Actually I did google and got so many results, but I can't understand, because I'm new in this field.
So what is an easy way that what is PDO, why I should use this, what is SQL injection, etc. with an example?1
Actually now my code is like that.
config.php
<?php
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "";
$mysql_database = "testdb";
$prefix = "";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
mysql_select_db($mysql_database, $bd) or die("Could not select database");
?>
insert.php
<?php
include('config.php');
$account_no = $_POST['account_no'];
$amount = $_POST['amount'];
$save = mysql_query("INSERT INTO tableamount (account_no, amount) VALUES ('$account_no', '$amount',)");
header("location: index.html");
exit();
?>
index.html
<html>
<body>
<form action="amount.php" method="post" enctype="multipart/form-data" name="addroom">
Account Number<br />
<input name="account_no" type="text"/><br />
Amount<br />
<input name="amount" type="text"/><br />
<input type="submit" name="Submit" value="Submit" id="button1" />
</form>
</body>
</html>