Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Insert data in to the textbox in PHP Reply To: Insert data in to the textbox in PHP

May 2, 2014 at 10:05 am #169086
__
Participant

Rebuilding my previous reply (thanks for trying, @Paulie_D):

i know it from W3schools.com

Use MDN or sitepoint. PHP.net is the #1 place for php issues. Good SQL sites are harder to find, but you might try SQLZOO.net, SQLCourse.com, or FirstSQL.com. And SQLfiddle.com is great for testing your queries.

$con = mysql_connect(“localhost”,”root”,””);

  • Do not learn the mysql_* functions.

They are deprecated and have been outdated for over ten years. They are inefficient, do not support modern MySQL features, and make security difficult.

Learn PDO or MySQLi instead.

$name=$_POST['name'];

$sql=”insert into emp_data values(”,’$name’

  • Never put user-supplied data directly into an SQL statement. This creates a security risk called SQL Injection.

Remember, “Never Trust User Input.” Always assume your user is going to either (a) make a mistake, or (b) attack your website. Validate all user input (make sure it is the data it is supposed to be), and Sanitize it (make it safe to use in SQL) before using it.

Both PDO and MySQLi support prepared statements, which can completely prevent SQL Injection attacks.

Also, you should always explicitly list column names in queries. Using “*” is okay for dev/testing, but your finished code should list each column you use by name (even if you’re using _all_ of them). This makes mistakes harder and maintenance easier.

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>

There’s no reason (at all) to use older, confusing DTDs. The HTML5 version triggers standards mode as well as (or better) than any other html doctype can, and is much easier to type:

<!doctype html>

If you want to continue using the xhtml serialization, you can, though -again- there is really no reason to (in fact, unless you’ve gone to significant lengths, browsers are going to treat it as “broken html” and not as xml anyway).

When you write PHP code, you can sort it into two basic categories: (1) program logic and processing (e.g., conditional statements, database queries, manipulating info), and (2) templating code (i.e., anything that produces output to the browser).

If your PHP is nothing but templating, that’s fine; but when you start adding actual programming logic into it, you should make sure all of that logic goes first, and all of the output goes last.

For example, you start your php script by outputting HTML markup. Later, you query your database. What if there’s an error? You can’t “take back” or “rewrite” the HTML you’ve already shown to the user. You won’t be able to recover from the error; and the user will be stuck with a broken page.

Codedumps are the worst!

Agreed. Small bits of code are fine on the forums (but use the [Inline Code] or [Block Code] formatting buttons!), but larger amounts of code are really hard to read here on css-tricks. Use an online service like pastebin, or make a gist on github.