BrianM Posted June 7, 2008 Share Posted June 7, 2008 How do I prevent a script from running and inserting values from text fields into a database based upon whether or not all fields are complete? Because when I do it, it gives an error like it should if all fields aren't filled in, but it still inserts the values into the database for the fields that contained content. Would I do something like... <?php if (isset($_POST['some_name'])) { if (empty($_POST['some_name'])) echo 'You have to fill in all fields to complete installation!'; } else { ... ?> Is it the else part that keeps it from running unless all the fields are filled in?? Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/ Share on other sites More sharing options...
digitalgod Posted June 7, 2008 Share Posted June 7, 2008 <?php $someName = stripslahes(mysql_real_escape_string($_POST['some_name'])); if( $someName != "" ) { // insert } else { //error } Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559586 Share on other sites More sharing options...
Lodius2000 Posted June 7, 2008 Share Posted June 7, 2008 another method <?php if (trim(strlen($_POST['some_name'])) ==0) { echo 'You have to fill in all fields to complete installation!'; } else { $_POST['some_name'] = $some_name;//use this var for your mysql query } ?> do that for each field and do your mysql insert all at once, if any of those fields arent filled in make the form redisplay until they are and then do the db work WARNING::::: UNTESTED just a theory Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559595 Share on other sites More sharing options...
digitalgod Posted June 7, 2008 Share Posted June 7, 2008 switch those 2 $_POST['some_name'] = $some_name; Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559604 Share on other sites More sharing options...
BrianM Posted June 7, 2008 Author Share Posted June 7, 2008 0 (zero) and "" (empty field) are both the same thing, so you can use either?? Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559618 Share on other sites More sharing options...
digitalgod Posted June 7, 2008 Share Posted June 7, 2008 0 is for strlen, meaning if the string has a length of 0 as opposed to "" which just means that the value inside your variable is basically empty Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559619 Share on other sites More sharing options...
BrianM Posted June 7, 2008 Author Share Posted June 7, 2008 Which in turn are the same, except 0 requires a function to properly operate? Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559627 Share on other sites More sharing options...
digitalgod Posted June 7, 2008 Share Posted June 7, 2008 depends of what you're doing, since strlen returns an integer you need to check if the length is 0. if you would have done if($someName == 0) that would check if your variable is FALSE Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559631 Share on other sites More sharing options...
BrianM Posted June 7, 2008 Author Share Posted June 7, 2008 So if I want a variable to equal a post value I do <?php $var = $_POST['some_name']; ?> ? Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559668 Share on other sites More sharing options...
digitalgod Posted June 7, 2008 Share Posted June 7, 2008 exactly, if you'll be using that variable to insert it in a database I would suggest you'd use mysql_real_escape_string in order to protect yourself from sql injections Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559669 Share on other sites More sharing options...
BrianM Posted June 7, 2008 Author Share Posted June 7, 2008 So something like <?php $var = mysql_real_escape_string($_POST['some_name']); ?> Is that any better? Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559673 Share on other sites More sharing options...
digitalgod Posted June 7, 2008 Share Posted June 7, 2008 could have simply used what I posted earlier $someName = stripslahes(mysql_real_escape_string($_POST['some_name'])); // or to remove whitespaces $someName = trim(stripslahes(mysql_real_escape_string($_POST['some_name']))); but yeah that's good Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559682 Share on other sites More sharing options...
BrianM Posted June 7, 2008 Author Share Posted June 7, 2008 What is the stripslashes though :\ or actually, I'll just use my noggin and look that up on the php.net site lol, same for trim. Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559688 Share on other sites More sharing options...
BrianM Posted June 7, 2008 Author Share Posted June 7, 2008 Can you use the trim() and stripslashes() functions both at the same time? Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559691 Share on other sites More sharing options...
MiCR0 Posted June 7, 2008 Share Posted June 7, 2008 this maybe somewhat OTT for your needs but here <?php if ($_POST||$_GET) { array_walk($_GET,'cclean'); array_walk($_POST,'cclean'); array_walk($_COOKIE,'cclean'); extract($_GET,EXTR_PREFIX_ALL,'get'); extract($_POST,EXTR_PREFIX_ALL,'post'); extract($_COOKIE,EXTR_PREFIX_ALL,'cookie'); if ($_GET) { foreach ($_GET as $k => $v) { $_GET[$k] = mysql_real_escape_string(RemoveXSS(cleanValue(trim(stripslashes ($v))))); $length = strlen($v); if ($length > 20 ){$v="";} if (is_numeric ($v)) { $length = strlen($v); if ($length > 11 ){$_GET[$k]="";} $_GET[$k] = intval ($v); } } } if ($_POST) { foreach ($_POST as $k => $v) { $_POST[$k] = mysql_real_escape_string(RemoveXSS(cleanValue(trim(stripslashes ($v))))); $length = strlen($v); if ($length > 20 ){$_POST[$k]="";} if (is_numeric ($v)) { $length = strlen($v); if ($length > 11 ){$_POST[$k]="";} $_POST[$k] = intval ($v); } } } if ($_COOKIE) { foreach ($_COOKIE as $k => $v) { $_COOKIE[$k] = RemoveXSS(cleanValue(trim(stripslashes ($v)))); if (is_numeric ($v)) { $_COOKIE[$k] = intval ($v); } } } } function RemoveXSS($val) { $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); } $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[xX]0{0,8}([9ab])'; $pattern .= '|'; $pattern .= '|(�{0,8}([9|10|13])'; $pattern .= ')*'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); $val = preg_replace($pattern, $replacement, $val); if ($val_before == $val) { $found = false; } } } return $val; } function cleanValue($_value) { $_value = stripslashes(strip_tags($_value)); $_value = str_replace(array('delete', 'DELETE', 'rm -', ' ', '!', '|', '?', '&', '=', '-', '`', "'", '"', '\\\\', '\\', '//', '/', ',', ';', ':', '*', '>', '<' ), '', $_value); return trim($_value); } function cclean($value) { if (get_magic_quotes_gpc()) $value = stripslashes($value); if (!is_numeric($value)) $value = mysql_real_escape_string($value); return $value; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559692 Share on other sites More sharing options...
BrianM Posted June 7, 2008 Author Share Posted June 7, 2008 I'm not on that level of technicality just yet, half of that I don't quite understand. But! I do have an issue here, hopefully somebody can point out a quick fix or suggest something. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" type="text/css" href="setup.css" /> <title>Setup</title> </head> <?php // basic setup variables $site_name = mysql_real_escape_string($_POST['site_name']); $site_url = mysql_real_escape_string($_POST['site_url']); $administration_username = mysql_real_escape_string($_POST['administration_username']); $administration_password = mysql_real_escape_string($_POST['administration_password']); // mysql setup variables $mysql_server_name = mysql_real_escape_string($_POST['mysql_server_name']); $mysql_username = mysql_real_escape_string($_POST['mysql_username']); $mysql_password = mysql_real_escape_string($_POST['mysql_password']); $mysql_database_name = mysql_real_escape_string($_POST['mysql_database_name']); $mysql_table_prefix = mysql_real_escape_string($_POST['mysql_table_prefix']); $mysql_connect = mysql_connect("$mysql_server_name", "$mysql_username", "$mysql_password") or die(mysql_error()); ?> <body> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> <table id="setup_main" border="0"> <tr> <td class="setup_title">Basic Setup</td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">Site name:<?php echo str_repeat(' ', 40); ?></td> <td><input type="text" name="site_name" size="60" value="" /> <br /><div class="setup_description">This is the name of your site, ie. "My Company Name".</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">Site URL:</td> <td><input type="text" name="site_url" size="60" value="http://<?php echo $_SERVER['HTTP_HOST']; echo dirname($_SERVER['PHP_SELF']) ?>" /> <br /><div class="setup_description">This is the URL to your site. In most cases, you can leave the default value in this box alone - it is usually right.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">Administration username:</td> <td><input type="text" name="administration_username" size="60" value="" /> <br /><div class="setup_description">This is the administrative username you would like to log in with.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">Administration password:</td> <td><input type="text" name="administration_password" size="60" value="" /> <br /><div class="setup_description">This is the administrative password to use with your username you chose above.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_title">MySQL Setup</td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">MySQL server name:</td> <td><input type="text" name="mysql_server_name" size="40" value="localhost" /> <br /><div class="setup_description">In most cases, you can leave this value as is. Check with your server administrator should you need assistance with this value.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">MySQL username:</td> <td><input type="text" name="mysql_username" size="40" value="" /> <br /><div class="setup_description">Fill in the username you use to connect to your MySQL database here.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">MySQL password:</td> <td><input type="text" name="mysql_password" size="40" value="" /> <br /><div class="setup_description">Here, put the password you use to connect to your MySQL database.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">MySQL database name:</td> <td><input type="text" name="mysql_database_name" size="40" value="" /> <br /><div class="setup_description">This is the name of the database you want to store data in. Setup will create the database if it does not already exist.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">MySQL table prefix:</td> <td><input type="text" name="mysql_table_prefix" size="40" value="" /> <br /><div class="setup_description">The prefix for every table in the database, ie. "prefix_". <b>Do not use the same prefix in the same database.</b></div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td></td> <td><?php echo str_repeat(' ', 151); ?><input type="submit" name="finish" value="Finish" /></td> </tr> </table> </form> </body> </html> There is the code, and here is the error output in my browser. Notice: Undefined index: site_name in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 10 Warning: mysql_real_escape_string(): Access denied for user: 'ODBC@localhost' (Using password: NO) in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 10 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 10 Notice: Undefined index: site_url in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 11 Warning: mysql_real_escape_string(): Access denied for user: 'ODBC@localhost' (Using password: NO) in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 11 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 11 Notice: Undefined index: administration_username in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 12 Warning: mysql_real_escape_string(): Access denied for user: 'ODBC@localhost' (Using password: NO) in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 12 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 12 Notice: Undefined index: administration_password in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 13 Warning: mysql_real_escape_string(): Access denied for user: 'ODBC@localhost' (Using password: NO) in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 13 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 13 Notice: Undefined index: mysql_server_name in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 15 Warning: mysql_real_escape_string(): Access denied for user: 'ODBC@localhost' (Using password: NO) in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 15 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 15 Notice: Undefined index: mysql_username in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 16 Warning: mysql_real_escape_string(): Access denied for user: 'ODBC@localhost' (Using password: NO) in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 16 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 16 Notice: Undefined index: mysql_password in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 17 Warning: mysql_real_escape_string(): Access denied for user: 'ODBC@localhost' (Using password: NO) in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 17 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 17 Notice: Undefined index: mysql_database_name in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 18 Warning: mysql_real_escape_string(): Access denied for user: 'ODBC@localhost' (Using password: NO) in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 18 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 18 Notice: Undefined index: mysql_table_prefix in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 19 Warning: mysql_real_escape_string(): Access denied for user: 'ODBC@localhost' (Using password: NO) in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 19 Warning: mysql_real_escape_string(): A link to the server could not be established in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 19 Warning: mysql_connect(): Access denied for user: 'ODBC@localhost' (Using password: NO) in C:\Program Files\Apache Group\Apache2\htdocs\mps\setup\setup.php on line 21 Access denied for user: 'ODBC@localhost' (Using password: NO) Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559695 Share on other sites More sharing options...
MiCR0 Posted June 7, 2008 Share Posted June 7, 2008 dude your trying to connect to mysql with no data you need to hold off the mysql commands until it has the DATA in your $_POST if ($_POST) { // basic setup variables $site_name = mysql_real_escape_string($_POST['site_name']); $site_url = mysql_real_escape_string($_POST['site_url']); $administration_username = mysql_real_escape_string($_POST['administration_username']); $administration_password = mysql_real_escape_string($_POST['administration_password']); // mysql setup variables $mysql_server_name = mysql_real_escape_string($_POST['mysql_server_name']); $mysql_username = mysql_real_escape_string($_POST['mysql_username']); $mysql_password = mysql_real_escape_string($_POST['mysql_password']); $mysql_database_name = mysql_real_escape_string($_POST['mysql_database_name']); $mysql_table_prefix = mysql_real_escape_string($_POST['mysql_table_prefix']); $mysql_connect = mysql_connect("$mysql_server_name", "$mysql_username", "$mysql_password") or die(mysql_error()); } Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559702 Share on other sites More sharing options...
BrianM Posted June 7, 2008 Author Share Posted June 7, 2008 In other words, leave out the "mysql_real_escape_string()" function? And then it will work... Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559708 Share on other sites More sharing options...
BrianM Posted June 7, 2008 Author Share Posted June 7, 2008 Is there a way for PHP to automatically read your MySQL login information and fill in... <?php mysql_connect('', '', '') or die(mysql_error()); ?> Is there a function that can take care of that or any alternate way of doing so. Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559709 Share on other sites More sharing options...
digitalgod Posted June 7, 2008 Share Posted June 7, 2008 I think you're mixing up a few things what he means is that you're calling mysql_connect while you have no information stored in your variables. I don't know if you're using a form to connect to a database but if you are then add the if statement that micro added. Otherwise manually input your connection variables like for example $mysql_server_name = 'localhost' etc Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559711 Share on other sites More sharing options...
BrianM Posted June 7, 2008 Author Share Posted June 7, 2008 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" type="text/css" href="setup.css" /> <title>Setup</title> </head> <?php if (isset($_POST['finish'])) { // basic setup variables $site_name = $_POST['site_name']; $site_url = $_POST['site_url']; $administration_username = $_POST['administration_username']; $administration_password = $_POST['administration_password']; // mysql setup variables $mysql_server_name = $_POST['mysql_server_name']; $mysql_username = $_POST['mysql_username']; $mysql_password = $_POST['mysql_password']; $mysql_database_name = $_POST['mysql_database_name']; $mysql_table_prefix = $_POST['mysql_table_prefix']; $mysql_connect = mysql_connect("$mysql_server_name", "$mysql_username", "$mysql_password") or die(mysql_error()); } ?> <body> <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> <table id="setup_main" border="0"> <tr> <td class="setup_title">Basic Setup</td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">Site name:<?php echo str_repeat(' ', 40); ?></td> <td><input type="text" name="site_name" size="60" value="" /> <br /><div class="setup_description">This is the name of your site, ie. "My Company Name".</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">Site URL:</td> <td><input type="text" name="site_url" size="60" value="http://<?php echo $_SERVER['HTTP_HOST']; echo dirname($_SERVER['PHP_SELF']) ?>" /> <br /><div class="setup_description">This is the URL to your site. In most cases, you can leave the default value in this box alone - it is usually right.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">Administration username:</td> <td><input type="text" name="administration_username" size="60" value="" /> <br /><div class="setup_description">This is the administrative username you would like to log in with.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">Administration password:</td> <td><input type="text" name="administration_password" size="60" value="" /> <br /><div class="setup_description">This is the administrative password to use with your username you chose above.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_title">MySQL Setup</td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">MySQL server name:</td> <td><input type="text" name="mysql_server_name" size="40" value="localhost" /> <br /><div class="setup_description">In most cases, you can leave this value as is. Check with your server administrator should you need assistance with this value.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">MySQL username:</td> <td><input type="text" name="mysql_username" size="40" value="" /> <br /><div class="setup_description">Fill in the username you use to connect to your MySQL database here.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">MySQL password:</td> <td><input type="text" name="mysql_password" size="40" value="" /> <br /><div class="setup_description">Here, put the password you use to connect to your MySQL database.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">MySQL database name:</td> <td><input type="text" name="mysql_database_name" size="40" value="" /> <br /><div class="setup_description">This is the name of the database you want to store data in. Setup will create the database if it does not already exist.</div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td class="setup_type">MySQL table prefix:</td> <td><input type="text" name="mysql_table_prefix" size="40" value="" /> <br /><div class="setup_description">The prefix for every table in the database, ie. "prefix_". <b>Do not use the same prefix in the same database.</b></div></td> </tr> <tr> <td><?php echo str_repeat(' ', 1); ?></td> </tr> <tr> <td></td> <td><?php echo str_repeat(' ', 151); ?><input type="submit" name="finish" value="Finish" /></td> </tr> </table> </form> </body> </html> That is what I came up with now, and it works great. Thanks for all the help guys! Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559712 Share on other sites More sharing options...
MiCR0 Posted June 7, 2008 Share Posted June 7, 2008 here is how I do it config.php <?php $dbhost = "localhost"; $dbuser = "";// user name $dbpassword = "";//password to database $dbdatabase = "";// databasename $config_basedir = "http://localhost/";// address of website $config_frommail = "[email protected]";// E-mail address for formail ?> db.php <?php require("config.php"); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbdatabase, $db); ?> DONE now when I am wanting a page to use the database i just call at the top of the page require("db.php"); much easier... Quote Link to comment https://forums.phpfreaks.com/topic/109078-prevent-script-from-inserting-info-into-db/#findComment-559715 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.