I am just learning about databases and I want to be able to store user inputs. What would be a basic example on how to get form data and save it to a database using PHP?
Also making the form secure from SQL attacks.
Asked
Active
Viewed 5.2k times
40
-
Check out PDO: http://www.phpro.org/tutorials/Introduction-to-PHP-PDO.html. +1 for wanting to learn to do it right. :) – Herbert Oct 13 '11 at 00:09
-
Its also in the php manual http://php.net/manual/en/pdo.prepared-statements.php – Lawrence Barsanti Oct 13 '11 at 00:32
1 Answers
32
###File sample.html
<form action="sample.php" method="POST">
<input name="sample" type="text">
<input name="submit" type="submit" value="Submit">
</form>
###File sample.php
<?php
if (isset($_POST['submit'])) {
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli = new mysqli('localhost', 'user', 'password', 'mysampledb');
$stmt = $mysqli->prepare("INSERT INTO SampleTable VALUES (?)");
$stmt->bind_param('s', $sample); // Bind $sample to the parameter
$sample = $_POST['sample'] ?? '';
/* Execute prepared statement */
$stmt->execute();
printf("%d Row inserted.\n", $stmt->affected_rows);
}
This is a very basic example. Many PHP developers today are turning to PDO. Mysqli isn’t obsolete, but PDO is much easier, IMHO.
