Hi please I am trying to insert data from a url into my data base when I enter data directly, it works but when I try to use the url method it stops working.
Can u please help look through the code and c what i am doing wrong
Heres my code:
$flight_Number = $_GET['FlightNumber'];
$arrival_Status = $_GET['ArrivalStatus'];
$recipient_Email = $_GET['EmailAddress'];
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
***mysql_query("INSERT INTO landed (priKey, flightNumber, arrivalStatus, recipientEmail, confirmStatus)
VALUES ('', '".$flight_Number."','".$arrival_Status."', '".$recipient_Email"' ,'')");***
#mysql_query("INSERT INTO landed (priKey, flightNumber, arrivalStatus, recipientEmail, confirmStatus)
#VALUES ( '', '$_GET[FlightNumber]','$_GET[ArrivalStatus]','$_GET[EmailAddress]', '')");
#mysql_query("INSERT INTO landed (priKey, flightNumber,arrivalStatus, recipientEmail, confirmStatus)
#VALUES ( '', 'AK81','Landed', 'soulreaver19802001@yahoo.com', '')");
echo "Database updated with: " .$flight_Number. " ".$arrival_Status.;
mysql_close($con);
?>
You forgot to add .
after $recipient_Email
.
mysql_query("INSERT INTO landed (priKey, flightNumber, arrivalStatus, recipientEmail, confirmStatus)
VALUES ('', '".$flight_Number."','".$arrival_Status."', '".$recipient_Email."' ,'')")
Escape variables using mysql_real_escape_string otherwise query will if any other variable contain single quote in it and your queries are inviting someone for SQL Injection .
Assuming you're trying to do this from a form, does your form use method="get"
, or method="post"
? If it's using POST, you need to change your PHP from $_GET to $_POST.
I hope this update helps you.
function mysqlConnect($host, $user, $password, $database) {
$con = mysql_connect($host, $user, $password);
if (!$con) die('Could not connect: ' . mysql_error());
mysql_select_db($database, $con);
}
mysqlConnect('localhost','root','123456','transport_db');
$flight_Number = isset($_GET['FlightNumber']);
$arrival_Status = isset($_GET['ArrivalStatus']);
$recipient_Email = isset($_GET['EmailAddress']);
$flight_Number = mysql_real_escape_string($flight_Number);
$arrival_Status = mysql_real_escape_string($arrival_Status);
$recipient_Email = mysql_real_escape_string($recipient_Email);
$results = mysql_query("INSERT INTO landed (priKey, flightNumber, arrivalStatus, recipientEmail, confirmStatus)
VALUES ('', '$flight_Number','$arrival_Status', '$recipient_Email' ,'')") or die('Could not insert record:'.mysql_error());
if($results)
{
echo "Database updated with: $flight_Number $arrival_Status.";
}
mysql_close($con);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.