jeudi 14 décembre 2017

Correct way to insert form data into Database

I'm creating a little e-commerce and one of the first thing i wanna try is insert a form with products information on my database, I tested the connection with a simple insert query directly and it worked:

<html>
<head></head>
<body>

<?php
define('DB_NAME','abita-smoke');
define('DB_USER','root');
define('DB_PASSWORD','');
define('DB_HOST','localhost');

$con = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
if(!$con){
    die("Erro de banco".mysqli_error());
}

if(mysqli_query($con,"INSERT INTO categoria(nomeCategoria) VALUES (\"Rosh\")")){
    echo "Categoria inserida com sucesso";
}

mysqli_close($con);
?>

</body>
<html>

my question is, this does not look secure at all... obviously I will have to split the informations here, but what is the best way to do it ? what should i call from my form ?

this is the form I want to insert into the database

<?php include 'header.php' ;?>
    <form action="produto-controller" method="get">
        <div class="form-group">
            <label for="nomeProduto">Nome Produto</label>
            <input type="text" class="form-control" name="nomeProduto" id="nomeProduto" placeholder="Mangueira de Metal">
        </div>

        <div class="form-group">
            <label for="linkImg">Link da Imagem do Produto</label>
            <input type="text" class="form-control" name="linkImg" id="linkImg" placeholder="Link Imagem produto">
        </div>

        <div class="form-group">
            <label for="categoria">Categoria</label>
            <input type="text" class="form-control" name="categoria" id="categoria" placeholder="1">
        </div>

        <div class="form-group">
            <label for="precoDe">Preço de</label>
            <input type="text" class="form-control" name="precoDee" id="precoDee" placeholder="159,99">
        </div>

        <div class="form-group">
            <label for="precoPor">Preço por</label>
            <input type="text" class="form-control" name="precoPor" id="precoPor" placeholder="99,99">
        </div>

        <div class="form-group">
        <label for="descricao">Descrição</label>
        <textarea class="form-control" name="descricao" id="descricao" placeholder="Descrição comercial do Produto"/></textarea>
        </div>

        <button type="reset" class="btn btn-custom">Resetar</button>
        <button type="submit" class="btn btn-custom">Salvar</button>
    </form>
<?php include 'footer.php' ;?>

I could do this the dumb way, but i prefer not to.. I simply could not find any tutorial talking about the correct way to do it.

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)