And it works fine, but when i try to insert into table, nothing happen and only ip address is inserted.
$ip_address = $_SERVER['REMOTE_ADDR'];
mysql_query("insert into person(title,date,ip) values('".$_GET['title']."','".$_GET['date']."','$ip_address')")
or die(mysql_error());
What does your link in the first page look like when you hover over it in your browser? Specifically, I’m wondering whether you should be using this bit
&
as part of the URL, or whether you should just use a plain & - I suspect the latter. I think it should read
Inserting should always be used when there is a $_POST involved. The whole purpose of $_GET is to get the data. Not insert it. Yes, it’s possible to insert data using $_GET, but you are simply allowing hackers or any average Joe to insert random stuff into your database. If you don’t escape user inputs or use prepared statements, you’re telling an average Joe “Hey, come over to my website. Break my website and take my credit card info. Take my home address will you?”
That’s what you are telling the average Joe if you aren’t securely using PHP. If you don’t use either prepared statements or escaping the user inputs, you allow users to put into your database anything they want. Heck, if you don’t even check for user inputs, you’ll see random blank data.
I strongly suggest you abandon the old MySQL_* functions because it’s deprecated and will be removed when web hosting servers support PHP version 5.5. It’s not really that hard switching over really.