hey all,

I got the trouble on my code..

why the passing variabel from index.php
couldn't be sent to the SQL statement
that I parse from file text?

pleaseee..help me to revise code, that could
pass the right value to database with SQL
from file text.

thanks

Kahlil

I attached the code.

    The issue is in your parsing2.sql file. You mention the variables "$name", "$address", and "$phone", but you're using PHP 5. In php5, register_globals is NOT enabled. Thus you have to use $POST['name'], $POST['address'], and $_POST['phone'] respectively.

    On a side-note, I'd offer the suggestion to actually sanitize the input before you execute it. This way, people can't do something like this (in the phone field):
    [123-456-7890'; SELECT * FROM forum;]

    Something like that could lead to a security breach, which you wouldn't want.

      #2
      ...to use $POST['name'], $POST['address'], and $POST['phone'] respectively
      so, I have to define the variabel $
      POST['...'] not on the text field but on the php code directly???

      is there another way to send the value to the "text field" using php5?

      thanks.

        #4
        I've tried to read the manual page , but I still don't get the solution yet..
        because mostly code, the SQL statement isn't from file text..

        is there another option?
        thanks charles.

          so, I have to define the variabel $POST['...'] not on the text field but on the php code directly???


          No, the $
          POST and $GET arrays are automatically populated with the proper information. $POST and $_GET are populated typically with information from forms.

          The only way to get information from a form to PHP is via the $POST and $GET arrays. There is no other option.

          What you could do is make your SQL generic. Format it using the [man]sprintf[/man] guidelines. Your SQL (inside your txt file) would then look like:

          added=>INSERT INTO forum VALUES ( '%s','%s','%s')

          Then in your php code, you'd use it like:

          $query2=sprintf($parseObj->added, mysql_real_escape_string($_POST['name']), mysql_real_escape_string($_POST['address']), mysql_real_escape_string($_POST['phone']));

          I hope that helps explain some of it.

            #6
            thanks a lot, your aid has helped me & I've applied to my code.

            thanks bpat1434...

            Regards,

            Kahlil

              Does this mean your issue is resolved? If so, don't forget to mark the thread resolved.

                Write a Reply...