It's been a long time since my last question. I have a HTML user interface with an input from a user and I would like to insert this input into database. It doesn't work and I don't know why... I have used a lot of hints from here, but still nothing.
<form action = ".\addProduct.php" method="post">
<div id="AddProduct" class = "w3-container list w3-animate-left">
<h2>Add Product</h2>
ID: <br>
<input type = "text" name = "ID"/><br>
CName: <br>
<input type = "text" name = "CName"/><br>
<br>
<input type = "submit" value = "Add"/><br>
</div>
</form>
<?php
// MY PHP CODE
if(isset($_REQUEST['Add'])) {
$SQL = "USE sales;"
$SQL = "INSERT INTO customers(ID, CName) values('" . $_POST["ID"] . "', '". $_POST["CName"] . "')";
$result = mysql_query($SQL);
}
?>
Use mysqli instead of mysql. Also sanitize the user input before you input them to the database.
<form action = "addProduct.php" method="post">
<div id="AddProduct" class = "w3-container list w3-animate-left">
<h2>Add Product</h2>
ID: <br>
<input type = "text" name = "ID"/><br>
CName: <br>
<input type = "text" name = "cName"/><br>
<br>
<input type = "submit" name = "Add" value = "Add"/><br>
</div>
</form>
<?php
if(isset($_POST['Add']))
{
$cID = $_POST['ID'];
$cName = $_POST['cName'];
$SQL = "INSERT INTO customers(ID, CName) values('$cID', '$cName')";
$result = mysqli_query($conn,$SQL);
}
?>
你是机器人还是外国人?