I want to send the result of $ K from the PHP code code to the MySQL database, but did something wrong so it does not work.

<html> <body > <div class="cub"> <h2>Тест</h2><hr> <br> <form method="POST" action="<?php $_SERVER['PHP_SELF'];?>"> <input type="hidden" name="Nota" value="'.$k.'" /> <?php echo $k;

mysql_query ($ sql); $ con = mysql_connect ("localhost", "root", ""); $ db = mysql_select_db ("testare", $ con); if (isset ($ _ POST ['submit'])) {if (isset ($ _ POST ['Nota']))

 mysql_select_db("testare",$con); $sql="INSERT INTO test(nota)VALUES('.$k.')";} ?> <h1> Правильные ответы!</h1> <input type="submit" Value="Отправка"> <br> </form> </div> </body> </html>
  • $ sql = "INSERT INTO test (nota) VALUES ({'$ k'}) Why did $ k be wrapped in {}? - Kirill Korushkin
  • не так что не работает. Those. works? - vp_arth
  • <?php $_SERVER['PHP_SELF'];?> can be removed, does nothing. - vp_arth

1 answer 1

In the $sql="INSERT INTO test(nota)VALUES({'$k'})"; you simply assigned a query expression to a variable, but nowhere did you run it. Requires mysql_query($sql); and wait for someone to pass in the Nota parameter the value 0'}); DROP TABLE test;-- 0'}); DROP TABLE test;-- or something like that.