Hello.
I have a PHP script that executes an INSERT in a table in my database.
The $ _POST array [txt_message] shown in the code should accept JS content, but it gets empty after the submit. It should accept for example a simple alert ('ola')
I looked in the PHP manual how to accept an unsafe string in POST but did not find anything about it.
Thank you in advance for your attention.
<?php
session_start();
include("dados_conexao.php");
if ($_POST)
{
echo 'valor: ' . $_POST['txt_mensagem'];
try { // tenta fazer a conexão e executar o INSERT
$conecta = new PDO("mysql:host=$servidor;dbname=$banco", $usuario , $senha); //istancia a classe PDO
$comandoSQL = "INSERT INTO tb_mensagens (de, para, mensagem) VALUES ('$_POST[txt_de]', '$_POST[txt_para]', '$_POST[txt_mensagem]');";
echo $comandoSQL;
$grava = $conecta->prepare($comandoSQL); //testa o comando SQL
$grava->execute(array());
} catch(PDOException $e) { // casso retorne erro
echo('Deu erro: ' . $e->getMessage());
}
}?>
Form
<form method="POST" >
<label for="de">Para: </label>
<input type="text" name="de">
<label for="para">Para: </label>
<input type="text" name="para">
<label for="mensagem">Mensagem: </label>
<input type="text" name="mensagem">
<button type="submit"> Enviar </button>
</form>