$name = mysql_real_escape_string(htmlentities($_POST[\'name\'])); $content = mys

Question

$name = mysql_real_escape_string(htmlentities($_POST['name']));
$content = mysql_real_escape_string(htmlentities($_POST['content']));
$submit = mysql_real_escape_string(htmlentities($_POST['submit']));
echo "$username";
if(isset($submit))
{
   if($name && $content){
   $sql = "INSERT INTO posts (title, content, time, owner) VALUES ('$name', '$content', now(), '$username')";
       $result = $mysqli->query($sql);
       if($result){
           echo "Your reply has been saved";
header ('Location: index.php');
       }
       else{
           echo $result;
           echo "problem with query";
       }
   }
   else{
       echo "one or more fields are empty";
   }
}
else
{
   echo "Your reply has been saved, ";

}

Explanation / Answer

The prepared statement for the above code is given below:

Class.forName("oracle.jdbc.driver.OracleDriver");
  
Connection con=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe","system","oracle");
  
PreparedStatement stmt=con.prepareStatement("insert commands");

stmt.setString(1,Values)

please change the values according to your code.

Related Questions

Navigate

• Browse (All)
• Browse #
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.