MySQL query based on user input

-
 
To save from SQL injection attack, use:

1. $search_query = mysql_real_escape_string($_POST['blahblah']);

$query  = "SELECT name, age FROM people WHERE uid = '".$search_query."' LIMIT 0 , 1";
 
2. $search_query = mysqli_real_escape_string($_POST['code']);
 $sql = "select * from user where code='$search_query'";

Comments

Post a Comment

Popular posts from this blog

Script For Login, Logout and View Using PHP, MySQL and Bootstrap

-
Image
I am assuming here that you are familiar with HTML and CSS. I have commented the code with the necessary information in the major part of the code. So you can understand easily. I have also attached the source code so you can download it and use it. Let's start. Note: I have updating this article on my personal blog. The following are the points we will be learn in this article: Creating Database in phpmyadmin. Create connection with MySQL database. Insert, delete and view data from MySQL database. Some Bootstrap components. Sessions in PHP. Files and IDE: Registration Login Logout Welcome Admin_login View_users Db_conection Delete.php I am using PHPStorm for the coding and Bootstrap framework for front end development. Create Database: Create Tables: Create columns in Users table: Crate Admin Table: Create Admin Columns: Registration.php: <html>   <head lang= "en" >      ...
Read more

PHP Ajax Login Validation Tutorial

-
Image
This post explains you about php login with ajax. In this example, first of all we will validate the user details using ajax library and showing the appropriate result. If user enter correct detail (ie:- admin/admin in this example)we will be redirected to the “index.php” and if you will try to directly access “index.php” means without entering the user details you will redirected to “login.php”. Download Link    Demo Link Sample database design for table name contact. This table contains id (primary key), name and age. CREATE TABLE IF NOT EXISTS `user` ( `id` int(11) NOT NULL AUTO_INCREMENT, `uname` varchar(50) NOT NULL `password` varchar(50) NOT NULL, PRIMARY KEY (`id`) ) dbConnect.inc.php Contains database connectivity code $mysql_db_hostname = "Host name"; $mysql_db_user = "UserName"; $mysql_db_password = "Password"; $mysql_db_database = "Database Name"; $con = mysql_connect($mysql_db_hostname, $mysql_db_user, ...
Read more

Insert CheckBox and Radio button Data in MySQL Database Using PHP

-
Image
MY-SQL Code CREATE DATABASE IF NOT EXISTS databasename; CREATE TABLE students( student_name varchar(255) NOT NULL, student_email varchar(255) NOT NULL, student_contact varchar(255) NOT NULL, student_address varchar(255) NOT NULL, stars varchar(25) NOT NULL, sports varchar(25) NOT NULL, gender text(25) NOT NULL, )     Download Code     LIVE DEMO   page- formelements.php   php code <?php $connection = mysqli_connect("localhost", "root", "","formdatainsert"); // Establishing Connection with Server //$db = mysql_select_db("colleges", $connection); // Selecting Database from Server if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL $name = $_POST['name']; $email = $_POST['email']; $contact = $_POST['contact']; $address = $_POST['address']; $sports=implode(' , ',$_POST['sports']); $star=implode(' , ',$_POST['star']); ...
Read more