BioRUST Forums - View Single Post

Gjbphp · 08-15-2007

Well, for a start you are suppressing any error that the mysql_query() function might create.

try this:

PHP Code:


			
$result = mysql_query($query) or die(mysql_error());

This will halt the execution of the script and give you the same error that mysql has. For the information not to be going into the database, this will show the problem.

Aside from this, you should really format the variables that are going into the database, otherwise a malicious user could destroy the whole lot. For example:

PHP Code:


			
if (empty($_POST['title'])) {

echo '<p><font color="red">You need to enter a title.</font></p>';

} else {

$title = mysql_real_escape_string($_POST['title']);#see here

}

08-15-2007	#4 (permalink)
Gjbphp PHP Lover Join Date: May 2007 Location: Zug, Switzerland Posts: 90	Well, for a start you are suppressing any error that the mysql_query() function might create. try this: PHP Code: `$result = mysql_query($query) or die(mysql_error());` This will halt the execution of the script and give you the same error that mysql has. For the information not to be going into the database, this will show the problem. Aside from this, you should really format the variables that are going into the database, otherwise a malicious user could destroy the whole lot. For example: PHP Code: `if (empty($_POST['title'])) { echo '<p><font color="red">You need to enter a title.</font></p>'; } else { $title = mysql_real_escape_string($_POST['title']);#see here }`