View Full Version : PHP $_POST Into Database

04-28-2012, 07:21 AM


<form action="welcome.php" method="post">

Type Some Text...:

<textarea name="mes" cols=20 rows=3></textarea>
<input type="submit" />



mysql_connect ("localhost","root","") or die ("Databse Connection Error");
mysql_select_db ("pph") or die ("mysql_select_db Selection Error");

$query = mysql_query("INSERT INTO file (username)
VALUES ('This is a test')") or die ("Query Response Error");


$con = mysql_connect("localhost","root","");
if (!$con)
die('Could not connect: ' . mysql_error());

mysql_select_db("pph", $con);

$result = mysql_query("SELECT * FROM file");

while($row = mysql_fetch_array($result))

echo $row['Username'] . " " . $row['File Field'];

echo "<br />";
echo ("<br> Simple Text Will Be Here!");
die ("<td> <td> <br> <br> Data Will Be Echoed From The Database Here For Now! <br>");

so i need help to get the values to $_POST The data from the form and the users username.

Thanks :)

04-28-2012, 02:59 PM
$_POST['mes']; #carries the data.. so...

$sql="INSERT INTO `file` SET `username`='{$_POST['mes']}'";
mysql_query($sql)or die(mysql_error());

note that you should be checking all $_POST variables to remove CSS or SQL injection

04-29-2012, 03:59 AM
..... and if your website is ever moved to a server that uses a different database to MySQL, you'll very likely have to remove all the backticks in the code.

..and any LIMIT statements ..and all of the mysql calls ;)

04-29-2012, 05:05 AM
That''s correct.
But I normally preach ease of maintenance as much as possible and since the backticks are totally optional I would not have them there in the first place in order to minimise the number of required changes if moved to a different database ;)

OK by far the most likely database change is ... update to newer version of MySQL
so you may run....


now upgrade to MySQL 5.5 and see what happens

the resolution to the above involves backticks or changing your MySQL config to ANSI mode ... which then requires access to MySQL configuration, delimiting using quotes, incompatible with....

I cant find them from a quick search but using backticks has solved more than one reserved word SQL error on these forums & seriously in the unlikely move to mssql or another backticks are going to be the least of your problems and easily resolved using sed/str_replace/preg_*

04-29-2012, 01:09 PM
Strewth, I've never seen so many posts from firepages in 2 days!

@firepages http://www.ponyexpress1.com/files/waving_smiley.gif

When are you going to sort your website? - The last time I tried to post on your forum I got a diskspace full error. The rest of the site seems to have dead links too! Very cool site (the usb WAMP article you posted years ago was way ahead of its time) hence I still visit every few months for anything else thats cool.

04-29-2012, 01:50 PM
Personally I don't see there as being a right OR wrong way when it comes to using back ticks. I think there is a time and a place for the use of and the non use of.

04-29-2012, 05:57 PM
If some mental giant has used a reserved word inappropriately in code then they deserve a good kick up the back-side.

you know even mental giants have problems predicting the future .. perhaps you check for new reserved words every time you create a table ? and remember you pointed out that noobs have issues with backquotes, well they have issues with reserved words as well.... note the use of file as a table name, not reserved but seems like a noob choice.

backticks solve potential issues and cause no harm (apart from appearing to annoy you) , and for me make SQL more readable, your injection into this post is based purely on personal preferences yet you proffer your personal preferences as best practice, optional means exactly that.

Anyway sorry Spudster1 for you getting dragged in here, please ignore the distractions.

Strewth, I've never seen so many posts from firepages in 2 days!
tell me about it I am on fire :)
... actually after a long break from regular coding I am gonna be working on a couple of decent sized web based projects over the next couple of months and hopefully that will get me in the mood/frame of mind to tidy up the site and post some more bits and bobs, I live in hope! , cheers.

04-30-2012, 01:55 AM
What I did is just point out their potential pitfalls for newbies

The thing is though, there are no pitfalls for newbies. Mysql will accept SQL with or without backticks however the use of them should always be encouraged as it ingrains a problem solving aspect into a noobs head.

What happens when there is a new mysql release and mysql use a new reserved word that you've used in one of your SQL statements without backticks? - You may be getting a few calls from customers who suddenly find their sites don't work anymore.

I also never said they must not be used. I said they should not be used and gave my reasons.

IMO thats the same thing.

You're the one appearing to be annoyed that I even suggested that they should not be used :)

Actually if you don't mind me saying so, the tone of YOUR post came across as being very annoyed, a tad arrogant and almost bordering aggressive. From what I've read of firepages posts nothing there had any underlying tones or any form of frustration. Remember, you're the one talking of people getting a kick up the backside.

04-30-2012, 12:35 PM
OK was trying to be nice ;)

and so imo they deserve it

how can you deserve it for not knowing the future ? do you get this, I know what new reserved words are for 5.5 cos they are listed , I dont know what they are for 5.6, nor do you. Of course wombat Notation will prevent this, but seriously you are ignoring the point, ESP in the case of noobs.....

actually I dont think you are, you are just bending over backwards to try and defend your pointless troll which helped the original question not one squat, added nothing to the greater good, Its helpful to point out unsafe code, helpful to point out code which has a parse error, helpful to point out a quicker/more efficient way of doing something ... I dont need to go on do I?

+ If you had ever ported over a major project to a new DB you would know what nonsense you are talking.

Do I and others have to write a disclaimer in each post "iBall in his greater wisdom may deem the following code unsound because of his/her unilateral presumption of what is right and wrong, I apologise for any offence that may be caused" ?????

anyway, I wont be adding anymore to this post and am angry with myself for getting sucked in & in general why not try only posting if you have something constructive and useful to say ?

04-30-2012, 01:26 PM
it appears you haven't read my posts or at least all of them.

Erm, yes, yes I have.

One pitfall for newbies of using backticks is that they often mistake them for single quotes and then they come into web forums (not just this one) wondering why their query doesn't work.

Is that such a bad thing? - You're suggesting that they should never encounter this problem and learn from it? Do you know what makes a good coder? It's not being able to avoid confusing or complicated issues its being able to understand them, know how to work with them or get around them. In this case knowing the difference between back ticks and single quote marks is a fundamental requirement for any php coder. Imagine getting a PHP developers job with a company, they let you loose on their source code and you break it because you've never dealt with back ticks. Suddenly you look completely incompetant, you've broken the company code and you've got a lot of catching up to do within 5-10 minutes to convince them you're capable of it.

The backticks are optional in MySQL and not even allowed by most other databases so I will always discourage people from using them unnecessarily.

Yes that may be so but that is the DIFFRENCE between mysql and OTHER databases. They are all different. It's learning these differences and memorising them that makes you a better programmer.

Yes, if you read my post you will see I was referring to people using reserved words inappropriately when it is easily avoided without backticks and so imo they deserve it :)

The problem with that is that some people don't even realise that there are reserved words and thus cannot avoid using them. Did you know everything about php and mysql when you were learning? No. Did I know everything about them? No. You learn it as you go along. THAT is why every newbie should learn about backticks so that they are informed and can then make their own choice.

Your failure to recognise this and even discouraging people from learning how to use them properly is not wise.

But I normally preach ease of maintenance as much as possible and since the backticks are totally optional I would not have them there in the first place in order to minimise the number of required changes if moved to a different database

Considering you have just 5 posts and 3 img tags in your post that the forum has blocked I can only consider your post as spam.

+ If you had ever ported over a major project to a new DB you would know what nonsense you are talking.

I reckon thats the best supporting part of the arguement yet. If iBall thinks all database servers are going to work exactly the same as mysql then.. :rolleyes:

Obviously you can't know the future, but if you use Hungarian Notation as I posted earlier..

I must be missing something because the only reference to hungarian I can find in mysql is the collation. Yes you posted about this earlier but you never posted HOW (and if in your superior knowledge you think a bodge is a good way to avoid dealing with other issues that have a proper workaround then you have a deeply flawed arguement).