|
- <?php
- // 1. Create a database connection
- // 1. Create a database connection
- $connection = mysqli_connect('localhost', 'root', 'dakota02', 'UMUC');
-
-
- //Once we call the mysqli_connect function, the value that it returns is what we
- //have assigned to the variable $connection. It is what is referred to as a handle for the connection.
-
- //will see if connected, if not will quit and display error messages with error.
- //test if connection occured.
- if(mysqli_connect_errno()){
- die("Database connection failed: " .
- mysqli_connect_error() .
- "(" . mysqli_connect_errno() . ")"
- );
- }
-
- ?>
- <?php
-
- if (isset($_POST['submit'])){
- //assign post data to variables
- $first_name = $_POST["first_name"];
- $last_name = $_POST ["last_name"];
- $student_id = $_POST["student_id"];
- }
-
- $stmt = $connection->prepare("INSERT INTO students (first_name, last_name, student_id) VALUES (?, ?, ?)");
- $stmt->bind_param('sss', $_POST['first_name'], $_POST['last_name'], $_POST['student_id']);
- $stmt->execute();
- $stmt->close();
-
-
-
- //test if there was a query error
- if($stmt){
- //success
- echo "Success! Student added to database!";
- }else{
- //failure
- die("Database query failed. " . mysqli_error($connection));
- }
- ?>
-
-
- <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
- <html lang="en">
-
- <head>
- <title>SQL Injection</title>
- </head>
-
- <body>
-
-
-
-
- </body>
- </html>
-
- <?php
- //5.close database connection
- mysqli_close($connection);
- ?>
|
