This question already has an answer here:
- How can I prevent SQL-injection in PHP? 28 answers
following is my code that contains a form in HTML and uses post method to save it in the database using PHP Mysql. There is no syntax error appears by compilor but the actual data is not saved.
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "booking";
$conn = new mysqli($servername, $username, $password, $dbname);
if($conn->connect_error){die("Connection failed: ". $conn->connect_error);}
$cnic = $name = $fname = $address = "";
if($_SERVER["REQUEST_METHOD"] == "POST"){
$name = $_POST["name"];
$cnic = $_POST["cnic"];
$fname = $_POST["fname"];
$address = $_POST["address"];
$sql = "INSERT INTO data (CNIC, Name, FatherName, PostalAddress) VALUES ($cnic, $name, $fname, $address)";}
?>
<html><body>
<form name="f1" method="post" action="<?php echo htmlspecialchars($_SERVER
["PHP_SELF"]);?>">
CNIC: <input type="text" name="cnic"><br>
Name: <input type="text" name="name"><br>
Father Name: <input type="text" name="fname"><br>
Postal Address: <input type="text" name="address"><br>
<input type="submit">
</form>
</body></html>
Aucun commentaire:
Enregistrer un commentaire