<?php
$con = mysqli_connect("localhost","my_user","my_password","my_db");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//unsafe data
$unsafe_name = mysqli_real_escape_string($con, $_POST['fname']);
$unsafe_email = mysqli_real_escape_string($con, $_POST['email']);
//safe data
$safe_name = mysqli_real_escape_string($con, $_POST['fname']);
$safe_email = mysqli_real_escape_string($con, $_POST['email']);
$sql = "INSERT INTO my_db (fname, email) VALUES ('".$safe_name."', '".$safe_email."')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
}
?>
<form action="" method="post">
Name: <input type="text" name="fname"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
No comments:
Post a Comment