Page 1 of 1

Values not going to db

Posted: Thu Aug 23, 2007 11:37 am
by kkonline
I have made a simple form with validation. when i press the submit button then if validation is ok the content of $sql; becomes

INSERT INTO phpnews_news (mood,tags,time,month,year,subject,titletext,maintext,views,break,catid,trusted) VALUES ('1','tags','1187884757','8','2007','krishna','khanna','erts','0','0','1','0')

But NO values are not available in the db

Code: Select all

<?php
session_start();

if (!isset($_SESSION['token']))
  {
    session_regenerate_id();
    $_SESSION['token'] = true;
  }//check for token

if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
  {//token is correct
	$token_age = time() - $_SESSION['token_time'];
	if ($token_age >= 600)
 	  {//token correct but timeout
	echo "Timeout!";
	exit;
        }
    		if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] ) 
      		{
		      // correct security code, now validate name and other field


// Strip slashes from all GPC data
include("$_SERVER[DOCUMENT_ROOT]/includes/stripgpcslash.inc.php");
//gpc slashes stripped

//connect to db
	// Do includes
include("$_SERVER[DOCUMENT_ROOT]/includes/connect.inc.php");
	// end includes
//connect to db
			$fault=0;
		      if(strlen($_POST["subject"]) > 0)//name field is set
			  {
			   $n = $_POST['subject'];
			   if (strlen($n) > 0 && strlen($n) < 31) //valid and sql friendly name now in $name
			     {
 				$subject = trim(mysql_real_escape_string($_POST['subject']));
			     }
			   else {
			     // $n is not valid
                     echo "you to fill your subject properly.";
			   $fault++;
			   exit;
			        }
                   } 	
			else {
				//name not set
			   echo "you left the subject blank.";
			   $fault++;
			   exit;
			     } 	

//validation for next field
	      if(strlen($_POST["titletext"]) > 0)//titletext field is set
			  {
			   $titletext = trim(mysql_real_escape_string($_POST['titletext']));
                    } 	
			else {
			echo "you left the titletext blank.";
			$fault++;
			exit;
			     } 	

//validation for next field
	      if(strlen($_POST["maintext"]) > 0)//content  field is set
			  {
			   $maintext = trim(mysql_real_escape_string($_POST['maintext']));
                    } 	
			else {
			echo "you left the content field blank.";
			$fault++;
			exit;
			     } 	

//validating next field

	      if(strlen($_POST["mood"]) > 0)
			  {
			   $n = $_POST['mood'];
			   if ($n > 0 && $n < 10) 
			     {
		      	$mood = trim(mysql_real_escape_string($_POST['mood']));
                       }
			   else {
			   echo "you to select the mood properly.";
			   $fault++;
			   exit;
			        }
                   } 	
			else {
			echo "you left the mood field blank.";
			$fault++;	
			exit;
			     } 	

//validating next field

	      if(strlen($_POST["catid"]) > 0)
			  {
			   $n = $_POST['catid'];
			   if ($n > 0 && $n < 9) 
			     {
		      	$catid = trim(mysql_real_escape_string($_POST['catid']));
                       }
			   else {
			   echo "you to select the category properly.";
			   $fault++;
			   exit;
			        }
                   } 	
			else {
			echo "you left the category blank.";
			$fault++;	
			exit;
			     } 	

//validating next field

	      if(strlen($_POST["tags"]) > 0)
			  {
			   $tags = trim(mysql_real_escape_string($_POST['tags']));
                    } 	
			else {
                  echo "you left the tags field blank.";
			$fault++;	
			exit;
			     } 	
//validating next field

$date = mktime(date("G"), date("i"), date("s"), date("n"), date("d"), date("Y"));

$month=date("n", $date);
$year=date("Y", $date);
$time = strtotime("now");
$ip = $_SERVER['REMOTE_ADDR'];

$sql="INSERT INTO phpnews_news (mood,tags,time,month,year,subject,titletext,maintext,views,break,catid,trusted)
VALUES ('$mood','tags','$time','$month','$year','$subject','$titletext','$maintext','0','0','$catid','0')";
mysql_close($con);

if(! $fault)
{
echo $sql;
exit;
}
  			}
			    else {
		      // security code is invalid
			echo " invalid code.";
			exit;    }
  }
else	
    {
echo "invalid referrer!";
exit;
    }
?>

Posted: Thu Aug 23, 2007 11:39 am
by feyd
Missing mysql_query(), I believe...

Posted: Thu Aug 23, 2007 11:41 am
by kkonline
feyd wrote:Missing mysql_query(), I believe...
You people are just GENUINELY GENIUS!