This is how I would write that:
|
| [php]
| <?php
|
| //login details
|
|
| @mysql_connect($host,$user,$password)
| or die("Unable to connect with server!");
| @mysql_select_db($database)
| or die("Unable to connect database, please try later!");
|
| -- No need for a form set ID value. Use the Auto-Increment feature in
MySQL
| -- I have never used the mysql_real_escape_string function. A variation is
below.
|
| // Set Form Data into PHP Vars and format against injection attack
| $name = htmlspecialchars($_POST['name']);
| $info = htmlspecialchars($_POST['info']);
| $pic = htmlspecialchars($_POST['pic']);
| $lg_pic = htmlspecialchars($_POST['lg_pic']);
|
| -- QUESTION: What data time is 'Price': int, varchar, float, etc?
|
| $price = htmlspecialchars($_POST['price']);
|
| -- When using this type of insert, you must make sure you are placing data
values in every field of the table. If you are not listing even one
field in the VALUES portion of the query, you will get a query error.
|
| $query = "INSERT INTO floral VALUES
('','$name','$info','$pic','$lg_pic','$price')";
NOT true. (but not to be too picky)
INSERT INTO florals
(
name ,
info ,
pic ,
lg_pic ,
price
)
VALUES
(
'$name' ,
'$info' ,
'$pic, ,
'$lg_pic' ,
'$price'
)
will insert just fine without having to put '' for the id. PLUS it is *bad*
form to have any sql statement on one line (my opinion). AND (common
opinion), all inserts and selects should *always* list the columns being
updated. the above sql is much more manageable than the latter...you can see
exactly what columns are being used and their associated php variables at a
glance.
i have to say though, either way, this does not address her
problem/question. how does she detect the insertion of DUPLICATE data and if
duplicated, how does she display an error to that effect to the user?
Navigation:
[Reply to this message]
|