Language:

Learn how to manipulate MySQL database with PHP

30 August 2009 | In Web | 2 thousand views | By

Click & share: 


php_codeIn this tip we will show you how to insert data in a MYSQL database. Create a database with the following MYSQL statement:

CREATE TABLE `fgts_convoca` (
`id` int(11) NOT NULL auto_increment,
`nome` text collate latin1_general_ci NOT NULL,
`funcao` text collate latin1_general_ci NOT NULL,
`email` text collate latin1_general_ci NOT NULL,
`ip` text collate latin1_general_ci NOT NULL,
`dataaabertura` date NOT NULL default '0000-00-00',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;

Below, draw up a page called ' index.php ' which contains a form with fields name, Function and Email. Direct action This form to a page named ' processa.php '.

Now we will start our insertion script itself.

//Configuro os dados para conexão ao BD
$tabela = "Sua tabela";
$endereco = "Endereço da BD";
$usuario = " Usuario";
$senha = "Senha";
//Estabelece Conexão com a Base de Dados
mysql_connect($endereço, $usuario, $senha);
mysql_select_db($tabela);

This is the beginning of the code. Start with the configuration of access your database. Just fill in the values of the variables $ table, $address, $user $ password agreement with the settings of the access to your MYSQL database.

function protecao($string){
$string = str_replace(" or ", "", $string);
$string = str_replace("select ", "", $string);
$string = str_replace("delete ", "", $string);
$string = str_replace("create ", "", $string);
$string = str_replace("drop ", "", $string);
$string = str_replace("update ", "", $string);
$string = str_replace("drop table", "", $string);
$string = str_replace("show table", "", $string);
$string = str_replace("applet", "", $string);
$string = str_replace("object", "", $string);
$string = str_replace("'", "", $string);
$string = str_replace("#", "", $string);
$string = str_replace("=", "", $string);
$string = str_replace("--", "", $string);
$string = str_replace("-", "", $string);
$string = str_replace(";", "", $string);
$string = str_replace("*", "", $string);
$string = strip_tags($string);
return $string;
}

Then you should declare is function, whose purpose is to protect the data against malicious information insertion. This function can be called in any portion of this code after this Declaration.

//Recebo as variaveis
$nome = trim($_POST['nome']);
$nome = addslashes($nome);
$nome = protecao($nome);
$funcao = trim($_POST['funcao']);
$funcao = addslashes($funcao);
$funcao = protecao($funcao);
$email = trim($_POST['email']);
$email = addslashes($email);
$email = protecao($email);

In this excerpt we received the information from the form and do a check with our function ' protection '. We also use the TRIM function to clean whitespace and ADDSLASHES to add backslashes to information. Taking these precautions the chances of inserting malicious information without permission are slim to none.

//Seleciono o IP
$ip = $_SERVER['REMOTE_ADDR'];
//Gero a data e hora de cadastro
$dataabertura = date("Y-m-d H:i:s");

Now we have selected some information control Optional. The IP of the person who is entering the information and the date and time of insertion.

$sql = mysql_query("INSERT INTO $tabela (nome, funcao, email, dataabertura, ip) VALUES ('".$nome."', '".$funcao."', '".$email."', '".$dataabertura."', '".$ip."')");

In this excerpt we insert data itself using the INSERT INTO statement. You can get more information about manipulating data in the MYSQL reference manual (http://dev.mysql.com/doc/refman/4.1/pt/insert.html).

if(!$sql){
echo "Erro na Inserção: ".mysql_error();
}else{
print "<script type="text/javascript"><!--mce:0--></script>"; //Retorna Alerta de sucesso no processo
print "<script type="text/javascript"><!--mce:1--></script>"; //Aqui indico a página do formulário para o script retornar a ela
}

Here we do a check condition. If the insertion fails, the whole process is stopped and is displayed on the screen an error message stating why the insertion failed. Otherwise, return a alert advising success in process and forward the user to the page of the form.

Now just to let you use this idea and produce their own projects. Even more!

In Ivaiporã-PR, Computer engineer, Workgroup Administrator Tips in General. Passionate about technology and Informatics.



A bit about us

    The Group generally appeared in Tips 2007 from innovative ideas on troubleshooting problems faced daily by those who use the technology and computer science, both ordinary users and technicians. But where did, why and what is the purpose of this site?

Click here to read!

Siga o Dicas em Geral no Google+

Video of the week