Ok my friend i get It. Thanks a lot. So tell me. I can validate tía
values beforesubmit them. Or i Have to validate them in the servir side
El dic 22, 2012 10:27 a.m., "asgallant" <[email protected]>
escribió:
> The PHP would look something like this:
>
> <?php
> // I assume that these lines establish the mySQL connection, so you don't
> need them
> // include 'conexion.php';
> // $conn=get_db_conn();
>
> $username = ""; // set the username
> $password = ""; // set the password
> $databasename = ""; // set the database name
>
> try {
> $db = new PDO("mysql:dbname=$databasename", $username, $password);
> }
> catch (PDOException $e) {
> die("{error: {$e->getMessage()}}");
> }
> $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
>
> mail("[email protected]","encuestas hotel avandaro","una nueva
> encuesta ha sido ingresada de - Nombre: '$_POST[nombre]' Correo:
> '$_POST[email]' Habitacion: '$_POST[num_hab]' ");
> if (!$_POST['telefono']) {
> $_POST['telefono']="0";
> }
>
> //this next part is a storage procedure in order to insert all values in
> all tables .. how i can change all this script in order to use PDO¨s
>
> $inserta = $db->prepare('
> CALL insertados(
> :nombre,
> :num_hab,
> :email,
> // ... continue with all of the fields
> )'
> );
>
> $parameters = array (
> 'nombre' => $_POST['nombre'],
> 'num_hab' => $_POST['num_hab'],
> 'email' => $_POST['email'],
> // continue with the rest of the fields
> );
>
> try {
> $inserta->execute($parameters);
> }
> catch (PDOException $e) {
> die("{error: {$e->getMessage()}}");
> }
> echo "Datos Agregados Correctamente, Gracias por Ayudarnos a Mejorar
> Nuestras Instalaciones";
>
> // gracefully exit the database
> $inserta = null;
> $db = null;
> ?>
>
> Note that you will have to finish filling out the SQL and $parameters
> array.
>
> As far as protecting against SQL injection, this is a good method, but
> it's not perfect. If you want to improve it one more step, then you have
> to validate all user inputs to the system to make sure that they fit the
> format you are expecting (ie. all dates are in the proper format, number
> fields don't contain non-numeric characters, email addresses are properly
> formatted, etc).
>
>
> On Saturday, December 22, 2012 2:38:53 AM UTC-5, Chrystopher Medina wrote:
>>
>> my friend i have this next part.... what it does , is just insert the
>> values of a survey. look...
>> <?php
>>
>> include 'conexion.php';
>> $conn=get_db_conn();
>>
>> mail("salvad...@hotmail.**com","encuestas hotel avandaro","una nueva
>> encuesta ha sido ingresada de - Nombre: '$_POST[nombre]' Correo:
>> '$_POST[email]' Habitacion: '$_POST[num_hab]' ");
>> if(!$_POST['telefono']){
>> $_POST['telefono']="0";
>> }
>> //this next part is a storage procedure in order to insert all values in
>> all tables .. how i can change all this script in order to use PDO¨s
>>
>> $consulta="call insertadatos('$_POST[nombre]',**
>> '$_POST[num_hab]','$_POST[**email]','$_POST[telefono]','$_**
>> POST[supo]','$_POST[reserv]','**$_POST[medio]','$_POST[**
>> botones]','$_POST[recep]','$_**POST[tel]'
>> ,'$_POST[segu]','$_POST[limp]'**,'$_POST[mant]','$_POST[camar]**
>> ','$_POST[ilum]','$_POST[**limpi]','$_POST[funcio]','$_**
>> POST[ilu]','$_POST[**comentarios]','$_POST[recibi]'**
>> ,'$_POST[servibar]','$_POST[**alimen]'
>> ,'$_POST[menu]','$_POST[bebi]'**,'$_POST[ambi]','$_POST[orden]**
>> ','$_POST[alim]','$_POST[**entre]','$_POST[toallas]','$_**POST[limareas]'
>> ,'$_POST[compis]','$_POST[**recibimiento]','$_POST[**
>> spareserv]'
>> ,'$_POST[spaam]','$_POST[**
>> calserv]','$_POST[varied]','$_**POST[spautilizo]','$_POST[**
>> sino1]','$_POST[sino2]');";
>>
>> $inserta=mysql_query($**consulta, $conn);
>> if(!$inserta){
>> die('Invalid query: ' . mysql_error());
>> }else{
>> echo "Datos Agregados Correctamente, Gracias por Ayudarnos a Mejorar
>> Nuestras Instalaciones";
>> mysql_close();
>> }
>>
>> ?>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Google Visualization API" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-visualization-api/-/r3s2X0SeD4oJ.
> To post to this group, send email to
> [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/google-visualization-api?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Google Visualization API" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-visualization-api?hl=en.
