Hi all,

I am trying to get a grasp of web form data getting passed to PHP, then dumped into a SQL Database (2005).

I have created the form in html. but because the form is an employee application there are a lot of text boxes, radio button, etc etc. I do not want to use that as my starting point to learn the following:

When the user hits submit-outside of the $_Post array what code needs to be put on the PHP form the HTML form submits to?

Does the validation and SQL injection checks get performed here or on the HTML form?

Once the PHP form gets the HTML form data, is there a way to see what was passed?

So I guess what I am asking for is this:

Can someone give me an exaample of say 3 text boxes on a html form-pass it to a PHP form-then dump it into SQL 2005 DB. I have seen a few examples at w3schools and other blogs but for some reason I can not get my head around it. I would like to get this to work, see the data in the DB before I start to do validation and security.

This will be my test environment:

Web server running IIS in DMZ, SQL 2005 on local machine but might want to connect to SQL inside the local network but that I can handle.

I am new to web forms and php. So my understanding is limited but I learn fast so any help is much appreciated.


Do you mean something like this?:

if (!$_POST['submitbutton']) {
<form method="post" action="testform.php">
Text1: <textarea cols="30" rows="4" name="text1"></textarea><br />
Text2: <textarea cols="30" rows="4" name="text2"></textarea><br />
Text3: <textarea cols="30" rows="4" name="text3"></textarea><br />
<input type="submit" name="submitbutton" value="Submit the form" />
} else {
// Retrieving the variables
$text1 = $_POST['text1'];
$text2 = $_POST['text2'];
$text3 = $_POST['text3'];
// Cleaning the variables to prevent injection
$text1 = mysql_real_escape_string($text1);
$text2 = mysql_real_escape_string($text2);
$text3 = mysql_real_escape_string($text3);
// Databaseconfig
$dbuser = "root";
$dbpassword = "";
$dbhost = "localhost";
$database = "main";
$dbconnection = mysql_connect($dbhost,$dbuser,$dbpassword)
 or die("Couldn't connect to server");
$db = mysql_select_db($database,$connection)
 or die ("Couldn't connect to database");
// Making and executing the query
$query = "INSERT INTO table (text1,text2,text3) VALUES ('$text1','$text2','$text3')";
$result = mysql_query($query) or die("Couldn't execute query");
// Showing the result
echo "
The following data has been saved in the database:<br />
Text1: ".$text1."<br />
Text2: ".$text2."<br />
Text3: ".$text3."<br />


Thank you-I will be testing/trying this sometime today or Monday but will be sure to get to you.

Your layout and description of each section made so many light bulbs go on. It is far the best thread I have read while trying to understand how it all works.


Worked like a charm. Thank you again for explaining each step as it took place. I will now apply what I have learned with your sample to the actual web form, test it, and then do/learn some more security considerations as it pertains to HTML/PHP before I take it live.

Anyone who reads what you wrote and how you explained it will benifit. If you have the time, what would be a good tech book to use for PHP at the beginner level. Also-who decides this is solved? me? This was my first post and I am still learning the navigation of this site.

Very grateful for your time,


You're welcome :)

You decide wether the thread is solved or not, if you are satisfied with the answers given, you can mark the thread as solved by clicking the blue "Mark thread as solved" link on the bottem of the thread (only the maker of the thread can do this).

The most books i have read about php are in Dutch, so i can't really suggest any books in English. Perhaps you can search http://www.amazon.com or another booksite for a proper php book.