Insert data into mysql table using PHP help of Parameters Prepared Statements.
Why use parameters in your php applications?
- This is secure
- This is error less
- Faster then any others
Source :
<?php
@$conn = mysqli_connect('localhost','root','','testdb') or die("Please check your database username and password")
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Insert into table</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<style>
#myform
{
width:500px;
margin:20px auto;
-webkit-box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
-moz-box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
box-shadow: 0px 1px 1px 1px rgba(0,0,0,0.15);
}
</style>
</head>
<body>
<div id="myform" class="panel panel-primary">
<div class="panel-heading">
<h1 align="center">My Secure form</h1>
</div>
<div class="panel-body">
<form method="post" enctype="multipart/form-data" action="?">
<div class="form-group">
<label>Name</label>
<input type="text" name="name" class="form-control">
</div>
<div class="form-group">
<label>Email</label>
<input type="text" name="email" class="form-control">
</div>
<div class="form-group">
<label>Contact Number</label>
<input type="text" name="cnum" class="form-control">
</div>
<div class="form-group">
<label>Address</label>
<input type="text" name="add" class="form-control">
</div>
<div class="form-group">
<button class="btn btn-primary" type="submit" name="submit">Submit information</button>
<button class="btn btn-danger" type="reset">Retry</button>
</div>
</form>
<div class="panel-footer">
<?php
if(isset($_POST['submit']))
{
$name = mysqli_real_escape_string($conn, $_POST['name']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$contactn = mysqli_real_escape_string($conn, $_POST['cnum']); $addrs = mysqli_real_escape_string($conn, $_POST['add']);
if($name != "" and $email != "" and $contactn != "" and $addrs != "")
{
$insert = "INSERT INTO infotab(name,email,contact,address) VALUES(?,?,?,?)";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $insert))
{
echo "Opps Technical Problems....";
}
else
{
mysqli_stmt_bind_param($stmt, "ssss", $name, $email, $contactn, $addrs);
mysqli_stmt_execute($stmt);
}
echo "Data Inserted Successfully";
}
unset($stmt);
}
?>
</div>
</div>
</div>
</body>
</html>
Comments
Post a Comment