php prob

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
forgun
Forum Commoner
Posts: 61
Joined: Wed Jan 29, 2003 6:05 am
Contact:

php prob

Post by forgun »

Code: Select all

@$lk =  mysql_connect($serv , $user , $pass) or die (mysql_error());
while ($lk == false) {
	@$lk =  mysql_connect($serv , $user , $pass) or die (mysql_error());
}
$db = mysql_select_db($dbname , $lk); 
$qur = "INSERT INTO news (id,title, date, time, by, body, email, icq, icon, sing) VALUES (';
$qur .= ' , $_POSTї'title'], CURDATE(), CURTIME(), $by, $_POSTї'body'], $email, $icq, $_POSTї'how'], $_POSTї'how'])";
$res = mysql_query($qur);
i try many times to change or what ever plz help me
User avatar
DaZZleD
Forum Commoner
Posts: 38
Joined: Tue Jan 07, 2003 5:39 am

Post by DaZZleD »

first of all you have a while statement there that does nothing. if the script fails to connect to the db, it exists, else it passes the while because $lk is not false. you should drop that while statement.

second of all you use double quotes (") to create the $qur variable and you never close them. try this:

Code: Select all

<?php
$qur = "INSERT INTO news (id,title, date, time, by, body, email, icq, icon, sing) VALUES ("; 
$qur .= "'" . $_POST['title'] . "', CURDATE(), CURTIME(), '" . $by . "', '" . $_POST['body'] . "', '" . $email . "', '" . $icq . "', '" . $_POST['how'] . "', '" . $_POST['how'] . "')";
$res = mysql_query($qur);
?>
the thing is mysql needs data that are not functions or numbers entered between quotes. this means that every PHP variable of the query string has to be enclosed between quotes. simple quotes however make the PHP treat variable names as strings and not variables. that's why you need to use concatenation.

and by the way... you missed the $id there... the table requires 10 fields and you provide 9. and the last 2 arguments point to the same variable. 8O

good luck!
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

..and another thing regarding security, using $_POST directly in any type of query or file handling is insane.. ALWAYS check for syntax, or at least escape correctly with strings and make sure numerics are so..

if (!is_numeric($_POST['somenum'])) { /* Do something to fix or abort */ }

$query = 'BLA BLA BLA '.mysql_escape_string(stripslashes($_POST['somestr']));

(Skip stripslashes if your server doesnt have magic_quotes_gpc enabled..)
User avatar
forgun
Forum Commoner
Posts: 61
Joined: Wed Jan 29, 2003 6:05 am
Contact:

Post by forgun »

mm there is the fix agine the info is not going to the db i dont know why

Code: Select all

@$lk =  mysql_connect($serv , $user , $pass) or die (mysql_error());
$db = mysql_select_db($dbname , $lk);
$qur = "INSERT INTO news (title, date, time, by, body, email, icq, icon, sing) VALUES (";
$qur .= "'" . $_POST&#1111;'title'] . "', CURDATE(), CURTIME(), '" . $by . "', '" . $_POST&#1111;'body'] . "', '" . $email . "', '" . $icq . "', '" . $_POST&#1111;'how'] . "', '" . $_POST&#1111;'how'] . "')";
$res = mysql_query($qur);
DeGauss
Forum Contributor
Posts: 105
Joined: Tue Oct 22, 2002 9:44 am
Location: Gainesville, FL

Post by DeGauss »

Code: Select all

@$lk=mysql_connect($serv,$user,$pass) or die (mysql_error());
$db=mysql_select_db($dbname , $lk); 
$qur = "INSERT INTO news (title, date, time, by, body, email, icq, icon, sing) VALUES ('".$_POST&#1111;'title']."',CURDATE(),CURTIME(),'".$by."','".$_POST&#1111;'body']."','".$email."','".$icq."','".$_POST&#1111;'how']."','".$_POST&#1111;'how']."')"; 
$res = mysql_query($qur);
*shrug*

Looks fine to me. Everything has been escaped properly... What's the specific MySQL error that it throws up?
User avatar
forgun
Forum Commoner
Posts: 61
Joined: Wed Jan 29, 2003 6:05 am
Contact:

Post by forgun »

that is the point nothing form the data i been subimt goes to the db and no kind of error is been showed so far but the data on the db still the some
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

What does it produce if you add something like this at the end

Code: Select all

<?php

   if (!$res) die ('Query failed ('.htmlentities($qur).') -> '.htmlentities(mysql_error()));
   echo mysql_affected_rows(). ' rows affected.<br>';

?>
Post Reply