Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $hostname = 'localhost';
- $username = 'codinglo_dev';
- $password = 'dev123';
- $database = 'codinglo_dev';
- $con = mysql_connect($hostname, $username, $password) or die(mysql_error()); // I would avoid using or dies for MySQL, but that's just me.
- mysql_select_db($database) or die(mysql_error());
- // We need to sanitize the user input.
- // First mysql_real_escape_string makes sure nothing "unexpected" is going in MySQL.
- // htmlspecialchars removes any HTML formatting that is not needed.
- $name = mysql_real_escape_string(htmlspecialchars($_POST['name']));
- $body = mysql_real_escape_string(htmlspecialchars($_POST['body']));
- $query = mysql_query("INSERT INTO blog (name, body) VALUES('$name', '$body')");
- if(!empty($name) || ($body)) {
- echo 'Message submitted.';
- }
- elseif ($query == true) {
- echo 'Message submitted.';
- }
- else {
- die('Can\'t add empty fields.');
- }
- if(empty($name) || ($body)) {
- die('Can\'t add empty fields.');
- }
- elseif ($query == true) {
- echo 'Message submitted.';
- }
- else {
- die('Entry wasn\'t added');
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement