some questions which im curious about are:

when im using a form with method: post,

1) is it possible that when i click a button i search for a PHP function in the same file?
i.e. action is not included in the form tag

2) is it possilbe that when i click a button i search for a PHP function in another file? i.e. action="ANOTHERFILE.php"?

3) if i have to use action="ANOTHERFILE.php", how do i get back to the original php file?

XDD <3

code s issa, u jahdem, avolja mux kif nixtieq jien: (and yes ofc, i am starting the mysql_connect() )

<form action="insert.php" method="post" >
<input type="text" name="txtName" />
<input type="text" name="txtSurname" />
<input type="submit" name="btnSubmit" value="Submit"/>
</form>

<b>Drivers:</b><br />

<?php
if (!$con)
{
die ("Could not connect: " . mysql_error());
}

mysql_select_db("hellodb", $con);

$select = "SELECT * FROM users";

$result = mysql_query($select);

if (!$result)
{
die ('Error: ' . mysql_error());
}
else
{
$i = 1;
while ($row = mysql_fetch_array($result))
{
echo $i . ") " . $row['user_name'] . " " . $row['user_surname'];
echo "<br />";
$i++;
}
}

mysql_close($con);
?>

while in the insert.php file i have:

<?php
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("hellodb", $con);

$insert = "INSERT INTO users (user_name, user_surname) VALUES ('" . $_POST[txtName] . "', '" . $_POST[txtSurname] . "')";

if (!mysql_query($insert, $con))
{
die ('Error: ' . mysql_error());
}

mysql_close($con);
?>

u can use headers to go back .. make sure dont do spaces between <? php tag and the header .. and the <? should be first line with no spaces ...

remember killy .. trying to fix my bug for 20mins lol .. it was a space at the start :\

igifieri ma jistax ikollok file ezempju insert.php biex tuza lilu ghal insert god db u jkollok xeba functions fih, u tikkolja liem function trid int according to which button clicked? :s

allahares toqod tamel php file ghal kull insert jew select li trid tamel minn god db

u tall headers provajta u ghalxejn :/

qed itellali dak l error li ghandi l white spacing meta actually mandi xej...

header("Location: /mrc/index.php");

Originally posted by hex4

allahares toqod tamel php file ghal kull insert jew select li trid tamel minn god db


yeah good point ga innutajtha u adt hmm :/

ghal log in halliha ax tipo dejjem ek ikun jitfak go site ohra fej jiccekja il-login imbad jibatek lura to the main page tipo

heq ifem registers ekk ikunu (jitfak site ohra register successful), posting uek (insert) hu minn awnek (newreply.php) jibatlek site ohra thanks for posting uek. guess li hekk iridu jigu ta

Originally posted by MaRkDeLf
yeah good point ga innutajtha u adt hmm :/

ghal log in halliha ax tipo dejjem ek ikun jitfak go site ohra fej jiccekja il-login imbad jibatek lura to the main page tipo

heq ifem registers ekk ikunu (jitfak site ohra register successful), posting uek (insert) hu minn awnek (newreply.php) jibatlek site ohra thanks for posting uek. guess li hekk iridu jigu ta

jaq :x

ghax immagina andek s super admin jista jamel kollox: edit, delete, insert ghal kull haga li hemm fis site... l qahba man

Originally posted by MaRkDeLf

ghal log in halliha ax tipo dejjem ek ikun jitfak go site ohra fej jiccekja il-login imbad jibatek lura to the main page tipo

heq ifem registers ekk ikunu (jitfak site ohra register successful), posting uek (insert) hu minn awnek (newreply.php) jibatlek site ohra thanks for posting uek. guess li hekk iridu jigu ta

u can also make the login system in the login page itself,

by making an action="samepage.php" then in the beginning of ur samepage.php , fuq nett,

if ( isset($_POST['submit'] ) )
{
authentication procedure here
}

To use a file with functions you can include it in the file you want to use the functions in, using include(), include_once(), require() or require_once(). Google to see their differences

that would the the equivalent of "using" in C#, or doing an import in Java

Note: when you include() a file the code inside the file will be exeucted at once, unless it is a function in whichc ase it has to be called. So best thing to do:
- create a file with functions that do what you want.. like connecting, inserting, deleting, editing from DB etc,
- include the file in the .php you want to use it from
- call the function with paramters obtained from the form (or wherever)

header() tintuzha biex tibat HTTP headers, wahda minnhom hija redirect (li mandekx bzonnha biex tinkludi file)

Another thing.. Doing something like:

$insert = "INSERT INTO users (user_name, user_surname) VALUES ('" . $_POST[txtName] . "', '" . $_POST[txtSurname] . "')";

= SQL injections. use:

$name = mysql_real_escape_string($_POST[txtName]);

then use $name in the query. mysql_real_escape_string() cleans up the text so it does not include any SQL statements (which would have been put by teh h4x0r).

You should also validate your input anyway

Happy PHPing

most input can be validated by the ctype_ functions anyway, so that should beat sql injection anyway.

the prob may arise when u want to create some sort of a message board or comment box.

Originally posted by ki||fr0g
Another thing.. Doing something like:

$insert = "INSERT INTO users (user_name, user_surname) VALUES ('" . $_POST[txtName] . "', '" . $_POST[txtSurname] . "')";

= SQL injections. use:

$name = mysql_real_escape_string($_POST[txtName]);

then use $name in the query. mysql_real_escape_string() cleans up the text so it does not include any SQL statements (which would have been put by teh h4x0r).

You should also validate your input anyway

Happy PHPing

thanks for that tip killfrog

aw tini msn ha nkellmek naqa hemm jekk jogbok.... mur ara x andek x tamel f hajtek int :p

Originally posted by Dragunu
most input can be validated by the ctype_ functions anyway, so that should beat sql injection anyway.

the prob may arise when u want to create some sort of a message board or comment box.

The ctype functions can be used to validate the type, e.g. making sure that a telephone number contains only digits. However the only _safe_ way to clean form input is through the mysql_real_escape_string() function. It also does stuff such as formatting the SQL depending on your MySQL collation.

So you should basically
1) clean input with mysql_real_escape_string()
2) validate with ctype
3) validate with bounds checking etc.

Forums and message boards are a problem yes, you'd have to stay stripping out tags you don't want (with the strip_tags function). Forums (especially phpBB) get hacked frequently cos they allow stuff like JavaScript.

hex4 i have your MSN but i'm never on it during the day :p