Php to enter from text in to mysql

August 17, 2009 at 07:32:42
Specs: 2000 pro, -
I need some php code to add text that has been put in a form put in the myql database.
this if the form;
<form action="form.php" method="get">
<select name="id">
<option>SELECT YOUR ID</option>
<option value="0">0</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
Enter you path here:
<input name="path" type="text" id="path">
<input type="submit" value="Submit">

So far i have got in the form.php file;

// Connect to the database server
$dbcnx = @mysql_connect('localhost', 'root', 'password');
if (!$dbcnx) {
die( '

Unable to connect to the ' .
'database server at this time.</p>' );
// Select the db_1 database
if (! @mysql_select_db(db_1') ) {
die( '

Unable to locate the db1 ' .
'database at this time.</p>' );


$id = $_GET['id];
$path = $_GET['path'];


What i want is the code that will put the content $path in the colume path on the row where the number in the colume id is equal to $id.
(the table is called table_1)


See More: Php to enter from text in to mysql

Report •

August 17, 2009 at 11:18:57
mysql_query("update table_1 set path='" . $path .
"' where id='" . $id . "';") or die(mysql_error());

That would *probably* do, but you'd want to clean the text in path and id though to make sure there isn't anything nasty.

You can check the query by using mysql_affected_rows() right afterward; it returns an integer.

One other thing, since you're using $_GET - you might wish to cast it as an integer.

bool settype($varname, "integer")

If the conversion fails, then there might be tainted data; for example, someone entering an uri directly ?path=admin&id=password--


Report •

August 18, 2009 at 10:46:36
That work fine.

Report •

Related Solutions

Ask Question