Page 1 of 1

Help with this html and PHP codes

Posted: Mon Jun 26, 2006 1:39 pm
by black85
Hi people,
Could any anyone help me out with this html and php codes. I keep getting "something went wrong" error message everytime i request the web page from the apache web server.

insert_form.html
----------------

<HTML>
<HEAD>
<TITLE>Insert Form</TITLE>
</HEAD>
<BODY>
<FORM ACTION="insert.php" METHOD=POST>
<P>Text to addbr>
<input type=text name="testField" size=30>
<p><input type=submit name="submit" value="Insert Record"></p>
</FORM>
</BODY>
</HTML>

insert.php
--------
<?php
// open the connection
$olu = mysql_connect("localhost", "root", "olu1bal");

// pick the database to use
mysql_select_db("testDB",$olu);

// create the SQL statement
$sql = "INSERT INTO testTable values ('', '$_POST[testField]')";

// execute the SQL statement
if (mysql_query($sql, $olu)) {
echo "record added!";
} else {
echo "something went wrong";
}
?>


I look 4ward to hearing from anyone a.s.a.p.

black85

Posted: Mon Jun 26, 2006 1:51 pm
by Todd_Z
replace

Code: Select all

echo "something went wrong";
with

Code: Select all

echo mysql_error( $olu );

Posted: Mon Jun 26, 2006 1:56 pm
by black85
Thanks alot @todd

Posted: Mon Jun 26, 2006 2:10 pm
by Todd_Z
by the way, use some data filtering on that $_POST variable

Someone could use malicious data to corrupt your table.

Either do a preg_match like

Code: Select all

$regex = "#^[a-zA-Z0-9_- ]*$#";
if ( preg_match( $regex, $_POST['variable'] ) )
  // DO INSERT
or just a simple

Code: Select all

$sql = "INSERT INTO `table` SET `variable` = '".mysql_real_escape_string( $_POST['variable'] )."'";

Re: Help with this html and PHP codes

Posted: Mon Jun 26, 2006 2:21 pm
by RobertGonzalez
Please wrap your code in either [ code ] tags or [ php ] tags. This is what your posting should have looked like...
black85 wrote:Hi people,
Could any anyone help me out with this html and php codes. I keep getting "something went wrong" error message everytime i request the web page from the apache web server.

insert_form.html
----------------

Code: Select all

<HTML>
<HEAD>
<TITLE>Insert Form</TITLE>
</HEAD>
<BODY>
<FORM ACTION="insert.php" METHOD=POST>
<P>Text to addbr>
<input type=text name="testField" size=30>
<p><input type=submit name="submit" value="Insert Record"></p>
</FORM>
</BODY>
</HTML>
insert.php
--------

Code: Select all

<?php
// open the connection
$olu = mysql_connect("localhost", "root", "olu1bal");

// pick the database to use
mysql_select_db("testDB",$olu);

// create the SQL statement
$sql = "INSERT INTO testTable values ('', '$_POST[testField]')";

// execute the SQL statement
if (mysql_query($sql, $olu)) {
echo "record added!";
} else {
echo "something went wrong";
}
?>

I look 4ward to hearing from anyone a.s.a.p.

black85
Try this...

Code: Select all

<?php
// execute the SQL statement
if (!$result = mysql_query($sql, $olu) || !mysql_affected_rows()) {
    die("There was a problem with the insert: " . mysql_error());
} else {
    echo "Alls well that queries well";
}
?>

Posted: Mon Jun 26, 2006 2:39 pm
by black85
thanks