--- Payne <[EMAIL PROTECTED]> wrote:
> I am working a form to pass information from it to mysql data.
[snip]
> <form name="form1" method="post" action="addlead.php">
> <input name="title" type="text" size="40">
> <input name="f_name" type="text" size="40">
> <input name="l_name" type="text" size="40">
> <input type="submit" name="Submit" value="Submit Information">
> </form>
[snip]
> $sql = "INSERT INTO $table_name
> (leads_id, title, f_name, l_name)
> VALUES
> ('$leads_id', \"$title\", \"$f_name\", \"$l_name\")";
[snip]
> As you can see nothing is being pass
This question comes up a few times a week, so you can probably find a lot of
good information in the archives:
http://marc.theaimsgroup.com/?l=php-general
Read here about register_globals:
http://www.php.net/register_globals
More important than all of this is the security vulnerability you have created.
Never, ever, ever use unfiltered data directly in your SQL statement like that.
Using $_POST['f_name'] instead of $f_name helps you to realize where data is
coming from, but this does you no good if you just blindly trust what the
client sends you. Always verify data from the client; you never know what
they're going to send you.
Hope that helps.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
