08-14-2007
|
#1 (permalink)
|
|
Steven
Join Date: Jun 2005
Location: McAlester, OKlahaoma - United States
Posts: 21
|
Is something wrong?
Is there anything wrong with the code below assuming that there is nothing wrong with any of the included files? The problem is that the information will not submit itno the database, and the table's structure is fine.
PHP Code:
<?php
include ('include/config.php');
include ('include/session.php');
$author = $session->username;
$date = date("M j, y");
if (isset($_POST['submitted'])) {
if (empty($_POST['title'])) {
echo '<p><font color="red">You need to enter a title.</font></p>';
} else {
$title = $_POST['title'];
}
if (empty($_POST['category'])) {
echo '<p><font color="red">You need to enter a category.</font></p>';
} else {
$category = $_POST['category'];
}
if (empty($_POST['question'])) {
echo '<p><font color="red">You need to enter a question.</font></p>';
} else {
$question = $_POST['question'];
}
if ($title && $category && question) {
$query = "INSERT INTO questions (title, author, date, question, category) VALUES ('$title', '$author', '$date', '$queston', '$category')";
$result = @mysql_query($query);
if ($result) {
echo '<p><font color="red">News was added!</font></p>';
} else {
echo '<font color="red"><p>News could not be added! Please try again.</p></font>';
}
} else {
echo '<p><font color="red">Please fill in the appropriate information</font></p>';
}
}
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<p><b>News Title :</b><br />
<input type="input" name="title" size="25" maxlength="60" value="<?php if(isset($_POST['title'])) echo $_POST['title']; ?>" /></p>
<p><b>Name :</b><br />
<input type="input" name="category" size="15" maxlength="35" value="<?php if(isset($_POST['category'])) echo $_POST['category']; ?>" /></p>
<p><b>Message :</b><br />
<textarea rows="7" cols="55" name="question"><?php if(isset($_POST['question'])) echo $_POST['question']; ?></textarea></p>
<p><input type="submit" name="submit" value="Add News" /></p>
<input type="hidden" name="submitted" value="TRUE" /></p>
</form>
__________________
--
Steven
Last edited by basicwe; 08-14-2007 at 10:45 AM.
|
|
|
|
08-14-2007
|
#2 (permalink)
|
|
Sheep Worrier
Join Date: Sep 2003
Location: Portsmouth, UK.
Posts: 4,061
|
What type of error pops up? That might help peeps solve the problem quicker.
__________________
|
|
|
|
|
08-14-2007
|
#3 (permalink)
|
|
Steven
Join Date: Jun 2005
Location: McAlester, OKlahaoma - United States
Posts: 21
|
That's just it...
Quote:
Originally Posted by Man1c M0g
What type of error pops up? That might help peeps solve the problem quicker.
|
That's just it, I do not get any error message. The information just won't submit into the database. So I'm guessing something is wrong with the query, and result variables. I've checked my database's table structure three times now. Everything seems to be fine, but there is just some small thing I'm overlooking that will make me feel ignorant when I realize what the problem is...
__________________
--
Steven
|
|
|
|
|
08-15-2007
|
#4 (permalink)
|
|
PHP Lover
Join Date: May 2007
Location: Zug, Switzerland
Posts: 84
|
Well, for a start you are suppressing any error that the mysql_query() function might create.
try this:
PHP Code:
$result = mysql_query($query) or die(mysql_error());
This will halt the execution of the script and give you the same error that mysql has. For the information not to be going into the database, this will show the problem.
Aside from this, you should really format the variables that are going into the database, otherwise a malicious user could destroy the whole lot. For example:
PHP Code:
if (empty($_POST['title'])) {
echo '<p><font color="red">You need to enter a title.</font></p>';
} else {
$title = mysql_real_escape_string($_POST['title']);#see here
}
|
|
|
|
|
08-16-2007
|
#5 (permalink)
|
|
Steven
Join Date: Jun 2005
Location: McAlester, OKlahaoma - United States
Posts: 21
|
Gjbphp
Gjbphp, what do you suggest I do in order to format my variables?
__________________
--
Steven
|
|
|
|
|
08-16-2007
|
#6 (permalink)
|
|
PHP Lover
Join Date: May 2007
Location: Zug, Switzerland
Posts: 84
|
Quote:
Originally Posted by basicwe
Gjbphp, what do you suggest I do in order to format my variables?
|
Use the following function to format the variables for entry to the database.
PHP Code:
mysql_real_escape_string();
You were using:
PHP Code:
if (empty($_POST['title'])) {
echo '<p><font color="red">You need to enter a title.</font></p>';
} else {
$title = $_POST['title'];
}
I would suggest that you use:
PHP Code:
if (empty($_POST['title'])) {
echo '<p><font color="red">You need to enter a title.</font></p>';
} else {
#here is where I changed something
$title = mysql_real_escape_string($_POST['title']);#see here
}
And then do this for each of your variables. Of course, if magic_quotes is enabled on your server, then you can either turn it off, or you can do the following.
PHP Code:
if( get_magic_quotes_gpc() )
{
$title = stripslashes($_POST['title']);
}
else
{
$title = $_POST['title'];
}
#NOW DO#
$title = mysql_real_escape_string($title);
Of course you can turn this into a function so that you don't have to write out all this code each time 
For more information visit: PHP: mysql_real_escape_string - Manual |
|
|
|
|
08-16-2007
|
#7 (permalink)
|
|
Rusty Bio-Hazard!
Join Date: Sep 2006
Location: Toronto, Ontario, Canada
Posts: 1,026
|
While Gjbphp is absolutely correct about protecting your server from PHP Injection and other malicious hacks, it has no bearing on the problem you are experiencing with your Queries...
We still need an error message to help diagnose the problem and Gjbphp had a helpful suggestion:
Quote:
Originally Posted by Gjbphp
Well, for a start you are suppressing any error that the mysql_query() function might create.
try this:
PHP Code:
$result = mysql_query($query) or die(mysql_error());
This will halt the execution of the script and give you the same error that mysql has. For the information not to be going into the database, this will show the problem. |
Mike. |
|
|
|
|
08-17-2007
|
#8 (permalink)
|
|
Steven
Join Date: Jun 2005
Location: McAlester, OKlahaoma - United States
Posts: 21
|
Thanks.
Thanks, notjustgraphics, but I already took care of the error of my information not going into my database. I had forgot to set auto_increment on the id row, and information kept trying to take the same id number... I was just furthering the subject to see how to improve my variables.
Thanks to bot of you, I appreciate it greatly!
__________________
--
Steven
|
|
|
|
|
08-17-2007
|
#9 (permalink)
|
|
PHP Lover
Join Date: May 2007
Location: Zug, Switzerland
Posts: 84
|
Glad to hear you got the problem fixed  |
|
|
|
|
08-17-2007
|
#10 (permalink)
|
|
Rusty Bio-Hazard!
Join Date: Sep 2006
Location: Toronto, Ontario, Canada
Posts: 1,026
|
Quote:
Originally Posted by basicwe
I had forgot to set auto_increment on the id row, and information kept trying to take the same id number!
|
lol
I did the same thing once...
Good to know you're good to go!
Mike. |
|
|
|
|
08-25-2007
|
#11 (permalink)
|
|
Registered User
Join Date: Aug 2007
Location: Madison, WI, USA, Earth, Sol System, Milky Way
Posts: 1
|
I'm seeing two errors:
Quote:
if ($title && $category && question) {
$query = "INSERT INTO questions (title, author, date, question, category) VALUES ('$title', '$author', '$date', '$queston', '$category')";
$result = @mysql_query($query);
|
1. In the "if" statement, you need a $ on "question"
2. in the values, you mistyped "question" without an "i".
Hope this helps.
__________________
|
|
|
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 04:20 AM. Content Relevant URLs by vBSEO 3.2.0 RC7
|