Grazza Posted June 19, 2008 Share Posted June 19, 2008 I made this script and for the life of me i cant figure out why it wont work. At first it was executing fine but was always returning "Please ensure all require fields are completed" even though all of the fields were infact completed. I added the line mysql_select_db($sqluser,$link); in an attempt to iron this out, and this only made things worse reporting an unexpected t_string any help or advice you could offer me would be much appreciated. MY code is as follows: <?php if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['confirmpass']) && isset($_POST['company_number']) && isset($_POST['contact_name']) && isset($_POST['telephone']) && isset($_POST['email']) && isset($_POST['confirmemail'])) { // Connect $host = "***"; $sqluser = "***"; $sqlpass = "***"; $link = mysql_connect($host,$sqluser,$sqlpass); if(!is_resource($link)) { echo "Failed to connect to the server\n"; // ... log the error properly } else { // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON. if(get_magic_quotes_gpc()) { $username = stripslashes($_POST['username']); $password = stripslashes($_POST['password']); $password2 = stripslashes($_POST['confirmpass']); $company_number = stripslashes($_POST['company_number']); $contact_name = stripslashes($_POST['contact_name']); $telephone = stripslashes($_POST['telephone']); $email = stripslashes($_POST['email']); $email2 = stripslashes($_POST['confirmemail']); $fax = stripslashes($_POST['fax']); $address = stripslashes($_POST['address']); $overview = stripslashes($_POST['overview']); $public = stripslashes($_POST['public']); $newsletter = stripslashes($_POST['newsletter']); $terms = stripslashes($_POST['terms']); } else { $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['confirmpass']; $company_number = $_POST['company_number']; $contact_name = $_POST['contact_name']; $telephone = $_POST['telephone']; $email = $_POST['email']; $email2 = $_POST['confirmemail']; $fax = $_POST['fax']; $address = $_POST['address']; $overview = $_POST['overview']; $public = $_POST['public']; $newsletter = $_POST['newsletter']; $terms = $_POST['terms']; } mysql_real_escape_string($username, $link); mysql_real_escape_string($password, $link); mysql_real_escape_string($contact_name, $link); mysql_real_escape_string($company_number, $link); mysql_real_escape_string($telephone, $link); mysql_real_escape_string($email, $link); mysql_real_escape_string($fax, $link); mysql_real_escape_string($address, $link); mysql_real_escape_string($overview, $link); mysql_real_escape_string($public, $link); if ($public !== "on") { $public = "yes"; } else { $public = "no"; } // Make a safe query $query = "INSERT INTO client_login (username,password,contact_name,telephone,email,company_number,address,fax,company_info,public) VALUES ("$username","$password","$contact_name","$telephone","$email","$company_number","$address","$fax","$overview","$public")"; mysql_select_db($sqluser,$link); mysql_query($query); if (mysql_affected_rows($link) > 0) { echo "Data inserted\n"; } else { echo "Please ensure all require fields are completed\n"; } } } ?> Link to comment https://forums.phpfreaks.com/topic/110946-solved-php-script-to-input-into-sql/ Share on other sites More sharing options...
revraz Posted June 19, 2008 Share Posted June 19, 2008 Why are you checking your fields when you do your Insert? Validation should be done way before you even think of doing the Query. Link to comment https://forums.phpfreaks.com/topic/110946-solved-php-script-to-input-into-sql/#findComment-569183 Share on other sites More sharing options...
xyn Posted June 19, 2008 Share Posted June 19, 2008 if ($public !== "on") { $public = "yes"; } else { $public = "no"; } should be: if ($public != "on") { $public = "yes"; } else { $public = "no"; } But your code looks a bit messy, ill re-create it and see if it works. Link to comment https://forums.phpfreaks.com/topic/110946-solved-php-script-to-input-into-sql/#findComment-569184 Share on other sites More sharing options...
ag3nt42 Posted June 19, 2008 Share Posted June 19, 2008 if ($public !== "on") { $public = "yes"; } else { $public = "no"; } should be: if ($public != "on") { $public = "yes"; } else { $public = "no"; } But your code looks a bit messy, ill re-create it and see if it works. JW, if public is not on.. why would u want to turn it on? it must be off for a reason yes? and if not why have the check in the first place? ??? Link to comment https://forums.phpfreaks.com/topic/110946-solved-php-script-to-input-into-sql/#findComment-569188 Share on other sites More sharing options...
xyn Posted June 19, 2008 Share Posted June 19, 2008 and i think your missing... mysql_select_db(DATABASE,$link); Link to comment https://forums.phpfreaks.com/topic/110946-solved-php-script-to-input-into-sql/#findComment-569191 Share on other sites More sharing options...
xyn Posted June 19, 2008 Share Posted June 19, 2008 Here is your new refurbished code... <?php # variable secure function # no more sql injection function secure($str,$lcase=false){ $str =(($lcase)?strtolower($str):$str); $str =stripslashes($str); $str =strip_tags($str); $str =trim($str); $str =mysql_real_escape_string($str); return $str; } # validate your fields? # i would use regular expressions on other fields # liek phone numbers etc. if(!$_POST['username']) $error_array[] ="Please enter a username!"; if(!$_POST['password']) $error_array[] ="Please enter a password!"; if(!$_POST['confirmpass']) $error_array[] ="Please confirm your password!"; if(!$_POST['company_number']) $error_array[] ="Please enter a company number!"; if(!$_POST['contact_name']) $error_array[] ="Please enter a contact name!"; if(!$_POST['telephone']) $error_array[] ="Please enter a valid telephone number!"; if(!preg_match("/^[a-z0-9._%-]+@[a-z0-9.%-]+\.[a-z0-9]{2,4}$/i",$_POST['email'])) $error_array[] ="Please enter a valid email address!"; if(!preg_match("/^[a-z0-9._%-]+@[a-z0-9.%-]+\.[a-z0-9]{2,4}$/i",$_POST['email'])) $error_array[] ="Please correctly confirm your email address!"; # does an error exist? # if yes, so will an array! if(is_array($error_array)){ print "<ul>Please amend the following error(s):</ul>"; foreach($error_array as $error) print "<li>$error</li>"; }else{ # sql connection $host = "***"; $sqluser = "***"; $sqlpass = "***"; $databasename ="user_database"; # connect to mysql $link = mysql_connect($host,$sqluser,$sqlpass); # select your database $db = mysql_connect($databasename,$link); # $link or $db aren't connecting. if(!$link||!$db){ die("Cannot connect to database, or the database doesnt exist!"); }else{ # secure vars $username = secure($_POST['username']); $password = secure($_POST['password']); $password2 = secure($_POST['confirmpass']); $company_number = secure($_POST['company_number']); $contact_name = secure($_POST['contact_name']); $telephone = secure($_POST['telephone']); $email = secure($_POST['email']); $email2 = secure($_POST['confirmemail']); $fax = secure($_POST['fax']); $address = secure($_POST['address']); $overview = secure($_POST['overview']); $public = secure($_POST['public']); $newsletter = secure($_POST['newsletter']); $terms = secure($_POST['terms']); # what ever this is. if($public!="on"){ $public = "yes"; }else{ $public = "no"; } # your query # to debug use or die(mysql_error()); mysql_query("INSERT INTO client_login (`username`,`password`,`contact_name`,`telephone`,`email`,`company_number`,`address`,`fax`,`company_info`,`public`) VALUES ('$username','$password','$contact_name','$telephone','$email','$company_number','$address','$fax','$overview','$public')"); print "executed"; } } ?> EDIT: Your Queries are causing you your problems! username password are used by MYSQL. there for you need to do `username` and `password` otherwise your query is causing an error. Link to comment https://forums.phpfreaks.com/topic/110946-solved-php-script-to-input-into-sql/#findComment-569196 Share on other sites More sharing options...
Grazza Posted June 19, 2008 Author Share Posted June 19, 2008 Thanks for the help, i think i understand what you mean about why mine didnt work, will now sit here and work out how you did your code in an effort to understand it all . The $public !="on" was simply to change a value taken form a checkbox in html into the required value for my sql form Thanks again Link to comment https://forums.phpfreaks.com/topic/110946-solved-php-script-to-input-into-sql/#findComment-569202 Share on other sites More sharing options...
xyn Posted June 19, 2008 Share Posted June 19, 2008 <input type="checkbox" name="test" value="test_value" /> if checked would return as: Array( [test] => test_value ) if not checked, would return as: Array( ) I.e it isnt set, so a quick: <?php if(!_POST['test']){ print 'checked'; }else{ print 'not checked'; } ?> Link to comment https://forums.phpfreaks.com/topic/110946-solved-php-script-to-input-into-sql/#findComment-569206 Share on other sites More sharing options...
Grazza Posted June 20, 2008 Author Share Posted June 20, 2008 I dont quite understand what you mean here Xyn this piece of code always returns checked, even when the checkbox isnt. Link to comment https://forums.phpfreaks.com/topic/110946-solved-php-script-to-input-into-sql/#findComment-570060 Share on other sites More sharing options...
Grazza Posted June 20, 2008 Author Share Posted June 20, 2008 solved my own problem in the end i went with the following. # Check to see if Profile is Public. $public = 'no'; if(isset($_POST['public'])){ if ($public = 'public') { $public = 'yes'; } } Link to comment https://forums.phpfreaks.com/topic/110946-solved-php-script-to-input-into-sql/#findComment-570076 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.