0

I have a date picker JS that outputs the date into the inputField, how do I go about putting that value into a variable as I want to insert it into my database, when I hit submit?

I would assume in my insert statement I would use, INSERT INTO xxxx (id, date) VALUES ($_POST['id'], ANDTHENSOMETHINGHERE)

    <input type="text" size="12" name="datefield"  id="inputField" />
  <?php $datefield = $_POST['datefield'];
  echo $datefield;
  ?>

Above is what I am thinking? but I know I am wrong

Tom
  • 654
  • 2
  • 9
  • 24
  • Use a hidden input field – Benjamin Gruenbaum Jul 29 '13 at 13:35
  • You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Jul 29 '13 at 13:36
  • Im not actually using mysql, Im using postgresql, And I will be looking to add further security to combat against SQL injection once I have the basics of the system working – Tom Jul 29 '13 at 13:43
  • or maybe even drupals form API If I can get my head around it – Tom Jul 29 '13 at 13:43

1 Answers1

0

Give the <input> a name attribute. It will then be submitted with the rest of the data. id is used for client side purposes (associating <label> elements, JS's getElementByID, CSSs # selector, etc).

Quentin
  • 800,325
  • 104
  • 1,079
  • 1,205
  • Ok, I edited and I think that looks better, then I call the name via post in the SQL insert – Tom Jul 29 '13 at 13:38