Page 216 - Open Soource Technologies 304.indd

P. 216

Web Technologies-I

Notes PrepSQL($varMovie) . “, “ .
PrepSQL($varName) . “, “ .
PrepSQL($varGender) . “)”;
function PrepSQL($value)
{
// Stripslashes

if(get_magic_quotes_gpc())
{
$value = stripslashes($value);
}

// Quote

$value = “,” . mysql_real_escape_string($value) . “,”;
return($value);
}

?>
We usually use multiple lines when creating SQL queries, just for the sake of readability. Also
notice that the PrepSQL function will add the quotes around the variable for you. Very handy,
and it also improves readability.
Now that you have a SQL query constructed, run it!

<?php
mysql_query($sql);
?>

In a real-life situation, you should put some error checking on this, but it will do fine for our
purposes.

9.4.5 Program for Processing Form

<?php
if($_POST[‘formSubmit’] == “Submit”)
{

$errorMessage = “”;

if(empty($_POST[‘formMovie’]))
{
$errorMessage .= “<li>You forgot to enter a movie!</li>”;
}

if(empty($_POST[‘formName’]))

210 LOVELY PROFESSIONAL UNIVERSITY

211 212 213 214 215 216 217 218 219 220 221