1

I have made a form where user post data like names product and links. For validation I am using FILTER_VALIDATE_URL. Now what i want is after validation only host insert into database. like https://www.google.com. Only www.google.com insert in database. For doing this i am using 

$website = var_dump(parse_url($websitex, PHP_URL_HOST));

$sql = "INSERT INTO test (Name, Contact, Product) Value ($name, $website, $product)
$result = mysqli_query($dbc_conn, $sql);

Now the problem the host data not going into database plus the host array show into the screen. What i want is only host data insert and array not show on the screen.

Lawrence Cherone
  • 46,049
  • 7
  • 62
  • 106
Ashley
  • 141
  • 1
  • 7
  • `var_dump` returns `void`, also your open to sql injections. – Lawrence Cherone Nov 26 '17 at 10:56
  • simple english please .. – Ashley Nov 26 '17 at 10:57
  • RTM: http://php.net/manual/en/function.var-dump.php – Lawrence Cherone Nov 26 '17 at 10:57
  • Basically stop using `var_dump`, problem solved. – Lawrence Cherone Nov 26 '17 at 10:58
  • Just remove `var_dump()`. It's not clear what you *thought* that function does, but the behavior you describe is exactly what it does. You should also look into prepared statements with query parameters to address your SQL injection vulnerability. – David Nov 26 '17 at 10:58
  • yes well for sql injection i didn't mention here mysql_real_escape.. any better solution – Ashley Nov 26 '17 at 10:59
  • Okay let me check .. – Ashley Nov 26 '17 at 10:59
  • @Ashley, `mysql_real_escape_string` is not a sufficient prevention. Take a look here: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – David Nov 26 '17 at 11:00
  • no .. array is still showing after submitting. I am doing like this $website = parse_url($websitex, PHP_URL_HOST);. – Ashley Nov 26 '17 at 11:05
  • @Ashley: Do you know what `parse_url()` returns? https://secure.php.net/manual/en/function.parse-url.php It's an array. Are you inserting *the array* into your SQL? Or an element from the array? – David Nov 26 '17 at 11:07
  • At first i need to validate the link and then for inserting only host in database thats why i used parse_url so as you said inserting an array into sql .. yes – Ashley Nov 26 '17 at 11:10

0 Answers0