If this is the simplest database entry in PHP:
XXX.php:
$sql="INSERT INTO table_name (column1, column2, column3,...) VALUES (value1, value2, value3,...)"; so what and how to correctly identify these VALUES in the html-form that the user fills? what attribute?
form.html:
<form action="ХХХ.php" method="post" name="..."> <p><input type="text" name="..." value="..." placeholder="..."></p> ... <p><input type="submit" value="Отправить"></p> 
VALUES is the data that will be recorded in the table. First we enter the name of the table after the VALUES variable (This is obtained from the forums).
$sql="INSERT INTO forma (username) VALUES ('переменная')"; XXX.php:
if(isset($_POST['otpravka'])) { //Принимаем отплавленное с форума $imya = $_POST['username']; $familya = $_POST['surname']; $soobshenie = $_POST['message']; $sql="INSERT INTO forma (username, surname, message) VALUES ('$imya', '$familya', '$soobshenie')"; } form.html:
<form action="ХХХ.php" method="post" name="form"> <p><input type="text" name="username" placeholder="Введите имя"></p> <p><input type="text" name="surname" placeholder="Введите фамилию"></p> <textarea type="text" name="message" placeholder="Введите Сообщение"></textarea> ... <p><input type="submit" name="otpravka" value="Отправить"></p> http://www.quizful.net/post/simplest-form-html-css
Start with YouTube to find out how to learn PHP quickly.
$_POST['message'] variable you will slip the text a'),('xxx',(select password from user where name='admin'),'a . As a result, the value of the variable will be directly in the query text, 2 records will be inserted into the database in $ sql, instead of one and the second one will have the admin user password as the last name. It is clear that the names of the fields and tables will be matched, but will eventually be picked up. will be ? or :msg , and the value of the variable will be safely written to the database as is - MikeSource: https://ru.stackoverflow.com/questions/599277/
All Articles