PHP SOLUTIONS: DYNAMIC (Php web hosting) WEB DESIGN MADE EASY attribute
PHP SOLUTIONS: DYNAMIC WEB DESIGN MADE EASY attribute of the submit button (insert) in the $_POST array. Put the following above the DOCTYPE declaration: After including the MySQL connection function and the file that contains nukeMagicQuotes(), the code removes backslashes from the $_POST array. The rest of the code consists of six comments that map out the remaining steps. 2. First, you need to ensure that you handle only expected data, and that it s safe to insert in the database. Add the code in bold at the points indicated by the comments: // prepare an array of expected items $expected = array(’title’, ‘article’); // create database connection $conn = dbConnect(’admin’); // make $_POST data safe for insertion into database foreach ($_POST as $key => $value) { if (in_array($key, $expected)) { ${$key} = mysql_real_escape_string($value); } } This stores the names of the fields that you expect from the form, and then connects to the database as the administrative user (psadmin). The connection must be established before using mysql_real_escape_string(). The conditional statement in the loop checks that the current $_POST array element is in the $expected array before passing it to mysql_real_escape_string() and saving the result with a shorter variable name. So $_POST[’title’] becomes $title, and $_POST[’article’] becomes $article. The data is now safe to incorporate into a SQL query. 3. Because the $_POST variables have been assigned to shorter variables, it s easy to build the SQL query using a combination of single and double quotes like this: // prepare the SQL query $sql = “INSERT INTO journal (title, article, created) VALUES(’$title’, ‘$article’, NOW())”;
If you are looking for cheap and quality webhost to host and run your website check Jboss Web Hosting services.