//Using PDOStatement to protect db from sql injection
// text is the form field you are trying to protect
//We are using $sql here as the object and joke_table is the
// name of the database table we will insert our jokes in.
//Text in here represents the database column that our users
//input will be inserted in.
if (isset($_POST['text'])) {
try {
$pdo= new PDO('mysql:host=localhost;dbname=omo; chaerset=utf8','username','passwrd');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = 'INSERT INTO `joke_table` SET
`text` = :text,
`date` = CURDATE()';
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':text', $_POST['text']);
$stmt->execute();
header('location: thank.php');
} catch (PDOException $e) {
echo 'error in connecting to the database'.$e->getMessage().'in'.$e->getFile().':'. $e->getLine(). $e->getCode();
}
} else {
// use any logic that you would like to happen here
}