@Pekr: could you tell me after decoding values what is the next step?
i decoded my values which i got from the form! my cgi and html are working ,plz tell me what should i do?
afsa, did you succesfull echo back the decoded form values to the browser andreas told you before?
if so, you have to add your mysql connection parameters to your script., open a mysql port and do an sql insert to your table.
yes TomBon ,i did it ... but there are no values in my database.
can you post your insert command here?
insert db ["insert into data1(oneone,onetwo,onethree,twoone,twothree,threeone,threetwo,threethree) values(?,?,?,?,?,?,?,?)" ]
i know it dose not have any value
i do not know what should i write
You are missing the actual values to insert. Put those in the block after the SQL string.
yes, I see. parameterized inserts are ok but perhaps better make a rejoin.
insert db ["insert into sql-tablename (sql-fieldname) values (?)" cgi-values/cgi-fieldname]
afsa, the last one from andreas is fine.
TomBon, don't encourage people to use rejoin for SQL queries. Definitely use parameterized queries. Building your own queries with rejoin is a sure recipe for SQL injection.
i suggest to get the html+cgi echoing working first, then getting a minimal script that inserts a value into your database working, and then putting the two pieces together by extending your "echo" cgi to insert into the database
brian, made this for year without any problems. also good for beginners.
checking for proper values and a corerct sql syntax should be always done even when parameterized.
Nice to hear, TomBon. Nonetheless, such checking is exactly what parameterized queries do, and I often have to fix errors made by other developers who don't use them. Plus, parameterized queries are a lot quicker on most databases because the query plan gets cached.
It is always a bad idea to suggest to newbie programmers that they not use parameterized queries.
well better first to make him clear whats going up, then make the final. I think he is confused by this examples. btw, how parameterized queries preventing sql injection if not serverside?