@Peter and @Chris be easy on the gentleman. He probably already applied a filter and sanitized the $_POST array .. and pasted only the relevant snippet of code.

On 5 August 2010 09:24, Chris Mwirigi <mwirigic@gmail.com> wrote:
i weep for that kinda code



On Thu, Aug 5, 2010 at 12:17 PM, Benjamin <anangwe@gmail.com> wrote:
> Jaribu this one
>
>     <?php
>      /* Connection string which i assume */
>       if($conn === false)
>       {
>         exit("<pre>" . print_r(sqlsrv_errors(), true) . "</pre>");
>       }
>       if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'add-entry')
>       {
>         $your variable a= $_REQUEST['formvalue a'];
>         $your variable b= $_REQUEST['formvalue  b'];
>         $your variable c= $_REQUEST['formvalue c'];
>
>         $sql = "INSERT INTO entries (a, b, c) VALUES (?, ?, ?)";
>         $stmt = sqlsrv_query($conn, $sql, array($your variablea, $your
> variableb, $your variablec));
>
>         if ($stmt === false)
>         {
>           echo "<p>An error has occured.</p>";
>         }
>         else
>         {
>           echo "<p>New entry created.</p>";
>         }
>         sqlsrv_free_stmt($stmt);
>       }
>     ?>
>     <h2>title</h2>
>     <form action="" method="post">
>       <div>
>         <?php
>           $sql = "SELECT * FROM (database).(table)";
>           $stmt = sqlsrv_query($conn, $sql);
>
>           if ($stmt === false)
>           {
>             print_r(sqlsrv_errors());
>           }
>         ?>
>         <label>Project:</label> <select name="project">
>         <?php
>           while($row = sqlsrv_fetch_array($stmt))
>           {
>                echo "<option value=\"$row[id]\">$row[name]</option>";
>           }
>           sqlsrv_free_stmt($stmt);
>         ?>
>         </select>
>       </div>
>       <div><label>a:</label> <input type="text" name="a" /></div>
>       <div><label>b:</label> <input type="text" name="b" /></div>
>       <div><input type="submit" value="Save" /></div>
>       <input type="hidden" name="action" value="add-entry" />
>     </form>
>     <?php
>       sqlsrv_close($conn);
>     ?>
>   </body>
> </html>
>
> _______________________________________________
> Skunkworks mailing list
> Skunkworks@lists.my.co.ke
> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
> ------------
> Skunkworks Server donations spreadsheet
> http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
> ------------
> Skunkworks Rules
> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
> ------------
> Other services @ http://my.co.ke
>
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke