MPDenver
asked on
PHP $SQLInsert
I added two more fields to the table picksummary
fields =
onetime
showdown
I was using this insert statement to insert my current fields. I just need help adding these fields to this insert statement
$sql = "insert into " . $db_prefix . "picksummary (weekNum, userID, tieBreakerPoints, showPicks) values (" . $_POST['week'] . ", " . $user->userID . ", " . $_POST['tieBreakerPoints'] . ", " . (int)$_POST['showPicks'] . ");";
Thanks
fields =
onetime
showdown
I was using this insert statement to insert my current fields. I just need help adding these fields to this insert statement
$sql = "insert into " . $db_prefix . "picksummary (weekNum, userID, tieBreakerPoints, showPicks) values (" . $_POST['week'] . ", " . $user->userID . ", " . $_POST['tieBreakerPoints']
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sometimes the authors of questions here at EE do not understand well enough to distinguish between a good answer and a dangerously incomplete answer.
To anyone in the future who views this question and sees the accepted answer, please stop! Do NOT use external data in a query string. If you do what is shown in the code sample of the accepted answer, you're setting yourself up for a run-time failure.
Here are the man pages you should read to understand why I advise against following the example that was accepted here.
http://php.net/manual/en/language.variables.external.php
http://php.net/manual/en/security.variables.php
"This function must always (with few exceptions) be used to make data safe before sending a query to MySQL."
http://php.net/manual/en/function.mysql-real-escape-string.php
http://php.net/manual/en/mysqli.real-escape-string.php
To anyone in the future who views this question and sees the accepted answer, please stop! Do NOT use external data in a query string. If you do what is shown in the code sample of the accepted answer, you're setting yourself up for a run-time failure.
Here are the man pages you should read to understand why I advise against following the example that was accepted here.
http://php.net/manual/en/language.variables.external.php
http://php.net/manual/en/security.variables.php
"This function must always (with few exceptions) be used to make data safe before sending a query to MySQL."
http://php.net/manual/en/function.mysql-real-escape-string.php
http://php.net/manual/en/mysqli.real-escape-string.php
This example assumes that the script is using MySQL. If it is, in fact, using MySQL, you have a data base conversion coming at you because PHP is removing the MySQL extension. This article will show you what you must do to keep your scripts running. It maps the familiar MySQL to the MySQLi and PDO extensions which will continue to have support in the future.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html
Open in new window
Best of luck with your project, ~Ray