$username = "******";
$password = "******";
$database = "TABLE_NAME";
// Connect to Datebase
mysql_connect(localhost, $username, $password);
// Select Database table
@mysql_select_db($database) or die("Unable to select database");
// SQL QUERY
$query = "SQL COMMAND HERE";
mysql_query($query1);
// PRINT
echo "Hello World!";
// RETRIEVE DATA FROM FORM
$name = $_POST['HTML_ELEMENT_NAME'];
// SQL INJECTION TEST V1
$name = contentCheck($name);
function contentCheck($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
// SQL INJECTION TEST V2
$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}
$data = htmlentities($data, ENT_QUOTES);
return $data;
}
$name = contentCheck($_POST["name"]);
$nickname = contentCheck($_POST["nickname"]);
$gender = contentCheck($_POST["gender"]);
$age = $_POST["age"];
$contactEmail = contentCheck($_POST["contact"]);
$type = $_POST['type'];
$other = contentCheck($_POST["other"]);
$bboyidol = contentCheck($_POST["bboyidol"]);
$reason = contentCheck($_POST["reason"]);
$experience = contentCheck($_POST["experience"]);
$noBreak = contentCheck($_POST["noBreak"]);
$fob = contentCheck($_POST["fob"]);
$option = contentCheck($_POST["option"]);
if ($gender == "male") {
$gender = 'm';
} else {
$gender = 'f';
}
$tp = "";
for ($i = 0; $i < count($type); $i++) {
$tp .= $type[$i] . "|";
}
//This part of code enables users to upload a picture of themselves and store in the current directory
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
$filename = $name . "photo." . $extension;
$dir = 'ProjectPhoto';
$selfie = "{$dir}/{$filename}";
