Page 1 of 1

Viewing record' No error found

Posted: Tue Jan 10, 2012 10:29 pm
by jayson.ph
Hi all, i just ask a little something about displaying record, please see below the code.

Code: Select all

<?php

	include("connection.php");
	include("rec_view.php");
mysql_select_db("mydatabase", $con);

$sql="INSERT INTO tbl_login (uname, pwd)
VALUES
('$_POST[uname]','$_POST[pwd]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";
mysql_close($con)

?> 

Code: Select all

<?php
	include("connection.php");
mysql_select_db("mydatabase" $con);
	$sql = mysql_query("SELECT * FROM tbl_login");
		while($row = mysql_fetch_array($sql))
		{
		echo $row['uname']. " " . $row['pwd'];
		echo <br/>
		}
?>
i already add record but about displaying recodr its same nothing happen, i mean no display and no error? please help

Re: Viewing record' No error found

Posted: Wed Jan 11, 2012 12:08 am
by twinedev
Have you verified that data is in the database, or just think it did because you ran an insert?

Re: Viewing record' No error found

Posted: Wed Jan 11, 2012 12:12 am
by social_experiment
try adding quote marks to your post variables

Code: Select all

<?php
# missing quotes from the post variables
$sql="INSERT INTO tbl_login (uname, pwd)
VALUES
('" . $_POST['uname'] ." ','" . $_POST['pwd'] ."')";
?>

Re: Viewing record' No error found

Posted: Wed Jan 11, 2012 3:11 am
by jayson.ph
what i mean is i cant view the record from my database, i dont what is the wrong with my code. please advice

Re: Viewing record' No error found

Posted: Wed Jan 11, 2012 3:18 am
by twinedev
If you are looking at the database (assuming you are using a program to actually browse the database), and the record is not in there, then there is an issue with your INSERT statement. Perhaps you have info that needs escaped breaking the SQL, but the code you gave would have given an error. Anyhow, here is the proper way to escape things using mysql_* functions:

Code: Select all

$SQL  = 'INSERT INTO `tbl_login` (`uname`,`pwd`) ';
$SQL .= 'VALUES ("'.mysql_real_escape_string($_POST['uname']).'","'.mysql_real_escape_string($_POST['pwd']).'")';
One you are ready to use this for a real live site, you will NOT want to just store raw passwords, search on here for 'password salt pepper' and you will find good information about how to properly store passwords.

-Greg