Up to this point, we’ve shown you how to query and return results from MySQL. However, all our examples are simple because they don’t take user input and use it in the querying process. Indeed, unless you change the data in the database, the queries we’ve shown produce the same results each time. This section shows you the basics of securely and effectively including user data in the process to customize your query input and output.

Figure 14-2. The HTML entry form shown in the Firefox web browser

Consider an example of an HTML page. Example 14-4 contains a form that’s designed to capture details about a new artist and album to add to the music database.

<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html401/loose.dtd">
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Add an Artist and Album</title>
  </head>
  <body>
    <form action="add.php" method="GET">
      Artist name: <input type="text" name="artist" />
      <br />
      Album name: <input type="text" name="album" />
      <br />
      <input type="submit" />
    </form>
  </body>
</html>

When it’s rendered in the Firefox web browser, the HTML page looks as shown in Figure 14-2. You can see we’ve entered the artist name Morrissey and the album You are the Quarry in the fields.

In our HTML example, the <form> tag has two ...