Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

How do I use mysql_real_escape_string($str) in the below html/php code ? I have

ID: 3920647 • Letter: H

Question

How do I use mysql_real_escape_string($str) in the below html/php code ? I have an example of the way I think the username should look for example: $firstname=check_input(mysql_real_escape_string($_POST["firstname"])); Please use the escape string by inputting in the code below.

<html>
   <head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <link rel="stylesheet" type="text/css" href="chat.css">
   <title>Create Student </title>
</head>
<body>

<?php
  
       if(isset($_POST["CreateSubmit"]))
       {      
                  
          validate_form();              
       }
       else
       {              
           $messages = array();
        show_form($messages);
   }
  
      
function show_form($messages) {       
       // Show the page header
       include('Includes/Header.php');  
       require_once('Includes/Utils.php');      
      
       if (count($messages) > 0 )
      {    
       echo "<p></p>";
       echo "<div><table id='myresults'>";
       echo "<tr>";
        echo "<td>";
        echo "<h2>Warning! Form Entry Errors Exist.</h2>";
       echo "<h4>Please revise based on the following issues and submit again.</h4>";    
       echo "<ol>";


          foreach ($messages as $m)
          {  
           echo "<li> $m </li>";  
          }
          echo "</ol>";
          echo "</td>";
       echo "</tr>";
          echo "</table></div>";  
          echo "<p></p>";
       }
      
       // Assign post values if exist
       $firstname="";
       $lastname="";
       $wsname="";
       $email="";
       if (isset($_POST["firstname"]))
          $firstname=check_input($_POST["firstname"]);
      if (isset($_POST["lastname"]))
          $lastname=check_input($_POST["lastname"]);  
       if (isset($_POST["wsname"]))
          $wsname=check_input($_POST["wsname"]);
       if (isset($_POST["email"]))
          $email=check_input($_POST["email"]);
  
   echo "<p></p>";
   echo "<h2> Request Student Chat Account</h2>";
   echo "<p></p>";     
   ?>
   <h5>Complete the information in the form below and click Submit to create your account. All fields are required.</h5>
   <form name="createstudent" method="POST" action="createStudent.php">  
   <table border="1" width="100%" cellpadding="0" id="mylogin">          
           <tr>
               <td width="157">Firstname:</td>
               <td><input type="text" name="firstname" value='<?php echo $firstname ?>' size="30"></td>
           </tr>
           <tr>
               <td width="157">Lastname:</td>
               <td><input type="text" name="lastname" value='<?php echo $lastname ?>' size="30"></td>
           </tr>
           <tr>
               <td width="157">WebTycho username:</td>
               <td><input type="text" name="wsname" value='<?php echo $wsname ?>' size="30"></td>
           </tr>
           <tr>
               <td width="157">Email:</td>
               <td><input type="text" name="email" value='<?php echo $email ?>' size="30"></td>
           </tr>
           <tr>
               <td width="157"><input type="submit" value="Submit" name="CreateSubmit"></td>
               <td>&nbsp;</td>
           </tr>
   </table>          
   </form>
  
   <?php
} // End Show form

function validate_form()
{
   require_once('Includes/Utils.php');  
   require_once('Includes/FormObjects.php');      
   require_once('Includes/SQLFunctions.php');      
  
   $messages = array();
$redisplay = false;
// Assign values
$firstname = check_input($_POST["firstname"]);
$lastname = check_input($_POST["lastname"]);
$wsname = check_input($_POST["wsname"]);
$email = check_input($_POST["email"]);

// Just check for null values and email format
if (strlen($firstname)==0)
{
      $redisplay = true;
      $messages[]="Please enter your Firstname.";
}       
if (strlen($lastname)==0)
{
      $redisplay = true;
      $messages[]="Please enter your lastname.";
}       
if (strlen($wsname)==0)
{
      $redisplay = true;
      $messages[]="Please enter your WebTycho username.";
}       
if (strlen($email)==0)
{
      $redisplay = true;
      $messages[]="Please enter your Email address.";
}       
if ($redisplay)
{
       show_form($messages);                   
}
else
{
  
   // Show the page header
       include('Includes/Header.php');  
   $student = new StudentClass($firstname,$lastname,$email,$wsname);
   $count = countStudent($student);      
   // Check for accounts that already exist and Do insert
   if ($count==0)
   {        
       $res = insertStudent($student);
       echo "<h3>Welcome to the CS Chat Program!</h3> ";
                echo "<h3>click here to <a href="index.html" >login</a></h3> ";

   }
   else
   {
       echo "<h3>A student account with that WenTycho username already exists.</h3> ";
       echo "<h3>Please <a href="index.html"> login</a> using $wsname </h3>";
   }
  
}

}


?>
</body>
</html>

Explanation / Answer

The mysqli_real_escape_string() function escapes special characters in a string for use in an SQL statement.

Sample Example is given below:

<?php
$con=mysqli_connect("localhost","my_user","my_password","my_db");

// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// escape variables for security
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);

$sql="INSERT INTO Persons (FirstName, LastName, Age)
VALUES ('$firstname', '$lastname', '$age')";

if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "1 record added";

mysqli_close($con);

?>

*** I could not find the definition of check_input() method in th code provided by you. The mysqli_real_escape_string() function returns a SQL string escaping all the special characters. I hope your check_input() method checks for input validation of the escaped string and returns the resultant string. In that case, you can use mysqli_real_escape_string() as shown below.

$firstname = check_input(mysqli_real_escape_string($con, $_POST['firstname']));
$lastname = check_input(mysqli_real_escape_string($con, $_POST['lastname']));

$wsname = check_input(mysqli_real_escape_string($con, $_POST['wsname']));
$email = check_input(mysqli_real_escape_string($con, $_POST['email']));

Related Questions

How do I solve questions 1-6?. I don\'t understand this lab A. EQUILIBRIUM of SO
Question #590977
How do I solve the barbershop problem in C, using pthreads? A barbershop consist
Question #3937825
How do I solve the following problem step by step? and what are the solution? I
Question #2015297
How do I solve the following problem step by step? and what are the solution? I
Question #3106089
How do I solve the following problem step by step? and what are the solutions? I
Question #3103533
How do I solve the following? Nero Drilling stock sells for $20 a share. The ann
Question #2647493
How do I solve the following? Using your answer for Question 2, determine the ma
Question #791122
How do I solve the last part of this problem? The reaction of the weak acid HCN
Question #228203
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
How do I use eulers symplectic algorithm to model planetary bodies using Newton’
Next
How do I use sentinal control loop? PLEASE HELP Applicants applying for a post a

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.