$username = "******"; $password = "******"; $database = "TABLE_NAME"; // Connect to Datebase mysql_connect(localhost, $username, $password); // Select Database table @mysql_select_db($database) or die("Unable to select database"); // SQL QUERY $query = "SQL COMMAND HERE"; mysql_query($query1); // PRINT echo "Hello World!"; // RETRIEVE DATA FROM FORM $name = $_POST['HTML_ELEMENT_NAME']; // SQL INJECTION TEST V1 $name = contentCheck($name); function contentCheck($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } // SQL INJECTION TEST V2 $stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?'); $stmt->bind_param('s', $name); $stmt->execute(); $result = $stmt->get_result(); while ($row = $result->fetch_assoc()) { // do something with $row }
$data = htmlentities($data, ENT_QUOTES); return $data; } $name = contentCheck($_POST["name"]); $nickname = contentCheck($_POST["nickname"]); $gender = contentCheck($_POST["gender"]); $age = $_POST["age"]; $contactEmail = contentCheck($_POST["contact"]); $type = $_POST['type']; $other = contentCheck($_POST["other"]); $bboyidol = contentCheck($_POST["bboyidol"]); $reason = contentCheck($_POST["reason"]); $experience = contentCheck($_POST["experience"]); $noBreak = contentCheck($_POST["noBreak"]); $fob = contentCheck($_POST["fob"]); $option = contentCheck($_POST["option"]); if ($gender == "male") { $gender = 'm'; } else { $gender = 'f'; } $tp = ""; for ($i = 0; $i < count($type); $i++) { $tp .= $type[$i] . "|"; } //This part of code enables users to upload a picture of themselves and store in the current directory $temp = explode(".", $_FILES["file"]["name"]); $extension = end($temp); $filename = $name . "photo." . $extension; $dir = 'ProjectPhoto'; $selfie = "{$dir}/{$filename}";