1

newbie at php here, basically I wish to know how to add data to my mysql table manually using the url.

For example, say I have a table called users which has 3 fields called 'ID', 'username' and 'password'. I wish to add data to the table like this:

http://localhost/register.php?id=1@username=bob@password=123@act=register (I'm not sure if this is entirely right) but yeah something like that.

Any help on how to do this would be much appreciated!

Improve this question
6
  • 4
    Do not use HTTP GET to change the data. Use a POST instead. Commented Apr 22, 2011 at 3:50
  • 1
    I'm not sure if that answers my question :S what exactly do you mean? I'm not trying to change the data, I'm trying to add data by using url, like the example I posted. Commented Apr 22, 2011 at 4:00
  • Yes, its not the answer, the answer(s) will be in the bottom area. Its just a recommendation to follow standard practices. GET is supposed to be idempotent, which means you can do the same operation over and over without any side effects. Imagine doing what you're doing 10x with the same data without impacting the state of your database. Commented Apr 22, 2011 at 4:03
  • 4
    Please research SQL Injection Attacks before you implement this solution. You will thank me for it later. Commented Apr 22, 2011 at 4:10
  • @wes Actually, if he does then he'll never thank you because he'll never get hacked and won't know that he would have otherwise. On the other hand, if he gets owned because doesn't follow your advice, he will wish he had later... :) Commented Apr 22, 2011 at 4:21

4 Answers 4

Reset to default
7 
mysql_connect('localhost', 'mysql_user', 'mysql_password');

mysql_select_db('database');

mysql_query("INSERT INTO table (id, username, password) VALUES ('".mysql_real_escape_string($_GET['id'])."', '".mysql_real_escape_string($_GET['username'])."', '".mysql_real_escape_string($_GET['password'])."')");
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

$query = "insert into users (username, password) values ('".$_GET['username']."','".$_GET['password']."'";

That would be to insert a user based on the act parameter.

Also, usually parameters on a get are split up by "&", not "@".

Improve this answer

1 Comment

when i insert data succesfully then how can i return thats filed id and print it??
2

First of all, if you're saving large data, better to use POST, rather than GET. But if you really need to send data to the server with URL, your URL should be change as below:

You should use '&' in place of '@'

http://localhost/register.php?id=1&username=bob&password=123&act=register

In Server side, you can retrieve the data by following:

$id = mysql_real_escape_string($_GET['id']);

$username = mysql_real_escape_string($_GET['username']); $password = mysql_real_escape_string($_GET['password']);

$sql = mysql_query('INSERT INTO table_name (id, username, password) VALUES ('.$id.', '.$username.', '.$password.'); if(!$sql){ echo "Error " . mysql_error(); }else{ echo "Success"; }

Improve this answer

Comments

2

use

$id  = $_REQUEST['id'];
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$act   = $_REQUEST['act'];

to get values from url

Then usual MySQL

Insert Query

refer

http://dev.mysql.com/doc/refman/5.5/en/insert.html

Improve this answer

4 Comments

+1 Yep $_REQUEST will pull either POST or GET, line 3 and 4 has an extra "=" that isn't needed tho :)
Thanks for notification... typing mistake
Why to retrieve from $_REQUEST if we know it will be exactly in $_POST?
Because if you ever change your input method, you won't have to change your $_POST or your $_GETs code, gives the code a bit of flexibility. Looks like the OP isn't using $_POST anyways he's using $_GET. Anyone who says GET is less secure than POST doesn't realize you can just as easily emulate a POST parameter as you can a GET (using many different methods). You should take the appropriate measures to sanitize the input no matter what input method is used.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.