I need to know how to add many datas into a table using html form and the php query
for example, i want to do like this - <form action="addsong.php" method="post">
-
song1: <input type="text" name="song" />
-
song2: <input type="text" name="song" />
-
song3: <input type="text" name="song" />
-
song4: <input type="text" name="song" />
-
<input type="submit" value="submit" />
-
</form>
I'm extremely intersted in the query
any help wd be apreciated !!.
thanks in advance
7 4105
Show what you have attempted.
The info you gave us alone is not nearly enough for us to help you.
well, I wanted to add 5 songs or more in the mean time instead of adding one song each time, what is the function that can do that? or can i do it with a simple query ?
now that's my simple script
[PHP]<?php
mysql_connect("localhost", "root", "123456");
mysql_select_db("test");
?>
<?php
$query = "INSERT INTO songs VALUES ('', '$name')";
if ( $song = mysql_query($query) ) {
$message = "Success";
} else {
$message = "Failure";
}
?>
<form action="addsong.php" method="post">
song1: <input type="text" value="" name="name" /><br />
song2: <input type="text" value="" name="name" /><br />
song3: <input type="text" value="" name="name" /><br />
<input type="submit" />
</form>
<?php echo $message; ?>[/PHP]
some note on security:
if possible avoid accessing the database with the "root" user, a standard account will do fine.
if you use "INSERT INTO table_name ( col_name) VALUE ( value);" you get rid of passing the empty string (see MySQL manual)
check/secure your input values (e.g. with mysql_real_escape_string(), for more info search google)
don't rely on register_globals=on, rather use the $_POST or $_GET superglobals.
it could be useful to cache all the form values in an array.
another (shorter) way to check mysql execution is "mysql_query() or die(mysql_error()); // basicly like that"
regards
thanks, but i ddnt get what u want to say, please
will u just repeat my script with the additional needs to do that ??
I'll be so thankful :)
thanks, but i ddnt get what u want to say, please
will u just repeat my script with the additional needs to do that ??
I'll be so thankful :)
Attempt it yourself and we can then correct you on your errors.
I can explain what I meant.
1. the user called "root" is something like a super admin, he's allowed to do everything. e.g. delete the database, change settings (like passwords), creating accounts, typical admin stuff. if someone exploits your script he can get access to your DB and is free to do with it as he likes.
2. currently you're passing 2 values ('' (empty string) and $name). there is normally no reason to pass an empty string to db. if you change your sql statement like mentioned (there is a complete description in the MySQL manual) your code gets better readable.
3. for security reason (see point 1) there are functions that allow you to block most sql exploits, to properly escape the passed variables is one of the most important.
a cracker may insert not his name but malicious sql code (topic: sql code injection) and may so gain access to your db (and if he does that as root, say good-bye to your data)
4. "globals are evil" (more on google) global variables are a potential security issue to your code. with register_globals=on every value passed by get and/or post is translated to a variable and may so set initial values that may be harmful to you. you can add a get variable simply by manually adding &key=value to the query url. additional post variables are made similarly.
instead of using $name use $name = $_POST['name'];
5. "mysql_query() or die();" reduces unnecessary code (you may call other functions than die(), e.g. "throw new Exception()", trigger_error(), ...) usually if your query fails you need to know why and this kind of functions help you fixing it.
6. how to put that into code is described in the references (see links) or in tutorials
regards
thanks guys you're really helpful, i will try that..
Sign in to post your reply or Sign up for a free account.
Similar topics
by: jason |
last post by:
How does one loop through the contents of a form complicated by dynamic
construction of checkboxes which are assigned a 'model' and 'listingID' to
the NAME field on the fly in this syntax:...
|
by: PT |
last post by:
I got a problem. And thats.....
First of all, I got these three tables.
------------------- ------------------ ----------------------
tblPerson tblPersonSoftware ...
|
by: Eli |
last post by:
Hi all
We currently have a strange problem with calling a Stored Procedure
(SQL Database) in our C# Project. The only error I get is "System
error" which says a lot :)
Background:
We have...
|
by: Marcel Hug |
last post by:
Hi all !
I have a table in my database, which has 3 attributes. IDFailureControl,
ControlDate and ControlVersion.
In the following function I test, if the date of today allready exists.
Then I...
|
by: Jose Angel Campos |
last post by:
Hi, I will like to know if you know how to do it. I have this code for
read google news and I want to added to my DB MYSQL so I can store the
news for reading went I want.
Here is the code I use...
|
by: rn5a |
last post by:
In a ASP applicatiuon, the FOrm has a textbox & a select list where
the admin can select multiple options. Basically the admin has to
enter the name of a new coach in the textbox & select the...
|
by: imagetvr |
last post by:
Hello
I am using windows XP
I need a small programme in Visual basic 6 with Access 2000
I have two tables for example one table named student other table named section
In student table...
|
by: edtrvl |
last post by:
Hi there,
I'm trying to insert multiple rows from a table format web form into multiple rows in a SQL table, (1 row for 1 row).
Any help would be greatly appreciated, thanks in advance
Here's...
|
by: bonneylake |
last post by:
Hey Everyone,
Well recently i been inserting multiple fields for a section in my form called "serial". Well now i am trying to insert multiple fields for the not only the serial section but also...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |