I have a startpoke table, I need to add the name of the pokemon to the name_poke column, in the registration template it looks like this:

<input name='startpoke' type='radio' value='Bulbasaur' class='checkbox' >

And from the server side:

 mysql_query('INSERT INTO startpoke SET name_poke='.$_GET['startpoke']);

tell me what is the error?

    3 answers 3

     mysql_query('INSERT INTO startpoke (name_poke) VALUES ("'.$_GET['startpoke'].'")');
    • try to at least try to solve the problem yourself .. for this you only need to open google.com and type mysql insert in the search box. And you will be happy) - draev
    • Ыыы))))))) - k0mar
    • I think I will soon begin to increase my authority and drive someone to minus) @draev, and your option is non-working) Guess what? - Sh4dow
    • and whom? =) - k0mar
    • @ Sh4dow I'm with you) Regarding the query, I just fixed the sql myself. Transmit directly to bd data from the geta is not gud .. we know) - draev

    Dear and where is the protection? SQL Injection, no one has canceled)

    mysql_real_escape_string();

    • I completely forgot) Thank you - iproger
    • deliberately did not write .. corrected only sql query .. - draev

    OMG)

      if (isset ($ _ GET ['startpoke']))
 $ startpoke = mysql_real_escape_string ($ _ GET ['startpoke']);
 mysql_query ("INSERT INTO startpoke (name_poke) VALUES ('$ startpoke')");
    Oops, I got ahead