php - Is it possible to use $_REQUEST for inserting data in a mysql database? -

-

i have code figured out, entries user submits submit button aren't going anywhere. there way fix this, or should use $_post method?

php code:

    <?php include ("dbroutine.php"); function register() { $connect = db_connect; if (!$connect) { die(mysql_error()); } $select_db = mysql_select_db(securitzed, $connect); if (!$select_db) { die(mysql_error()); } //collecting info $fname = $_request ['fname']; $lname = $_request ['lname']; $username = $_request['username']; $password = $_request['password']; $email = $_request['email'];  //here check have inputs filled  if(empty($_request['username'])){ die("please enter username!<br>"); }  if(empty($_request['password'])){ die("please enter password!<br>"); }   if(empty($_request['email'])){ die("please enter email!"); }  //let's check if username in use $user_check = mysql_query("select username members username = '".$_request  ['username']."'"); $do_user_check = mysql_num_rows($user_check); //now if email in use $email_check = mysql_query("select email members email= '".$_request['email']."'"); $do_email_check = mysql_num_rows($email_check); //now display errors if($do_user_check > 0){ die("username in use!<br>"); } if($do_email_check > 0){ die("email in use!"); }   //if okay let's register user $insert = mysql_query("insert members (username, password, email)  values ('".$_request['username']."', '".$_request['password']."', '".$_request['email']."', '".$_request['fname']."', '".$_request['lname']."')"); if(!$insert){ die("there's little problem: ".mysql_error()); }   } switch($act){ case "register"; register(); break; }

html code:

   <body>          <form method="post">             first name: <input type="text" name="fname" value="" /> <br />             last name: <input type="text" name="lname" value="" /> <br />             e-mail: <input type="email" name="email" value="" /> <br />             desired username: <input type="text" name="username" value="" /> <br />             password: <input type="password" name="password" value="" /> <br />             confirm password: <input type="password" name="passwordconf" value="" /> <br />             <input type="submit" value="submit"/>         </form>      </body>

if need add anything, point out, if not, add code if needed.

$_request contains: $_cookie, $_get, , $_post variables. if use $_request have no guarantee data came post data, leads security holes in script. use $_post using method vulnerable sql injections.

$_get retrieves variables querystring, or url. $_post retrieves variables post method, such (generally) forms. $_request merging of $_get , $_post $_post overrides $_get.

fix

you have specify action in form below.

<form action="fetch_data.php" method="post">  <form action="url">

url - send form-data when form submitted. possible values:

  • an absolute url - points web site (like action="http://www.example.com/example.htm")

  • a relative url - points file within web site (like action="example.htm")


Comments

Post a Comment

Popular posts from this blog

android - getbluetoothservice() called with no bluetoothmanagercallback -

-
i getting getbluetoothservice() called no bluetoothmanagercallback error in android application. i have no idea causing or bluetooth manager callbacks. can give me idea of causing problem or start looking. by reading android source code, seems warning cannot about. source code shows if call bluetoothsocket#connect(); then call bluetoothadapter.getdefaultadapter().getbluetoothservice(null); the key here, null parameter passes in above line. due this, there no callback, , bluetoothsocket class throw out warning. since warning, not think need it. https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/bluetooth/bluetoothsocket.java line 306 https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/bluetooth/bluetoothadapter.java line 1610
Read more

sql - ASP.NET SqlDataSource, like on SelectCommand -

-
i'm working on asp.net. have sqldatasource query hardcoded on selectcommand: <asp:sqldatasource id="datasource1" runat="server" cancelselectonnullparameter="false" connectionstring="<%$ connectionstrings:s.properties.settings.connectionstring %>" selectcommand="select * [table] ([col1] case @col1_param when null col1 else @col1_param end) , ([col2] case @col2_param when null col2 else @col2_param end)" selectcommandtype="text"> <selectparameters> <asp:controlparameter controlid="textbox1" name="col1_param" propertyname="text" type="string" /> <asp:controlparameter controlid="textbox2" name="col2_param" propertyname="text" type="string" /> </selectparameters> what want if enter data on 1 textbox only, data display according textbox
Read more

ios - Undefined symbols for architecture armv7: "_OBJC_CLASS_$_SSZipArchive" -

-
i try using extractzipfile plugin @ this: https://github.com/phonegap/phonegap-plugins/tree/master/ios/extractzipfile but when compiler xcode 4.6.1 in sdk 6.1 throws error: undefined symbols architecture i386: "_objc_class_$_ssziparchive", referenced from: objc-class-ref in extractzipfileplugin.o ld: symbol(s) not found architecture i386 clang: error: linker command failed exit code 1 (use -v see invocation) i try issue @ here: undefined symbols architecture armv7 ssziparchive but shows error: /users/alienware/desktop/extractzipfile/ssziparchive/tests/ssziparchivetests.m:10:9: 'sentestingkit/sentestingkit.h' file not found i work phonegap , make app in ios, dump. update : try add ssziparchive.m compiler source , come new error: undefined symbols architecture i386: "_unzclose", referenced from: +[ssziparchive unzipfileatpath:todestination:overwrite:password:error:delegate:] in ssziparchive.o "_unzclosecurrentfil
Read more