Reputation: 303
PHP post variables generated in file
I am uploading a comment and subject that is being given to a php file from an HTML form. But I would like to store the name of a file link; the name of the file is $ran2 and is being generated in the php file. Comment:
<tr>
<td><input type="submit" name="submit" value="upload"></td>
</tr>
</table>
<?php
$ran2 = rand () ;
$insert = "INSERT INTO images (image, comment, subject)
VALUES ('".$_POST[$ran2]"', '".$_POST['text']."','".$_POST['subject']."')";
$add_member = mysql_query($insert);
?>
With $_POST[$ran2] I am storing nopthing in the database and would like to store the string $ran2.
Upvotes: 0
Views: 46
Answers (1)
Reputation: 3813
The problem with this is a missing . and the fact that $ran2 is not a member of the $_POST array so you can't call it with $_POST[$ran2]:
$insert = "INSERT INTO images (image, comment, subject)
VALUES ('".$_POST[$ran2]."', '".$_POST['text']."','".$_POST['subject']."')";
missing----^
So it will work if you simply change the variable to $ran2 and get the missing period in there:
$insert = "INSERT INTO images (image, comment, subject)
VALUES ('".$ran2."', '".mysql_real_escape_string($_POST['text'])."','".mysql_real_escape_string($_POST['subject'])."')";
And to second what they are saying in the comments, you really need to switch to using prepared statements in mysqli or PDO.
Upvotes: 2
Related Questions
- PHP script - echoing POSTed variables - Adding info to DB
- php $_POST variable variables
- Defining variables in a php script
- variables go into db without being retrieved through $_POST
- PHP Post Variable
- PHP $_POST and variables
- Submitting post variables from inside a php file
- PHP Post variables
- Posting variables in PHP
- POST variable problem