Comment
Juan
PHP SQL Injection Example,
February 16, 2009 at 8:16 PM
February 16, 2009 at 8:16 PM
I did your code in your example PHP SQL Injection, why do I always get SQL error:Unknown column for surname? here's the code.
<html>
<title>Table for Students</title>
<body ">
<body bgcolor= #6A5ACD>
<form method="post" action="insert.php"
style="border: 4px solid #000000;
width :260px; margin-top:
50px;margin-left: 70px;
padding:20px 20px 20px 20px;
background-color:#DDA0DD ;">
<table cellpadding="5">
<tr >
<td>Firstname</td>
<td> </td>
<td><input type="text" name="name"></td>
</tr>
<tr>
<td>Lastname</td>
<td> </td>
<td><input type="text" name="lname"></td>
</tr>
<tr>
<td>Nickname</td>
<td> </td>
<td><input type="text" name="nname"></td>
</tr>
<tr>
<td>Birth</td>
<td> </td>
<td><input type="text" name="bh"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="submit" value="Add Records"></td>
</tr>
</table>
</form>
<div style="border: 4px solid #000000;
width :800px; margin-top:
50px;margin-left: 70px;
padding:20px 20px 20px 20px ;
background-color: #DDA0DD;">
<?php
$connection = mysql_connect('localhost','root','')
or die("Could not connect: ".mysql_error());
$connection1 = mysql_connect('localhost','root','')
or die("Could not connect: ".mysql_error());
mysql_select_db('pvdorm',$connection)
or die("Error in selecting the database:".mysql_error());
if (isset($_POST['name'])) {
$Firstname=$_POST["name"];
$Lastname=$_POST["lname"];
$Nickname=$_POST["nname"];
$Birth=$_POST["bh"];
$sql="insert into students(firstname,lastname,nickname,birth)
values('".$Firstname."',".$Lastname.",".$Nickname.",".$Birth.")";
mysql_query($sql,$connection)
or exit("Sql Error:".mysql_error());
mysql_close($connection);
}
$sql="Select *from students";
$sql_result=mysql_query($sql,$connection1)
or exit("Sql Error".mysql_error());
$sql_num=mysql_num_rows($sql_result);
echo "<table width=\"200%\">";
echo "<tr>";
echo "<td ><b>Student_id</b></td><td><b>Firstname</b></td>
<td><b>Lastname</b></td><td><b>Nickname</b></td><td><b>Birth</b></td>";
echo "</tr>";
while($sql_row=mysql_fetch_array($sql_result))
{
$student_id=$sql_row["student_id"];
$name=$sql_row["firstname"];
$lname=$sql_row["lastname"];
$nname=$sql_row["nickname"];
$bh=$sql_row["birth"];
echo "<td>".$student_id."</td>";
echo "<td>".$name."</td>";
echo "<td>".$lname."</td>";
echo "<td>".$nname."</td>";
echo "<td>".$bh."</td></tr>";
}
echo "</table>";
mysql_close($connection1);
?>
</div>
</body>
</html>
View All Comments | View Tutorial
<html>
<title>Table for Students</title>
<body ">
<body bgcolor= #6A5ACD>
<form method="post" action="insert.php"
style="border: 4px solid #000000;
width :260px; margin-top:
50px;margin-left: 70px;
padding:20px 20px 20px 20px;
background-color:#DDA0DD ;">
<table cellpadding="5">
<tr >
<td>Firstname</td>
<td> </td>
<td><input type="text" name="name"></td>
</tr>
<tr>
<td>Lastname</td>
<td> </td>
<td><input type="text" name="lname"></td>
</tr>
<tr>
<td>Nickname</td>
<td> </td>
<td><input type="text" name="nname"></td>
</tr>
<tr>
<td>Birth</td>
<td> </td>
<td><input type="text" name="bh"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="submit" value="Add Records"></td>
</tr>
</table>
</form>
<div style="border: 4px solid #000000;
width :800px; margin-top:
50px;margin-left: 70px;
padding:20px 20px 20px 20px ;
background-color: #DDA0DD;">
<?php
$connection = mysql_connect('localhost','root','')
or die("Could not connect: ".mysql_error());
$connection1 = mysql_connect('localhost','root','')
or die("Could not connect: ".mysql_error());
mysql_select_db('pvdorm',$connection)
or die("Error in selecting the database:".mysql_error());
if (isset($_POST['name'])) {
$Firstname=$_POST["name"];
$Lastname=$_POST["lname"];
$Nickname=$_POST["nname"];
$Birth=$_POST["bh"];
$sql="insert into students(firstname,lastname,nickname,birth)
values('".$Firstname."',".$Lastname.",".$Nickname.",".$Birth.")";
mysql_query($sql,$connection)
or exit("Sql Error:".mysql_error());
mysql_close($connection);
}
$sql="Select *from students";
$sql_result=mysql_query($sql,$connection1)
or exit("Sql Error".mysql_error());
$sql_num=mysql_num_rows($sql_result);
echo "<table width=\"200%\">";
echo "<tr>";
echo "<td ><b>Student_id</b></td><td><b>Firstname</b></td>
<td><b>Lastname</b></td><td><b>Nickname</b></td><td><b>Birth</b></td>";
echo "</tr>";
while($sql_row=mysql_fetch_array($sql_result))
{
$student_id=$sql_row["student_id"];
$name=$sql_row["firstname"];
$lname=$sql_row["lastname"];
$nname=$sql_row["nickname"];
$bh=$sql_row["birth"];
echo "<td>".$student_id."</td>";
echo "<td>".$name."</td>";
echo "<td>".$lname."</td>";
echo "<td>".$nname."</td>";
echo "<td>".$bh."</td></tr>";
}
echo "</table>";
mysql_close($connection1);
?>
</div>
</body>
</html>
View All Comments | View Tutorial
Related Tutorial and Articles
If you are facing any programming issue, such as compilation errors or not able to find the code you are looking for.
Ask your questions, our development team will try to give answers to your questions.
Tutorial Topics
