insert a record

<?php $fname =$_POST['firstname']; $lname =$_POST['lastname']; $email = $_POST['email']; $password = $_POST['password']; $contact =$_POST['yourcontact']; $cnic =$_POST['cnic']; $address =$_POST['address']; $type =$_POST['utype']; $gender =$_POST["gender"]; $qry = " insert into user(first_name,last_name,email,password,contact_no,cnic,address,type,gender) values('$fname','$lname','$email','$password','$contact','$cnic','$address','$type','$gender')"; mysqli_query($mysqli,$qry); ?>

2 Responses

This has a security hole, and anyone entering data from the form can inject code directly into your query. Parameterizing your query would be a much better method than directly inserting $_POST data into your raw query.

Write a comment

You can use [html][/html], [css][/css], [php][/php] and more to embed the code. Urls are automatically hyperlinked. Line breaks and paragraphs are automatically generated.