I'm hoping someone can help me cos my hair's going white with this one. I'm trying to put together a script that acts as web-based interface to an SQL server. There are actually two parts, admin.htm and admin.php. The first part is just a form that passes login credentials to the PHP file. That part seems to work fine, but I'll post the source anyway: -
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>SQL admin login</title>
<meta charset="iso-8859-1" />
</head>
<body>
<form action="admin.php" method="post">
<label for="username">Username: -</label>
<br />
<input type="text" name="username" id="username" />
<br />
<br />
<label for="password">Password: -</label>
<br />
<input type="password" name="password" id="password" />
<br />
<br />
<label for="server">Server: -</label>
<br />
<input type="text" name="server" id="server" />
<br />
<br />
<label for="database">Database: -</label>
<br />
<input type="text" name="database" id="database" />
<br />
<br />
<input type="submit" value="Login" />
<input type="reset" value="Reset" />
</form>
</body>
</html>
Following is the content of admin.php. By this point I can see the connection in MySQL Workbench, and when I submit the query 'SELECT * FROM subscribers' it's being stored in '$_POST['query']', but 'mysql_query($_POST['query'],$_SESSION['con']);' is returning nothing. There is definitely a record in that table, and the user I'm logging on with has permission to run the 'SELECT' command against this database, so I can't figure out why mysql_query(); is returning nothing: -
<!DOCTYPE HTML>
<?php
session_start();
if(!$_SESSION['con'])
{
if(!($_POST['username'] || $_POST['password']))
{
if(!($_SESSION['username'] || $_SESSION['password']))
{
$error="Username and password variables empty.";
}
}
else
{
$_SESSION['username']=mysql_real_escape_string($_POST['username']);
$_SESSION['password']=mysql_real_escape_string($_POST['password']);
$_SESSION['server']=mysql_real_escape_string($_POST['server']);
$_SESSION['database']=mysql_real_escape_string($_POST['database']);
$_SESSION['con']=mysql_pconnect($_SESSION['server'],$_SESSION['username'],$_SESSION['password']);
if(!$_SESSION['con'])
{
$error="Failed to connect to server.";
}
else
{
$database=mysql_select_db($_SESSION['database'],$_SESSION['con']);
if(!$database)
{
$error="Failed to connect to database.";
}
}
}
}
if(!$_POST['query'])
{
$error="No query submitted.";
}
else
{
$result=mysql_query($_POST['query'],$_SESSION['con']);
if(!$result)
{
$error="Query returned nothing.";
}
}
?>
<html lang="en">
<head>
<title>SQL admin interface</title>
<meta charset="iso-8859-1" />
</head>
<body>
<form action="admin.php" method="post">
<textarea name="query" rows="10" cols="50">SELECT * FROM subscribers</textarea>
<br />
<br />
<input type="submit" value="Submit query" />
</form>
<?php
if($error)
{
echo $_POST['query']."<br /><br />".$result."<br /><br />".$error;
die();
}
else
{
while($row=mysql_fetch_assoc($result))
{
echo $row['name']." ".$row['email'];
echo "<br />";
}
}
?>
</body>
</html>
Can anyone help?
MOD EDIT:
. . .
tags added.