Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

PHP & MySQL

Name: Anonymous 2010-12-16 11:25

I can't figure out what's fucked up with my insert SQL query in PHP:

HTML Form:

<form method="POST" action="hw8b.php">
    Name:<br />
    <input type="text" name="name" /><br /><br />
    City:<br />
    <input type="text" name="city" /><br /><br />
    Email:<br />
    <input type="text" name="email" /><br /><br />
    <input type="submit" value="Insert">
    </form>

PHP page:

<?php

$DBConnect = mysql_connect("localhost", "mylastname", "");

if (! $DBConnect)
{
  echo "<P>Database not available";
}

$password = "myusername";
$userID = "mypassword";

$name = $_POST["name"];
$city = $_POST["city"];
$email = $_POST["email"];

mysql_select_db("myDBName");

$SQLstring = "INSERT INTO FANS VALUES(" . $name . ",'" . $city . "','" . $email . "');";

$QueryResult = mysql_query($SQLstring);

Name: sage 2010-12-16 16:07

Man, I'm a web guy and you fucking suck OP. First off, never use double quotes you gay little faggot. If you have to put variables in a string use http://php.net/manual/en/function.sprintf.php Next you don't fucking know SQL because you don't even declare which fucking fields you're going to store the data in with your query and on top of that you didn't escape...WAIT!! WAIIT...
$password = "myusername";
$userID = "mypassword";???? REALLY!! REALLY? I've been fucking trolled. FUCK YOU OP!
Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -