Forum Moderators: coopster
I just started up with mysql and PHP. Could anyone just gently and softly check if the values of my inscription form are correct:
if ((isset($HTTP_POST_VARS["MM_insert"])) && ($HTTP_POST_VARS["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO inscription_clients (mail, nom, prenom, telephone, mdp, ad_ligne1, ad_cp, ad_ville) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($HTTP_POST_VARS['mail'], "text"),
etc.
- and if the script found on this great site is valid for the form above:
$sql = "insert * in ourtablename where id=" . $_POST['user'] . " and user='" . $_POST['user'] . "'";
echo "";
echo $query;
Thanxs a lot in advance,
McLethe
someone?
Is it so complicated to respond to my question? Please... it's urgent!
Weekends get a bit lull so you'll have to be patient ;)
First thing I notice is that you are using the deprecated $HTTP_POST_VARS [php.net] variable.
Great your forum, thanxs for the reply and the warm welcome!
Ok, if you could come back on this... as I don't understand not one word after consultation. What has one to put instead of the depreciated post_vars? Is it an obligation? My version of Dreamweaver sets me the post_vars automatically...
By the way, I found out the correct insertion for the values today.
P.S. You may also want to add some validation of the post variables before using it to insert, to avoid SQL Injection vulnerabilities.
