I posted on my actual code yesterday, and you guys fixed that. Now there's another problem:
I'm trying to build an SQL Sender, consisting of a dialog box for the database name and one for the actual query. Whenever I type something in and hit "Submit Query," nothing happens. The page takes me from mysql_send.php to mysql_send.php?form=yes, like it's supposed to (I think) but nothing happens.
According to my book, it's supposed to take me to a page where it will display all databases if I type SHOW DATABASES into the text box. But nothing happens at all.
My brother got his to work with the exact same code, so I don't think it's a coding problem. I'm pretty sure it's something to do with my computer. Can someone PLEASE help me?
Here's the code, just in case:
<!-- Program Name: mysql_send.php
Description: PHP program that sends an SQL query to the
MySQL server and displays the results.
-->
<html>
<head>
<title>SQL Query Sender</title>
</head>
<body>
<?php
$user="root";
$host="localhost";
$password="";
/* Section that executes query */
if (@$form == "yes")
{
mysql_connect($host,$user,$password);
mysql_select_db($database);
$query = stripSlashes($query) ;
$result = mysql_query($query);
echo "Database Selected: <b>$database</b><br>
Query: <b>$query</b>
<h3>Results</h3>
<hr>";
if ($result == 0)
echo("<b>Error " . mysql_errno() . ": " . mysql_error() . "</b>");
elseif (@mysql_num_rows($result) == 0)
echo("<b>Query completed. No results returned.</b><br>");
else
{
echo "<table border='1'>
<thead>
<tr>";
for ($i = 0; $i < mysql_num_fields($result); $i++)
{
echo("<th>" . mysql_field_name($result,$i) . "</th>");
}
echo " </tr>
</thead>
<tbody>";
for ($i = 0; $i < mysql_num_rows($result); $i++)
{
echo "<tr>";
$row = mysql_fetch_row($result);
for ($j = 0; $j < mysql_num_fields($result); $j++)
{
echo("<td>" . $row[$j] . "</td>");
}
echo "</tr>";
}
echo "</tbody>
</table>";
}
echo "<hr><br>
<form action=$PHP_SELF; method=post>
<input type=hidden name=query value=\"$query\">
<input type=hidden name=database value=$database>
<input type=submit name=\"queryButton\" value=\"New Query\">
<input type=submit name=\"queryButton\" value=\"Edit Query\">
</form>";
unset($form);
exit();
}
/* Section that requests user input of query */
@$query = stripSlashes($query);
if (@$queryButton != "Edit Query")
{
$database = " ";
$query = " ";
}
?>
<form action=<?php echo $PHP_SELF ?>?form=yes method="post">
<table>
<tr>
<td align="right"><b>Type in database name</b></td>
<td>
<input type=text name="database" value=<?php echo $database ?> >
</td>
</tr>
<tr>
<td align="right" valign="top"><b>Type in SQL query</b></td>
<td><textarea name="query" cols="60" rows="10"><?php echo $query ?></textarea>
</td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Submit Query"></td>
</tr>
</table>
</form>
</body>
</html>
If someone can help me, it would be HUGE.
We've Got A Problem...
Moderator: General Moderators
First off... quote your values in your HTML. If you get a space in there, that will mess quite a few browsers up. Second, I dont' know how your server is setup, but you might want to start coding as if register_globals is turned off. If you are unsure about this, please read http://php.net/register-globals as well as http://php.net/variables.external You need to start using the super globals for form values and such. Hope that helps.
-
King James
- Forum Newbie
- Posts: 7
- Joined: Thu Aug 21, 2003 3:12 pm
-
King James
- Forum Newbie
- Posts: 7
- Joined: Thu Aug 21, 2003 3:12 pm
You did quote most of your values in HTML. He means that some of your HTML that looks like this:
should be written as this:
As for register_globals, do you understand the following example?
(Taken from http://www.php.net/register_globals)
Code: Select all
<input type=hidden name=database value=$database>Code: Select all
<input type="hidden" name="database" value="$database">(Taken from http://www.php.net/register_globals)
Also I'm pretty sure that if you define a variable inside of a function and then close that function you cannot use it in the rest of the script. This is because when register_globals = off, it will not be initialized correctly. Please correct me if im wrong.When register_globals = on, our logic above may be compromised. When off, $authorized can't be set via request so it'll be fine, although it really is generally a good programming practice to initialize variables first. For example, in our example above we might have first done $authorized = false. Doing this first means our above code would work with register_globals on or off as users by default would be unauthorized.Code: Select all
<?php // define $authorized = true only if user is authenticated if (authenticated_user()) { $authorized = true; } // Because we didn't first initialize $authorized as false, this might be // defined through register_globals, like from GET auth.php?authorized=1 // So, anyone can be seen as authenticated! if ($authorized) { include "/highly/sensitive/data.php"; } ?>
-
King James
- Forum Newbie
- Posts: 7
- Joined: Thu Aug 21, 2003 3:12 pm
What you really needed to look at was the http://php.net/variables.external page. Any data you are receiving from the form is in the $_POST array. Any data you are receiving from the URL (Query String) is in the $_GET array. So, any reference to $form eg:
Should be changed to
As for the data in the form, you need to do the same except use the $_POST array. Does that make a little more sense?
Code: Select all
<?php
if (@$form == "yes")
?>Code: Select all
<?php
if (@$_GET['form'] == "yes")
?>