Databases Reference
In-Depth Information
The alternative to the
GET
method is
POST
. You should always use the
POST
method to
submit confidential information from forms. If you use the
GET
method, any informa-
tion typed into the form—including passwords—will appear in plain view in the
browser's address bar, and in any bookmarks of pages that receive the submitted data.
In the target PHP script, submitted form data is placed in the predefined
$_GET
or
$_POST
array variable, depending on the method that was used to submit the form. For
example, the form variable
artist
would be accessible as
$_GET['artist']
with a form
submitted using the
GET
method, and as
$_POST['artist']
with a form submitted using
the
POST
method. The type of quotes—single or double—does not matter. The
$_GET
and
$_POST
arrays are
superglobal
variables, meaning that they're automatically created
and accessible anywhere in your PHP script.
Let's now consider how
add.php
—the script that's requested—accesses and uses the
values from the form. You can display the values of the
artist
and
album
elements with
the following short script stored in the file
add.php
:
<html>
<body>
<pre>
<?php
print $_GET["artist"] . "\n";
print $_GET["album"];
?>
</pre>
</body>
</html>
When run, this displays the text:
Morrissey
You are the Quarry
Our
add.php
script isn't very useful because it doesn't access the database to add the
form data to it. Here's a new version that does what we want:
<?php
// Connect to the MySQL server
if (!($connection = @ mysql_connect("localhost", "root",
"
the_mysql_root_password
")))
die("Cannot connect");
if (!(mysql_select_db("music", $connection)))
die("Couldn't select music database");
// Add the artist, using the next available artist_id
if (! @ mysql_query(
"INSERT INTO artist (artist_id, artist_name)
SELECT MAX(artist_id)+1, \"{$_GET["artist"]}\" FROM artist",
$connection))
die("Couldn't add artist");
// Discover the artist_id of the row we added
if (!($result = @ mysql_query(
