ElkArte Community

How to Transfer Data in Web Form to a MySQL Database?

Okay, I've tried this, and failed at getting it to work. Database work, is not my strong point. I have a script, that counts the links for my downloads. I'd like a simple form, to submit them, instead of going into phpMyAdmin.

The original download system, I got from a site, PHPJabbers. One of their unsupported free scripts.
But, it does the job for counting the downloads.

Found the solution.

Do note: insert data from "users" directly in a query is Bad^TM.
Doing this you are open to SQL-injection of any kind.

So you have to either clean anything coming from $_POST (mysqli_real_escape_string (http://php.net/manual/en/mysqli.real-escape-string.php)), or even better if you are "new" to this kind of things, use PDO (http://php.net/manual/en/book.pdo.php) or other database abstraction layers (http://www.doctrine-project.org/2016/01/05/dbal-2-5-4-and-2-4-5.html) and let them handle the sanitization/security for you. ;)

@emanuele, only I can get to the file to submit.
The file is restricted to my IP only.
Even got it where the files can't be indexed, too.

This is usually not a limit to the exploiting of similar unsafe code (https://en.wikipedia.org/wiki/Cross-site_request_forgery), but if you feel safe, good for you. ;)
For all those looking at the code above: be aware it's unsafe.

@emanuele just an aside...
W3Schools (http://www.w3schools.com/php/php_mysql_insert.asp), is where I had gotten that fix from. XD

Also, like said, this form is just for me, no one else can access the submission form.

If you could tell me how to do the $_POST (mysqli_real_escape_string), into that code, I'd be happy to do it. But I can't go the other way, as the way I got it, was the only way it would work.

Ok. It is simply a download page then but you wish to keep a count of  download (or click) for each item. I am not so sure you need to use database jut for that. I somehow believe you can also use a free service like https://github.com/mmilidoni/github-downloads-count. May be @Spuds can answer that github thingy.

That would help, if all my downloads were on GitHub, but they are not.
In fact, the majority are not.

But, like said, there's many ideas I wish could do for this, but there's no actual downloads system, free, with an admin panel to add the files into the database, so had to go with this.

Now this, is what I was looking for, all along!
Thank you! :)