Cannot update DB

General PHP Help
#1

Hi there,

I’m new to PHP and I am trying to get the below code to update my DB. I am however receiving the following error message. Any support would be much appreciated…Parse error: syntax error, unexpected ‘"’, expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\xampp\htdocs\babysitter\addprocess.php on line 9

<?php $server = "localhost"; $dbuser = "root"; $password = ""; $link = mysqli_connect($server,$dbuser,$password); mysqli_select_db($link,"babysitter"); $sql = "INSERT INTO babysitter (firstName, lastName, age, gender, nationality) values ($_post["firstname"],$_post["lastname"],$_post["age"],$_post["gender"],$_post["nationality"])"; mysqli_query($link,$sql); mysqli_close($link);
#2

Use single quotes in your post variables and put curly brackets around the post variables. Post should be uppercase $_POST

#3

[member=46186]Kevin Rubio[/member], I am surprised no comment about SQL Injection!

So, OP, use prepared statements! Never insert data directly taken from a user.

#4

Funny you said that, I was just about to post that. I am on my phone so it is hard to do a detailed response. Op as mentioned, you are vulnerable to SQL injection. never ever enter user-supplied data directly into the db. You need to use prepared statements.

  • admin, this site is seriously not mobile friendly.
Sponsor our Newsletter | Privacy Policy | Terms of Service