Page 1 of 1

need help with mysql_real_escape_string()

Posted: Tue Mar 06, 2007 10:45 am
by crazytopu
What's wrong with this code? Value field is empty!

I have tried '".mysql_real_escape_string($_POST['title_txt'])."', for the first column, still no luck.



It prints:

Code: Select all

title : title des : descriptionday : 27mon : Novermberyea : 2014no user : 209
INSERT INTO `member` (`quote_no`, `username` , `title` , `description` , `no_of_user` , `post_date` , `required_by_date` ) VALUES ( '', '', '', '', '', '', '' )

Code: Select all

if (isset($_POST['submit_request'])) 
{ 

	$title = $_POST['title_txt'];
	$description = $_POST['description_txt'];
	$day = $_POST['day'];
	$month = $_POST['month'];
	$year = $_POST['year'];
	$no_of_user = $_POST['no_of_user_txt'];
	$username = $_SESSION['user'];
	$post_date = date('d,m,y');
	

	echo "title : ".$title;
	echo "des : ".$description;
	echo "day : ".$day;
	echo "mon : ".$month;
	echo "yea : ".$year;
	echo "no user : ".$no_of_user;






$insert = "INSERT INTO `member` (`quote_no`, `username` , `title` , `description` , `no_of_user` , `post_date` , `required_by_date` ) 
                        VALUES ( 
                        '".mysql_real_escape_string($_POST['title_txt'])."',
	       '".mysql_real_escape_string($username)."', 
                        '".mysql_real_escape_string($title)."', 
                        '".mysql_real_escape_string($description)."', 
                        '".mysql_real_escape_string($no_of_user)."', 
                        '".mysql_real_escape_string($post_date)."', 
                        '".mysql_real_escape_string($require_by_date)."' 
                       
						
                        
                        
                        )";



			echo '<div>', htmlentities($insert), "</div>\n";

}
	else 
	{	// if form hasn't been submitted show new form

Posted: Tue Mar 06, 2007 10:52 am
by volka

Code: Select all

error_reporting(E_ALL); ini_set('display_errors', true);

if (isset($_POST['submit_request']))
{
  echo "<pre>
    title = {$_POST['title_txt']}
    description = {$_POST['description_txt']}
    day = {$_POST['day']}
    month = {$_POST['month']}
    year = {$_POST['year']}
    no_of_user = {$_POST['no_of_user_txt']}
    username = {$_SESSION['user']}
    </pre>";

  $title = $_POST['title_txt'];
  $description = $_POST['description_txt'];
  $day = $_POST['day'];
  $month = $_POST['month'];
  $year = $_POST['year'];
  $no_of_user = $_POST['no_of_user_txt'];
  $username = $_SESSION['user'];
  $post_date = date('d,m,y');

  $insert =
What does it print?

Posted: Tue Mar 06, 2007 11:04 am
by crazytopu
That's a niec error checking, I didnot know. Yes I solved it now.

Code: Select all

title = test 
    description = test 
    day = 29 
    month = December 
    year = 2006 
    no_of_user = 445 
    username = t 
    
Warning: mysql_real_escape_string(): Access denied for user: 'root@localhost' (Using password: NO) in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 288 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 288 Warning: mysql_real_escape_string(): Access denied for user: 'root@localhost' (Using password: NO) in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 289 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 289 Warning: mysql_real_escape_string(): Access denied for user: 'root@localhost' (Using password: NO) in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 290 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 290 Warning: mysql_real_escape_string(): Access denied for user: 'root@localhost' (Using password: NO) in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 291 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 291 Warning: mysql_real_escape_string(): Access denied for user: 'root@localhost' (Using password: NO) in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 292 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 292 Warning: mysql_real_escape_string(): Access denied for user: 'root@localhost' (Using password: NO) in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 293 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 293 Notice: Undefined variable: require_by_date in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 294 Warning: mysql_real_escape_string(): Access denied for user: 'root@localhost' (Using password: NO) in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 294 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\apache2triad\htdocs\compquo\final\memberArea.php on line 294 
INSERT INTO `member` (`quote_no`, `username` , `title` , `description` , `no_of_user` , `post_date` , `required_by_date` ) VALUES ( '', '', '', '', '', '', '' )

Posted: Tue Mar 06, 2007 11:07 am
by feyd
It would appear you aren't connected or connected incorrectly to MySQL.

mysql_real_escape_string() requires an active connection.

Posted: Tue Mar 06, 2007 11:11 am
by volka
If this is your development server you should set error_reporting=E_ALL and maybe display_errors=On in your php.ini. You may have to restart the webserver.
Use <?php phpinfo(); ?> and check wether you've changed the right php.ini

Posted: Tue Mar 06, 2007 11:25 am
by crazytopu
fyed is right. It was the problem with the database connection on my local server.

Volka, thanks.

Also guys, it's an off topic but thought to ask your suggestion:

You see the day,month,year drop down menu

I am always confused about date thing. I am reading the value it's fine. And then thinking of converting the month to corresponding neumeric no.

Something like:

Code: Select all

$month = $_POST['month'];

if($month = "January"){

   $month = 01;
 
}

else if($month = "February"){

   $month = 02;
 
}

// and so on
I am confused about what data type my column (required by date column) should be? DATE?

If so, how would I later on check the Date has passed and set expire column value to 1 i.e post expired and take it off the site or make it invisible. Using MySQL DATE_FORMAT(date,'%M %d, %Y') function?

I am sure if I spend a few hours I can find a way out, but i need the best solution. Which one would you personally go for?


I need to do two things - record expire date and then later retreive all the non-expired post.

Also display all the post between two date range, so comparison required.

What would you suggest?

Posted: Tue Mar 06, 2007 1:47 pm
by feyd
Store the numeric form in the value attribute of the options.

A DATE column is probably appropriate.