World: r4wp

You first check that the value is acceptable for what can be expected. 
This is to prevent SQL injections and other malicious input from 
hackers/innocent users and monkeys using your application. Than you 
insert a SQL command to insert or update  the mysql database just 
like you did when you did with your select statement before.

 mijnquery: "INSERT INTO cms_artikel (titel, tagregel, sectie, toegevoegd, 
 artikel_tekst) VALUES ('"

 mijnquery: append mijnquery rejoin [titel "', '" tagregel "', '" 
 desectie "', '" toegevoegd "', '" artikel-tekst "')"]
 insert db mijnquery

 The names after INTO are the fieldnames of the table cms_artikel 
 the ones after VALUES are the REBOL variables that get replaced by 
 their values

it means i should write like:        query: "INSERT INTO data1 (oneone,onetwo,onethree) 
VALUES ('"

                                                          query: append insert db rejoin [oneone "', '" onetwo "', '" onethree 
                                                          )"]

                                                           insert db query

i am very thankful if you do based on my codes ...

i am too confiused ...

Yes. Do a probe of the query to see if it generates the sql you expected.

I am not doing your code for you. If you want to find someone to 
do it for you post your job in the ~Opportunity section.

i did not say do my code Arnold !!! i wanted only help ... because 
till now whatever guys said  here was not related to form ! my problem 
is only saving value  from form in database ...

Look here:
http://rebol2.blogspot.it/2012/04/how-to-use-rebdb.html
http://www.rebol.net/cookbook/recipes/0012.html
http://rebol2.blogspot.it/2012/01/adress-book.html
http://rebol2.blogspot.it/2011/12/sqlite.html

Any one knows how can we save value from the form into database?
 - sure, Pekr told you how to do it.


Your problem is that you do not do what Pekr told you to do. First, 
you need to create the form. Check: Do you really have the form?

Second, you need to create a CGI script (this is not the form from 
the first point, the form from the first point is not a CGI script). 
Check: do you really have a CGI script ?


Pekr told you that the example you posted was neither the form, nor 
the CGI script.

One more note: your problem is much more elementary than handling 
the database. Before writing data to the database you need to have 
a script accepting (decoding) the data obtained from the form.

Ladislav - thank you. It is apparent, that what afsanehsamim is missing 
is the basic knowledge of how webserver stuff works between the client 
and the server. Examples at rebol.com are pretty straightforward. 
The only chance is to really create a simple example for him ...

Create 2 files. Call the first one e.g. cgi-test.html, and upload 
it to your server. The only thing you have to change is the link 
to your .cgi script in there:

<HTML>
<TITLE>Simple Web Form</TITLE>
<BODY>
<b>Simple Web Form</b><p>
<FORM ACTION="http://www.xidys.com/cgi-bin/cgi-test.cgi">
<INPUT TYPE="TEXT" NAME="Field" SIZE="25"><BR>
<INPUT TYPE="SUBMIT" NAME="Submit" VALUE="Submit">
</FORM>
</BODY>
</HTML>



Create a second file, called cgi-test.cgi (it has to align to how 
you name it in the above source file). Upload it to your cgi working 
directory. Remember to change the first line to contain the path, 
where your REBOL executable is placed:

#!/usr/local/bin/rebcmd -sqc

REBOL []

print join "Content-type: text/plain" newline
start: now/time/precise

submitted: decode-cgi read-cgi
values: construct submitted

prin "Submitted: " print mold submitted
prin "values: " print mold values
prin "values/field: " print mold values/field

print now/time/precise - start
print newline
 

Now go to your URL, and try to submit some values. You can test it 
on my site at: http://www.xidys.com/cgi-test.html

but afsa, honestly - it does not even belong to the database group, 
but to Rebol School group - you seem to miss the basic understanding, 
of how CGI works on the server. Your problem is not in getting the 
value into DB, but handling CGI stuff in general. In above example, 
what you would put into your DB would be values/field ...

Thankyou so much ladislav and Pekr ... guys i  underestand whatever 
you said ... Pekr : you meant i should first decode values after 
that should values save in database? i have two files and both work 
properly! one html and another one is cgi ! i did your codes as well 
... now plz tell me what is the next step ?  As i told you before 
i should save value in database  ,it is one part of my project !!!! 
:(  i did this link  http://www.rebol.com/docs/cgi2.html#section-2
and i underestood ...    http://www.rebol.com/docs/cgi2.html#section-2http://www.rebol.com/docs/cgi2.html#section-2

plz tell me decoding value is not related to saving data ?

then how can i save values ?

do you mean saving result to a file?
it is just a block, you can simple SAVE %file.r RESULT

no ...i mean saving values into database .

use a normal INSERT query.
insert db-port "INSERT INTO table (colA, colB) VALUES (1,2)" 
or 

insert db-port ["INSERT INTO table (colA, colB) VALUES (?,?)" 1 2]

Endo  values should get from form ,it is a big problem till now that 
no one could underestand ...

i did that query before but it is not working

how does it matter where the values come from? it is a totally different 
issue.
try reading
http://www.rebol.com/docs/cgi1.html
http://www.rebol.com/docs/cgi2.html
http://www.rebol.com/docs/cgi-bbs.html

@Pekr: could you tell me after decoding values what is the next step?

i decoded my values which i got from the form! my cgi and html are 
working ,plz tell me what should i do?

afsa, did you succesfull echo back the decoded form values to the 
browser andreas told you before?

if so, you have to add your mysql connection parameters to your script., 
open a mysql port and do an sql insert to your table.

yes TomBon ,i did it ... but there are no values in my database.

can you post your insert command here?

insert db ["insert into data1(oneone,onetwo,onethree,twoone,twothree,threeone,threetwo,threethree) 
values(?,?,?,?,?,?,?,?)" ]

i know it dose not have any value

i do not know what should i write

You are missing the actual values to insert. Put those in the block 
after the SQL string.

yes, I see. parameterized inserts are ok but perhaps better make 
a rejoin.

insert db ["insert into sql-tablename (sql-fieldname) values (?)" 
cgi-values/cgi-fieldname]

afsa, the last one from andreas is fine.

TomBon, don't encourage people to use rejoin for SQL queries. Definitely 
use parameterized queries. Building your own queries with rejoin 
is a sure recipe for SQL injection.

i suggest to get the html+cgi echoing working first, then getting 
a minimal script that inserts a value into your database working, 
and then putting the two pieces together by extending your "echo" 
cgi to insert into the database

brian, made this for year without any problems. also good for beginners.

checking for proper values and a corerct sql syntax should be always 
done even when parameterized.

Nice to hear, TomBon. Nonetheless, such checking is exactly what 
parameterized queries do, and I often have to fix errors made by 
other developers who don't use them. Plus, parameterized queries 
are a lot quicker on most databases because the query plan gets cached.

It is always a bad idea to suggest to newbie programmers that they 
not use parameterized queries.

well better first to make him clear whats going up, then make the 
final.
I think he is confused by this examples.

btw, how parameterized queries preventing sql injection if not serverside?

Non-parameterized queries are an advanced topic for experienced developers, 
though also the subject of the worst coding horror stories :)

well, well :)

but let's first try to help afsan, if his script is running he can 
improve it.

guys ...i am happy :) it is working... tnx a lot  Andreas ...

thank you TomBon and BrianH

nice, good luck with your crossword afsan...

With parameterized queries (even in REBOL) the SQL and the parameters 
are sent separately and combined in the server. The query plan is 
generated only once per query, with the parameter placeholders being 
in the plan. Then the actual parameters are plugged into the plan. 
The next time the parameterized query is called (maybe with differe3nt 
parameter values) the same plan is used and the new parameter values 
are plugged in.

isn't this execution optimation?. in this case a stored procedure 
will help also. how will this prevent from sql injection? compared 
to a concatenated server side sql string?