Page 1 of 1

No posted values stored in db

Posted: Wed Aug 22, 2007 4:30 am
by kkonline
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Below is the form processing code. I am getting only date and ip address in the databas, none of the fiels posted by the users are stored.

Code: Select all

<?php
session_start();

if (!isset($_SESSION['token']))
  {
    session_regenerate_id();
    $_SESSION['token'] = true;
  }//check for token

if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
  {//token is correct
	$token_age = time() - $_SESSION['token_time'];
	if ($token_age >= 300)
 	  {//token correct but timeout
	echo "detected a Timeout!";
	exit;
        }
    		if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] ) 
      		{
		      // correct security code, now validate name and other field
		      if(isset($_POST['name']))//name field is set
			  {
			   $n = $_POST['name'];
			   if (strlen($n) > 0 && strlen($n) < 31) //valid and sql friendly name now in $name
			     {
	$name = mysql_real_escape_string($_POST['name']);
			     }
			   else {
			     // $n is not valid
                     echo "recommends you to fill your name properly.";
			        }
                   } 	
			else {
				//name not set
			   echo "detected that you left the name field blank.";
			     } 	

//validation for next field

	      if(isset($_POST['title']))//title field is set
			  {
			   $n = $_POST['title'];
			   if (strlen($n) > 0 && strlen($n) < 61 ) //valid and sql friendly name now in $name
			     {
$title = mysql_real_escape_string($_POST['title']);
			     }
			   else {
			     // $n is not valid
                     echo "recommends you to fill your title properly.";
			        }
                   } 	
			else {
				//name not set
			   echo "detected that you left the title field blank.";
			     } 	

//validation for next field
	      if(isset($_POST['content']))//content  field is set
			  {
	$content = mysql_real_escape_string($_POST['content']);
                   } 	
			else {
				//name not set
			   echo "detected that you left the content field blank.";
			     } 	

$date = strtotime("now");
$ip = $_SERVER['REMOTE_ADDR'];

$con = mysql_connect("localhost","root","pass");
if (!$con){
die('Could not connect: ' . mysql_error());
}
mysql_select_db("sql", $con);
//connect to db
$sql="INSERT INTO wow (contributed_by,title,content,date,trusted,ip)VALUES('$name','$title','$content','$date','0','$ip')";
mysql_query($sql) or die(mysql_error());
mysql_close($con);

			echo "received the content you shared.";








    			}
			    else {
		      // security code is invalid
			echo "detected an invalid code.";
			exit;    }
  }
else	
    {
echo "Wrong data!";
exit;
    }

?>

index.php

Code: Select all

<?php
session_start(); 
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
$_SESSION['token_time'] = time();
?>

<html>
<body>
<form action="post.php" method="post">
<input type="hidden" name="token" value="<?php echo $token; ?>" />
<table border="0" cellspacing="0" cellpadding="4">
<tr><td>Name: </td><td><input type="text" name="name" size="30" maxlength="30" /></td></tr>
<tr><td>Title: </td><td><input type="text" name="title" size="30" maxlength="30" /></td></tr>
<tr><td>Content: </td><td><textarea name="content" rows="10", cols="30"></textarea></td></tr>
<tr> <td>Code: </td>
    <td>
    <input type="text" name="secCode" maxlength="6" style="width:50px" size="20"> <b>&laquo;</b>
    <img src="../../includes/seccode.inc.php" width="71" height="21" align="absmiddle"></td>
    </tr>
<tr><td><input type="submit" /></td></tr></table>

</form>
</body>
</html>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Wed Aug 22, 2007 5:12 am
by kkonline
After printing $sql after the queries i get the following
INSERT INTO wow (contributed_by,title,content,date,trusted,ip)VALUES
('','','','1187774293','0','59.178.76.27')

Posted: Wed Aug 22, 2007 5:14 am
by volka
please try

Code: Select all

<?php
error_reporting(E_ALL);
ini_set('display_errors', true);

session_start();

if (!isset($_SESSION['token']))
{
  session_regenerate_id();
  $_SESSION['token'] = true;
}//check for token

...