The PHP would look something like this:
<?php
// I assume that these lines establish the mySQL connection, so you don't
need them
// include 'conexion.php';
// $conn=get_db_conn();
$username = ""; // set the username
$password = ""; // set the password
$databasename = ""; // set the database name
try {
$db = new PDO("mysql:dbname=$databasename", $username, $password);
}
catch (PDOException $e) {
die("{error: {$e->getMessage()}}");
}
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
mail("[email protected]","encuestas hotel avandaro","una nueva encuesta
ha sido ingresada de - Nombre: '$_POST[nombre]' Correo: '$_POST[email]'
Habitacion: '$_POST[num_hab]' ");
if (!$_POST['telefono']) {
$_POST['telefono']="0";
}
//this next part is a storage procedure in order to insert all values in
all tables .. how i can change all this script in order to use PDO¨s
$inserta = $db->prepare('
CALL insertados(
:nombre,
:num_hab,
:email,
// ... continue with all of the fields
)'
);
$parameters = array (
'nombre' => $_POST['nombre'],
'num_hab' => $_POST['num_hab'],
'email' => $_POST['email'],
// continue with the rest of the fields
);
try {
$inserta->execute($parameters);
}
catch (PDOException $e) {
die("{error: {$e->getMessage()}}");
}
echo "Datos Agregados Correctamente, Gracias por Ayudarnos a Mejorar
Nuestras Instalaciones";
// gracefully exit the database
$inserta = null;
$db = null;
?>
Note that you will have to finish filling out the SQL and $parameters array.
As far as protecting against SQL injection, this is a good method, but it's
not perfect. If you want to improve it one more step, then you have to
validate all user inputs to the system to make sure that they fit the
format you are expecting (ie. all dates are in the proper format, number
fields don't contain non-numeric characters, email addresses are properly
formatted, etc).
On Saturday, December 22, 2012 2:38:53 AM UTC-5, Chrystopher Medina wrote:
>
> my friend i have this next part.... what it does , is just insert the
> values of a survey. look...
> <?php
>
> include 'conexion.php';
> $conn=get_db_conn();
>
> mail("[email protected] <javascript:>","encuestas hotel
> avandaro","una nueva encuesta ha sido ingresada de - Nombre:
> '$_POST[nombre]' Correo: '$_POST[email]' Habitacion: '$_POST[num_hab]' ");
> if(!$_POST['telefono']){
> $_POST['telefono']="0";
> }
> //this next part is a storage procedure in order to insert all values in
> all tables .. how i can change all this script in order to use PDO¨s
>
> $consulta="call
> insertadatos('$_POST[nombre]','$_POST[num_hab]','$_POST[email]','$_POST[telefono]','$_POST[supo]','$_POST[reserv]','$_POST[medio]','$_POST[botones]','$_POST[recep]','$_POST[tel]'
>
> ,'$_POST[segu]','$_POST[limp]','$_POST[mant]','$_POST[camar]','$_POST[ilum]','$_POST[limpi]','$_POST[funcio]','$_POST[ilu]','$_POST[comentarios]','$_POST[recibi]','$_POST[servibar]','$_POST[alimen]'
>
> ,'$_POST[menu]','$_POST[bebi]','$_POST[ambi]','$_POST[orden]','$_POST[alim]','$_POST[entre]','$_POST[toallas]','$_POST[limareas]'
> ,'$_POST[compis]','$_POST[recibimiento]','$_POST[spareserv]'
>
> ,'$_POST[spaam]','$_POST[calserv]','$_POST[varied]','$_POST[spautilizo]','$_POST[sino1]','$_POST[sino2]');";
>
> $inserta=mysql_query($consulta, $conn);
> if(!$inserta){
> die('Invalid query: ' . mysql_error());
> }else{
> echo "Datos Agregados Correctamente, Gracias por Ayudarnos a Mejorar
> Nuestras Instalaciones";
> mysql_close();
> }
>
> ?>
>
--
You received this message because you are subscribed to the Google Groups
"Google Visualization API" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/google-visualization-api/-/r3s2X0SeD4oJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-visualization-api?hl=en.
