Hmm.
Line 26 - should be $pic_id not pic_id
Line 30 - silly question I know, but is $_SESSION['username'] definately set?
Just tried it on my dev server using the following (slightly modified) code and it works, other than returning a mysql error that the table doesn't exist (as expected):
Code: Select all
<?php
error_reporting(-1);
session_start();
$rating = 1; // $_POST['rating'];
$pic_id = 2; // $_POST['pic_id'];
//Connect and select database
// We'll do the mysql_error() bit on these two as well, the problem could be here
mysql_connect("localhost", "root", "");
if(mysql_error()) {
echo "mysql_connect error: ".mysql_error();
}
mysql_select_db("dev");
if(mysql_error()) {
echo "mysql_select_db error: ".mysql_error();
}
if(!is_numeric($rating) || !is_numeric($pic_id)) {
// either make them a number, or display an error and exit
echo "Either rating or pic_id isn't a valid number";
exit;
}
// Even though we know they're definately numbers, there's no harm in escaping them to be on the safe side!
$rating = mysql_real_escape_string($rating);
$pic_id = mysql_real_escape_string($pic_id);
// Personally, I'd escape $_SESSION['username'] too. Even though it shouldn't be able to be changed by the end-user, you can't guarantee it hasn't been, so best to play it safe
$_SESSION['username'] = 'test';
$username = mysql_real_escape_string($_SESSION['username']);
// Just noticed why your query might not be working... you've removed the wrong quote from around your numbers, instead of taking away the doubles you should have taken away the singles. Actually, in this case, you can take both of them away - because the whole query is inside double quotes, the variables can be parsed inline like this
$query="INSERT INTO comments (pic_id, user, rating) VALUES ($pic_id, '$username', $rating);";
mysql_query($query);
echo "testing";
if(mysql_error()) {
echo "mysql_query error: ".mysql_error();
}
?>
outputs this:
Code: Select all
testingmysql_query error: Table 'dev.comments' doesn't exist
edit: also, my code definately returns errors, so your errors must be being diverted elsewhere for some unknown reason! if the line 26 change doesn't work and $_SESSION['username'] is definately set, it could be worth adding a custom error handler to trap any errors before Apache can redirect them? Something like this:
Code: Select all
function test_error_handler($errno, $errstr, $errfile, $errline, $errcontext) {
print_r($errno); print_r($errstr); print_r($errfile); print_r($errline); print_r($errcontext);
return true;
}
set_error_handler('test_error_handler');