Specifications
{
echo “You have not entered all the required details.<br>”
.”Please go back and try again.”;
exit;
}
$isbn = addslashes($isbn);
$author = addslashes($author);
$title = addslashes($title);
$price = doubleval($price);
@ $db = mysql_pconnect(“localhost”, “bookorama”, “bookorama”);
if (!$db)
{
echo “Error: Could not connect to database. Please try again later.”;
exit;
}
mysql_select_db(“books”);
$query = “insert into books values
(‘“.$isbn.”’, ‘“.$author.”’, ‘“.$title.”’, ‘“.$price.”’)”;
$result = mysql_query($query);
if ($result)
echo mysql_affected_rows().” book inserted into database.”;
?>
</body>
</html>
The results of successfully inserting a book are shown in Figure 10.4.
If you look at the code for
insert_book.php, you will see that much of it is similar to the
script we wrote to retrieve data from the database. We have checked that all the form fields
were filled in, and formatted them correctly for insertion into the database with
addslashes():
$isbn = addslashes($isbn);
$author = addslashes($author);
$title = addslashes($title);
$price = doubleval($price);
As the price is stored in the database as a float, we don’t want to put slashes into it. We can
achieve the same effect of filtering out any odd characters on this numerical field by calling
doubleval(), which we discussed in Chapter 1, “PHP Crash Course.” This will also take care
of any currency symbols that the user might have typed in the form.
Using MySQL
P
ART II
240
LISTING 10.4 Continued
13 7842 CH10 3/6/01 3:36 PM Page 240