Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

$_POST and insert 1

Status
Not open for further replies.
MinnisotaFreezing

MinnisotaFreezing

Programmer
Jun 21, 2001
120
0
0
KR
A few questions.

$first = $_POST['first_name'];
if ($_POST['submit'] == "Enter")
{
$query = "insert into names
(first, last) values
('$first', '$_POST['last_name']')";

mysql_query($query) or
die (mysql_error());
?>

first is inserted into my table, last_name is not. Is there a way I can write my insert string so I don't have to pass the global variable into a local one, like I did for first_name?

More importantly, if I simply take the posted global variables and insert them into my table, am I missing the whole point of turning global variables off? This is not sensitive data, but I would like to learn things right. Should I pass all POST data into local variables and run some validity check on them before inserting?

Thanks for the help, sorry if this is a bit muddled.

CJB
 
Sort by date Sort by votes
the regularly assinged vars work when used in a sql statement like above, but to use $_POST you need to have it outside the quotes like this:

$query = "insert into names
(first, last) values
('$first', '".$_POST['last_name']."')";


Bastien

cat, the other other white meat
 
Upvote 0 Downvote
You should ALWAYS validate user input, not only to protect yourself, but to filter out user stupidity %-)

I don't believe there's any need to pass the _POST info to another var tho, unless for some reason it's more handy in a var than in an array. You can perfom the same validation in either case.
 
Upvote 0 Downvote
Thanks for more good advice.

I know it is a pain, but I'll try and validate input in this project.
 
Upvote 0 Downvote
Don't let validation scare you off. At it's simplest, it merely means making sure that the info that the user inputs is what you expect it to be. For instance, if you are expecting an integer input, and the user submits a character string, will it crash you, or have you protected yourself by only accepting integers?

You can graduate from there into increasingly complex forms of validation such as checking for correct characters and even IP validation. Only you can determine the level of protection you do or don't need! [thumbsup2]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

c0deM0nK424
  • Locked
  • Question
Gutenberg Block Editor - page edits and updates not working since wp site migration
Replies
1
Views
208
spamjim
spamjim
lexer
  • Locked
  • Question
Fetching Data from Mysql and filling Inputs in a Form
Replies
0
Views
57
lexer
lexer
Gerrit Broekhuis
  • Locked
  • Question
PHP form with captcha and file upload
Replies
4
Views
83
Gerrit Broekhuis
Gerrit Broekhuis
PeDa
  • Locked
  • Question
PHP and CSS media queries 1
Replies
2
Views
144
PeDa
PeDa
PeDa
  • Locked
  • Question
unwanted spaces inserted into the middle of php-generated html email body 1
Replies
2
Views
61
PeDa
PeDa

Part and Inventory Search

Sponsor

Back
Top