In essence, what this code does is it creates a table with a dropdown menu of 3 houses, each one with a different value.
Now i am using this php code to store the values in a mysql database.
<?php mysql_connect("localhost", "user", "pass") or die(mysql_error()); mysql_select_db("data1") or die(mysql_error());
$houses = $_POST["houses"];
mysql_query("INSERT INTO test(houses) values('$houses') ") or die(mysql_error()); ;?>
Now what i would like to do is to store both the value and the name of the selection made by the user. For example, if the user selects the first option, the data stored in the database is only 100000. How can i modify my php or the html code from the form to be able to insert the 100000 and also House 1 into the database. I need both values to be passed on to my database.
Msg#: 4238242 posted 11:27 pm on Dec 3, 2010 (gmt 0)
Msg#: 4238242 posted 4:50 am on Dec 4, 2010 (gmt 0)
If you're unfamiliar with the term "SQL injection", read StoutFiles's post 5 times, then do a web search on "SQL injection".
If your versions of PHP and MySQL are high enough to support it, have a look at the object-oriented methods of PHP's "mysqli" extension and its "prepared statements" methods (instead of using the PHP "mysql" extension). Study and use their example code (such as at [us2.php.net...] ) to create the methods you can use from now on for your PHP/MySQL coding. If you create safe and reliable procedures now and make them a habit, you'll save having to run through your site correcting poor coding after having your site get hacked.