I have this code in my form:
<form id="addForm" action="php/add-article.php" method="POST" enctype="multipart/form-data">
<table>
<tr>
<td class="tableLeft">Article Photo:</td>
<td class="tableRight"><input id="formPhoto" class="addTextInput" name="photo" type="file" /></td>
<td id="validatePhoto"></td>
</tr>
<tr>
<td class="tableLeft">Article Photo Alt:</td>
<td class="tableRight"><input id="formAlt" class="addTextInput" name="alt" type="text" /></td>
<td id="validateAlt"></td>
</tr>
<tr>
<td class="tableLeft">Article Title:</td>
<td class="tableRight"><input id="formTitle" class="addTextInput" name="title" type="text" /></td>
<td id="validateTitle"></td>
</tr>
<tr>
<td class="tableLeft">Article Body:</td>
<td class="tableRight"><textarea id="formArticle" class="addTextInput" rows="6" name="article"></textarea></td>
<td id="validateArticle"></td>
</tr>
<tr>
<td class="tableLeft"></td>
<td id="validateSending" class="tableRight"></td>
</tr>
<tr>
<td class="tableLeft"></td>
<td class="tableRight"><input id="formSubmit" class="addSubmitInput" type="submit" value="Add This" /></td>
</tr>
</table>
</form>
And this in a php file (add-article.php):
<?php
$time = time();
$id= time().''.mt_rand(1000, 9999);
$year = date("Y");
$path = "../images/$year/";
$title = ucwords($_POST['title']);
$article = $_POST['article'];
$alt = $_POST['alt'];
$extension = end(explode(".", $_FILES["photo"]["name"]));
$added = date("Y-m-d H:i:s");
$views = "0";
?>
<?php
$insert_post_sql = "INSERT INTO articles (id, photo, alt, title, article, added, views) VALUES('$id', '.$extension', '$alt', '$title', '$article', '$added', '$views')";
$insert_post_res = mysqli_query($con, $insert_post_sql);
if(mysqli_affected_rows($con)>0){
move_uploaded_file($_FILES["photo"]["tmp_name"],"$path" . $id . "." . $extension);
header("Location: ../article.php?id=$id");
exit();
}
else{
echo "0";
};
?>
When I run this on my localhost, everything works compltely fine yet when I do it on my live site it echo's 0 and says that photo, alt, title and article are uindefined.
Does anyone know what the reason for this might be?
The main reason should be the move_uploaded_file permission to write in the specified path on the production server.
The problem is from your sql statement... it couldnt find the photo, alt etc... on the table header that is why it returned 0 records, hence, echoing 0 as your program demands....
I edited the last <tr> of your form
<tr>
<td class="tableLeft"></td>
<td class="tableRight"><button id="formSubmit" class="addSubmitInput" type="submit" name="submit">Add This </button></td>
</tr>
Now try below PHP code:
<?php
$time = time();
$id = time() . '' . mt_rand(1000, 9999);
$year = date("Y");
$path = "../images/$year/";
if (isset($_POST['submit'])) {
$title = ucwords($_POST['title']);
$article = $_POST['article'];
$alt = $_POST['alt'];
$extension = end(explode(".", $_FILES["photo"]["name"]));
$added = date("Y-m-d H:i:s");
$views = "0";
$insert_post_sql = "INSERT INTO articles (id, photo, alt, title, article, added, views) VALUES('$id', '.$extension', '$alt', '$title', '$article', '$added', '$views')";
$insert_post_res = mysqli_query($con, $insert_post_sql);
if (mysqli_affected_rows($con) > 0) {
move_uploaded_file($_FILES["photo"]["tmp_name"], "$path" . $id . "." . $extension);
header("Location: ../article.php?id=$id");
exit();
} else {
echo "0";
};
}
?>
Let me know if its working for you now. Regards.
Related
Please help not able to resolve, trying since three days but not able to know what the reason its throwing me such message. (below is my complete code).
<!DOCTYPE html>
<html>
<head>
<title>Insert New Post</title>
</head>
<body>
<form method="post" action="insert_post.php" enctype="multipart/form-data">
<table align="center" border="10" width="600">
<tr>
<td align="center" colspan="5" bgcolor="yellow"><h1>Insert New Post Here</h1></td>
</tr>
<tr>
<td align="right">Post Title:</td>
<td><input type="text" name="title" size="40"></td>
</tr>
<tr>
<td align="right">Post Author:</td>
<td><input type="text" name="author"></td>
</tr>
<tr>
<td align="right">Post image:</td>
<td><input type="file" name="image_name"></td>
</tr>
<tr>
<td align="right">Post Content:</td>
<td><textarea name="content" cols="50" rows="20"></textarea></td>
</tr>
<tr>
<td align="center" colspan="5"><input type="submit" name="submit" value="Publish Now"></td>
</tr>
</table>
</form>
</body>
</html>
Above Form is to insert and submit data in Database
// PHP
<?php
include("includes/connect.php");
if (isset($_POST['submit'])) {
$title = $_POST['title'];
$datenow = date('Y/m/d');
$author = $_POST['author'];
$content = $_POST['content'];
$image_name = $_FILES['image_name']['name'];
$image_type = $_FILES['image_name']['type'];
$image_size = $_FILES['image_name']['size'];
$image_tmp = $_FILES['image_name']['tmp_name'];
if ($title =='' || $author =='' || $content =='') {
echo "<script>alert('Any feild is empty')</script>";
exit();
}
if ($image_type =='image/jpeg' || $image_type =='image/png' || $image_type =='image/gif') {
if ($image_size<=5000000000) {
move_uploaded_file($image_tmp, "images/$image_name");
}
else{
echo "<script>alert('Image is larger, only 50kb size is allowed') </script>";
}
}
else{
echo "<script>alert('image type is invalid')</script>";
}
// insert query
$sth = $con->prepare(" INSERT INTO posts (post_title, post_date, post_author, post_image, post_content) VALUE (:title,:datenow,:author,:image_name,:content) ");
$sth->bindParam(':post_title', $title);
$sth->bindParam(':post_date', $datenow);
$sth->bindParam(':post_author', $author);
$sth->bindParam(':post_image', $image_name);
$sth->bindParam(':post_content', $content);
$sth->execute();
echo "<h1>Form Submited Successfully</h1>";
}
?>
// $sth->execute(); is throwing error massage as above
You are binding wrong values.You haven't bind the post_* values. See below:
$sth = $con->prepare(" INSERT INTO posts (post_title, post_date, post_author, post_image, post_content) VALUES (:post_title,:post_date,:post_author,:post_image,:post_content) ");
$sth->bindParam(':post_title', $title);
$sth->bindParam(':post_date', $datenow);
$sth->bindParam(':post_author', $author);
$sth->bindParam(':post_image', $image_name);
$sth->bindParam(':post_content', $content);
I have made a simple php cms form with database but it does not work properly when I want to submit the form with some dummy data! I don't know why it happens & also I added the mysqli_error() to get the type of error that I'm facing with but I only got this:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '','','')' at line 2
<?php
if (isset($_POST['submit'])){
$post_title = $_POST['title'];
$post_date = date('d-m-y');
$post_author = $_POST['author'];
$post_keywords = $_POST['keywords'];
$post_content = $_POST['content'];
$post_image = $_FILES['image']['name'];
$image_tmp = $_FILES['image']['tmp_name'];
if ($post_title=='' or $post_keywords='' or $post_content='' or $post_author=''){
echo '<script>alert("Some fields are missing")</script>';
}else{
move_uploaded_file($image_tmp,"post_images/$post_image");
$insert_query = "INSERT INTO posts
(post_title,post_date,post_author,post_image,post_keywords,post_content) VALUES ('$post_title','$post_date','$post_author',$post_image','$post_keywords','$post_content')";
$insert_post = mysqli_query($con,$insert_query);
if ($insert_post){
echo '<h3 style="color:green">Post has been added successfully.</h3>';
}else{
echo mysqli_error($con);
}
}
}
?>
<form method="POST" action="" enctype="multipart/form-data">
<table width="600" align="center" border="10">
<tr>
<td align="center"><h6>Insert Post Title</h6></td>
<td align="center"><input type="text" name="title"/></td></br>
</tr>
<tr>
<td align="center"><h6>Insert Post Author</h6></td>
<td align="center"><input type="text" name="author"/></td></br>
</tr>
<tr>
<td align="center"><h6>Insert Post Keywords</h6></td>
<td align="center"><input type="text" name="keywords"/></td></br>
</tr>
<tr>
<td align="center"><h6>Insert Post Image</h6></td>
<td align="center"><input type="file" name="image"/></td></br>
</tr>
<tr>
<td align="center"><h6>Insert Post Content</h6></td>
<td align="center"><textarea name="content" cols="10" rows="10"></textarea></td></br>
</tr>
<tr>
<td align="center"><input type="submit" name="submit" value="Submit"/></td>
</tr>
</table>
</form>
It would be very helpful to me if you share your solution for this problem... thanks!
You are missing a quote just before $post_image:
,$post_image'
Should be:
,'$post_image'
So the complete SQL statement becomes then:
$insert_query = "INSERT INTO posts
(post_title, post_date, post_author, post_image, post_keywords, post_content)
VALUES ('$post_title', '$post_date', '$post_author', '$post_image',
'$post_keywords', '$post_content')";
Please note that you are doing assignments in this if:
if ($post_title=='' or $post_keywords='' or $post_content='' or $post_author=''){
You should be using double == instead of =.
Finally, your code is vulnerable to SQL injection. So please use prepared statements with parameters.
writing if statement in this way is better
// this not always works
if ($post_title=='' or $post_keywords='' or $post_content='' or $post_author=''){
echo '<script>alert("Some fields are missing")</script>';
}
// yeah much better
if (empty($post_title) || empty($post_keywords) || empty($post_content) || empty($post_author)){
echo '<script>alert("Some fields are missing")</script>';
}
and sql mistake most probably because of here
'$post_keywords','$post_content')";
$post_keywords and $post_content is null or empty
Changes
Use empty for check empty variable
Use || instead of or
Check validation for what you are doing. (move_uploaded_file)
Be careful with quotes ($post_image') - This is the bug in your code
Enhance mysqli_error (if (!$insert_post){)
Code
<?php
if (isset($_POST['submit']))
{
$post_title = $_POST['title'];
$post_date = date('d-m-y');
$post_author = $_POST['author'];
$post_keywords = $_POST['keywords'];
$post_content = $_POST['content'];
$post_image = $_FILES['image']['name'];
$image_tmp = $_FILES['image']['tmp_name'];
if (empty($post_title) || empty($post_keywords) || empty($post_content) || empty($post_author))
{
echo '<script>alert("Some fields are missing")</script>';
}
else
{
if (!move_uploaded_file($image_tmp,"post_images/$post_image")) {
echo "Move Failed";
}
else
{
$insert_query = "INSERT INTO posts (post_title,post_date,post_author,post_image,post_keywords,post_content) VALUES ('$post_title','$post_date','$post_author','$post_image','$post_keywords','$post_content')";
$insert_post = mysqli_query($con,$insert_query);
if (!$insert_post){
echo mysqli_error($con);
}
else
{
echo '<h3 style="color:green">Post has been added successfully.</h3>';
}
}
}
}
?>
i am a beginner and am trying to make a form validation with PHP. i want to check if one of the inputs is empty, the form says that the empty input is required.
I show the php script behind.
<?php
$titleErr = $authorErr = $keywordsErr = $contentErr = "";
$title = $author = $keywords = $content = "";
if (empty($_POST["submit"])) {
if(empty($_POST["title"])){
$titleErr = "title is required";
}
if(empty($_POST["author"])){
$authorErr = "author name is required";
}
if(empty($_POST["keywords"])){
$keywordsErr = "keywords are required";
}
if(empty($_POST["content"])){
$contentErr = "This field is required";
}
}
?>
<form method="post" action="insert_post.php">
<table width="600" align="center" border="10">
<tr>
<td align="center" bgcolor="yellow" colspan="6"><h1>Insert New Post Here</h1></td>
</tr>
<tr>
<td align="right">Post Title:</td>
<td><input type="text" name="title" size="38">
<span style="color:red;"><?php echo $titleErr; ?></span>
</td>
</tr>
<tr>
<td align="right">Post Author:</td>
<td><input type="text" name="author" size="38">
<span style="color:red;"><?php echo $authorErr; ?></span>
</td>
</tr>
<tr>
<td align="right">Post Keywords:</td>
<td><input type="text" name="keywords" size="38">
<span style="color:red;"><?php echo $keywordsErr; ?></span>
</td>
</tr>
<tr>
<td align="right">Post Image:</td>
<td><input type="file" name="image"></td>
</tr>
<tr>
<td align="right">Post Content</td>
<td><textarea name="content" cols="30" rows="15"></textarea>
<span style="color:red;"><?php echo $contentErr; ?></span>
</td>
</tr>
<tr>
<td align="center" colspan="6"><input type="submit" name="submit" value="Publish Now"></td>
</tr>
</table>
</form>
</body>
</html>
<?php
include("includes/connect.php");
if(isset($_POST['submit'])){
$title = $_POST['title'];
$date = date('d-m-Y');
$author = $_POST['author'];
$keywords = $_POST['keywords'];
$content = $_POST['content'];
$image = $_FILES['image'] ['name'];
$image_tmp = $_FILES['image'] ['tmp_name'];
move_uploaded_file($image_tmp, "../images/$image");
$query = "INSERT INTO posts (post_title, post_date, post_author, post_keywords, post_image, post_content) VALUES('$title', '$date', '$author', '$keywords', '$image', '$content')";
$result = mysqli_query($conn, $query);
if($query){
echo"<center><h1>Post Published Succesfully!</h1></center>";
}
}
?>
The problem is i want to stop the scrit if the inputs are empty but i can't use functions like: exit() and break;.
and if i submit, the form sends empty values to the database :C.
how can i solve this problem?
We make use of session variables which temporarily stores data locally. To use sessions we must always start sessions by session_start() at the start of every page to be able to access the variables. Now we can store data and pass it to whatever page we want to without having to send it - we just store it and then grab it.
index.php
<?php
session_start();
$titleErr = $authorErr = $keywordsErr = $contentErr = "";
$title = $author = $keywords = $content = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if(empty($_POST["title"])){
$titleErr = "title is required";
}
if(empty($_POST["author"])){
$authorErr = "author name is required";
}
if(empty($_POST["keywords"])){
$keywordsErr = "keywords are required";
}
if(empty($_POST["content"])){
$contentErr = "This field is required";
}
if(!empty($_POST["title"]) && !empty($_POST["author"]) && !empty($_POST["keywords"]) && !empty($_POST["content"])){
$_SESSION["title"] = $_POST["title"];
$_SESSION["author"] = $_POST["author"];
$_SESSION["keywords"] = $_POST["keywords"];
$_SESSION["content"] = $_POST["content"];
$_SESSION["image"] = $_FILES["image"];
header("location: insert_post.php");
exit();
}
}
?>
<form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<table width="600" align="center" border="10">
<tr>
<td align="center" bgcolor="yellow" colspan="6"><h1>Insert New Post Here</h1></td>
</tr>
<tr>
<td align="right">Post Title:</td>
<td><input type="text" name="title" size="38" value="<?php if(isset($_POST['title'])){ echo $_POST['title']; }; ?>">
<span style="color:red;"><?php echo $titleErr; ?></span>
</td>
</tr>
<tr>
<td align="right">Post Author:</td>
<td><input type="text" name="author" size="38" value="<?php if(isset($_POST['author'])){echo $_POST['author']; }; ?>">
<span style="color:red;"><?php echo $authorErr; ?></span>
</td>
</tr>
<tr>
<td align="right">Post Keywords:</td>
<td><input type="text" name="keywords" size="38" value="<?php if(isset($_POST['keywords'])){echo $_POST['keywords']; }; ?>">
<span style="color:red;"><?php echo $keywordsErr; ?></span>
</td>
</tr>
<tr>
<td align="right">Post Image:</td>
<td><input type="file" name="image"></td>
</tr>
<tr>
<td align="right">Post Content</td>
<td><textarea name="content" cols="30" rows="15" value="<?php if(isset($_POST['content'])){echo $_POST['content']; }; ?>"></textarea>
<span style="color:red;"><?php echo $contentErr; ?></span>
</td>
</tr>
<tr>
<td align="center" colspan="6"><input type="submit" name="submit" value="Publish Now"></td>
</tr>
</table>
</form>
</body>
</html>
insert_post.php
<?php
session_start();
include("includes/connect.php");
$title = $_SESSION['title'];
$author = $_SESSION['author'];
$keywords = $_SESSION['keywords'];
$content = $_SESSION['content'];
$date = date('d-m-Y');
$image = $_SESSION['image']['name'];
$image_tmp = $_SESSION['image']['tmp_name'];
move_uploaded_file($image_tmp, "../images/$image");
$query = "INSERT INTO posts (post_title, post_date, post_author, post_keywords, post_image, post_content) VALUES('$title', '$date', '$author', '$keywords', '$image', '$content')";
$result = mysqli_query($conn, $query);
if($query){
echo"<center><h1>Post Published Succesfully!</h1></center>";
}
else{
echo "<center><h1>Error! Post was not published!</h1></center>";
}
echo $title . " " . $author . " " . $keywords . " " . $content;
?>
Btw, you should be using prepared statements for your database inserts to prevent SQL-injections. Read more about it here.
You don't hAve to Break the Script using the Exit Funktion. Just prove if the error variables aren't empty and only in the Case when they aren't empty send a dB-request.
Chenge these lines:
include("includes/connect.php");
if(isset($_POST['submit'])){
to
include("includes/connect.php");
if( isset($_POST['submit']) //Fix here, it will only insert if all error message
&& empty($titleErr) //are empty.
&& empty($authorErr)
&& empty($keywordsErr)
&& empty($contentErr) ){
Edit
And also change this line
if (empty($_POST["submit"])) {
To
if (isset($_POST["submit"])) {
On the init of your script. The empty function will return true if you did not submit the page, that's why you are hving the error messages.
I am trying to upload image and store it in mysql database through php. but no image is storing in database.
<form action="" method="get" name="frmPostImage" class="box" enctype="multipart/form-data">
<table>
<tr>
<td><b>City:</b></td>
<td>
<select name="cityid">
<?php
$sql = "SELECT cityid, cityname, countryname
FROM $t_cities ct
INNER JOIN $t_countries c ON ct.countryid = c.countryid
ORDER BY c.pos, ct.pos";
$res = mysql_query($sql) or die(mysql_error());
while($row=mysql_fetch_array($res))
{
echo "<option value=\"$row[cityid]\"";
if ($row['cityid'] == $_REQUEST['cityid']) echo " selected";
echo ">$row[countryname] > $row[cityname]</option>";
}
?>
</select>
</td>
</td>
</tr>
<tr>
<tr>
<td><b><?php echo $lang['POSTIMG_IMAGE_TITLE']; ?>:</b><span class="marker">*</span></td>
<td><input name="imgtitle" type="text" id="imgtitle" size="55" maxlength="100" value="<?php echo isset($data
['imgtitle']); ?>"><br><img
src="images/spacer.gif"></td>
</tr>
<tr>
<td><b><?php echo $lang['POSTIMG_IMAGE_FILE']; ?>:</b><span class="marker">*</span></td>
<td><input name="img" type="file" size="45"><br><img src="images/spacer.gif"></td>
</tr>
<tr>
<td><b><?php echo $lang['POSTIMG_IMAGE_DESCRIPTION']; ?>:</b></td>
<td><textarea name="imgdesc" type="text" rows="5" cols="54"><?php echo $data['imgdesc']; ?></textarea><br><img
src="images/spacer.gif"></td>
<td> <input type="hidden" name="do" value="save"><button type="submit">Go</button></td>
</tr>
</table>
</form>
and following code to store it into database.
$expiry = time()+($expire_images_after*24*60*60);
$expiry_dt = date("Y-m-d H:i:s", $expiry);
$city = $_REQUEST['cityid'];
// Temporary file name stored on the server
$tmpName = $_FILES['img']['tmp_name'];
$sql = "INSERT INTO $t_imgs
SET imgtitle = '$_GET[imgtitle]',
imgfilename = '$tmpName',
imgdesc = '$_GET[imgdesc]',
postername = '$data[postername]',
cityid = '$city',
ip = '$ip',
verified = '1',
enabled = '1',
createdon = NOW(),
expireson = '$expiry_dt',
timestamp = NOW()";
mysql_query($sql) or die($sql.mysql_error());
if (mysql_affected_rows())
{
// Get ID
$sql = "SELECT LAST_INSERT_ID() FROM $t_imgs";
list($imgid) = mysql_fetch_array(mysql_query($sql));
}
}
?>
<h2><?php echo $lang['POST_IMAGE_SUCCESS']; ?></h2>
i am able to store every other value except the image. tried different combination but nothing worked. Guide me...:)
I think there can be issues with mysql statement:
instead $sql = "INSERT INTO $t_imgs SET imgtitle
you should probably use $sql = "INSERT INTO $t_imgs values (imgtitle, ...);
check here:
http://dev.mysql.com/doc/refman/5.5/en/insert.html
i looking some help and nice attention here..
i bought some php script many years ago and now no suport anymore... i just want to add md5 to password field..
here my form:
<?php
$SQL = "SELECT * from USERS WHERE USERNAME = '$_SESSION[username]'"; $result = #mysql_query( $SQL ); $row = #mysql_fetch_array( $result );
include 'menu.php';
?>
<FORM METHOD="post" ACTION="?page=query_client">
<INPUT TYPE="hidden" NAME="controller" VALUE="USERS~update~account_details&up=1~<?php echo $row[ID]; ?>">
<TABLE CLASS="basictable">
<TR>
<TD CLASS="tdmenu" WIDTH="40%">Username</TD>
<TD CLASS="tdmenu" WIDTH="60%">
<b><?php echo $row[USERNAME]; ?></b>
</TD>
</TR>
<TR>
<TD CLASS="tdmenu" WIDTH="40%">Password *</TD>
<TD CLASS="tdmenu" WIDTH="60%">
<INPUT TYPE="PASSWORD" NAME="PASSWORD" SIZE="40" VALUE="<?php echo $row[PASSWORD]; ?>">
</TD>
</TR>
<TR>
<TD CLASS="tdmenu" WIDTH="40%">Email Address *</TD>
<TD CLASS="tdmenu" WIDTH="60%">
<INPUT TYPE="text" NAME="EMAIL" SIZE="40" VALUE="<?php echo $row[EMAIL]; ?>">
</TD>
</TR>
<TR>
<TD CLASS="tdmenu" WIDTH="40%">Full Name *</TD>
<TD CLASS="tdmenu" WIDTH="60%">
<INPUT TYPE="text" NAME="FULLNAME" SIZE="40" VALUE="<?php echo $row[FULLNAME]; ?>">
</TD>
<TR>
<TD CLASS="tdmenu" WIDTH="40%">Address *</TD>
<TD CLASS="tdmenu" WIDTH="60%">
<INPUT TYPE="text" NAME="ADDRESS1" SIZE="40" VALUE="<?php echo $row[ADDRESS1]; ?>">
</TD>
</TR>
<BR>
<TABLE CLASS="basictable">
<TR>
<TD CLASS="tdhead2" >
<DIV ALIGN="CENTER"><B>
<INPUT TYPE="submit" NAME="Submit" VALUE="Submit">
</B></DIV>
</TD>
</TR>
</TABLE>
</FORM>
and the
it self as query_client.php inside look like:
<?PHP
#session_start();
$controller = $_POST['controller'];
$pieces = explode("~", $controller);
$table = $pieces[0];
$qt = $pieces[1];
$return = $pieces[2];
$id = $pieces[3];
$hack = $pieces[4];
if ($qt == insert) $qt = 'INSERT INTO';
if ($qt == update) { $qt = 'UPDATE'; $end = "WHERE ID = '$id'"; }
$pre = array_keys( $_POST );
mysql_query ("CREATE TABLE IF NOT EXISTS `$table` (`ID` INT NOT NULL AUTO_INCREMENT , PRIMARY KEY ( `id` ) )");
$count = count($pre); $count = $count - 2;
$sql = "$qt $table SET";
for ($i=0; $i < $count; $i++)
{
$x=$i+1;
$y = $_POST[$pre[$x]];
$d = $y;
mysql_query ("ALTER TABLE `$table` ADD `$pre[$x]` TEXT NOT NULL");
$sql .= " `$pre[$x]` = '$d',";
}
$sql .= " ID = '$id' $end";
$query = mysql_query($sql) or die("$sql_error" . mysql_error());
if (empty($hack)) { } else {
$pieces = explode("/", $hack);
$h0 = $pieces[0];
$h1 = $pieces[1];
$h2 = $pieces[2];
$h3 = $pieces[3];
$h4 = $pieces[4];
$h5 = $pieces[5];
mysql_query ("ALTER TABLE `$table` $h0 $h1 $h2 $h3 $h4 $h5");
$query = mysql_query($sql) or die("$sql_error" . mysql_error());
}
if (isset($_GET[inc])) include "$_GET[inc].php";
?>
so please help me how to add md5 in PASSWORD field?
thanks in advance..
Best to use a salt also - hashing and verification should be done at server - see secure hash and salt for PHP
Some links on writing secure code:
OWASP Top 10 for 2010
PHP Security: Fortifying Your Website
Writing Secure PHP