i want insert data in sql can not insert data
<?php include("config.php"); $f=$_get["first_name"]; $l=$_get["last_name"]; $e=$_get["email"]; $m=$_get["mobile"]; $b=$_get["birthday"]; $g=$_get["gender"]; $insert="insert user ( `first_name`, `last_name`, `email`, `mobile`, `birthday`, `gender`) values ('$f', '$l', '$e', '$m', '$b', '$g')"; mysqli_query($insert); ?> i try insert data link :
it's been long time since have used mysqli code below should run though. others have mentioned never bind unsanitized data (even if think trust data it's safe use prepared statements still).
<?php //create db connection $conn = new mysqli('server', 'user', 'password', 'databasename'); //create insert statement. never concat un-sanitized data in statements $insert="insert user ( `first_name`, `last_name`, `email`, `mobile`, `birthday`, `gender`) values (?, ?, ?, ?, ?, ?)"; $stmt = $conn->prepare($sql); //values corespond ? except first param represents format of expected data. "s" stands string $stmt->bind_param( 'ssssss', $_get["first_name"], $_get["last_name"], $_get["email"], $_get["mobile"], $_get["birthday"], $_get["gender"] ); $stmt->execute(); your url this: http://localhost:8888/restfull/insert.php?first_name=john&last_name=doe&email=test@test.com&mobile=0&birthday=may&gender=male
make sure if putting url above in type of form correctly url encode values (i notice many of values collecting require slashes etc).
Comments
Post a Comment