[php] Inserting current time into a mysql database

ringo747

ringo747

ringo747

Soldato
Joined
1 Feb 2006
Posts
8,188
hi guys as title suggests how can I input the current time into a mysql database?

This is what I have but it doesnt work

Code: 
$sql="INSERT INTO $table_name (title, body, username, time_added)
VALUES
('$_POST[title]','$_POST[body]','$_SESSION[username]', 'now()')";

Probably is some stupid mistake. using the above code inputs 00:00 for each entry

Thnx in advance
 
Think about what would happen if $_POST[title] was:

'; DROP DATABASE; --

Do a google for SQL injection. Then don't ever put variables straight into SQL statements again. Use paramaterized queries
 
growse said:
Think about what would happen if $_POST[title] was:

'; DROP DATABASE; --

Do a google for SQL injection. Then don't ever put variables straight into SQL statements again. Use paramaterized queries
Click to expand...

lol, never heard of that before.. just as well this is only for a uni project and wont actually be going live!

So i should change this:
Code: 
$sql="INSERT INTO $table_name (title, body, username, time_added)
VALUES
('$_POST[title]','$_POST[body]','$_SESSION[username]', 'now()')";

as this:

Code: 
$title = $_POST[title];
$body = $_POST[body];

$sql="INSERT INTO $table_name (title, body, username, time_added)
VALUES
('$title','$body','$_SESSION[username]', 'now()')";


I tihnk i see what your talking about
 
You must log in or register to reply here.
Back
Top Bottom