prcollin Posted July 23, 2008 Share Posted July 23, 2008 <?php include clientconnect.php; include newclient.html; mysql_select_db("greencut_customercenter", $con); $sql="INSERT INTO clients (client_fname, client_lname, client_address, client_city, client_state, client_zipcode, client_phone, client_cphone, client_email, client_website, client_notes) VALUES('$_POST[client_fname]','$_POST[client_lname]','$_POST[client_address]','$_POST[client_city]','$_POST[client_state]','$_POST[client_zipcode]','$_POST[client_phone]','$_POST[client_cphone]','$_POST[client_email]','$_POST[client_website]','$_POST[client_notes]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added";mysql_close($con) ?> Link to comment https://forums.phpfreaks.com/topic/116256-anything-wrong-with-this-using-php5/ Share on other sites More sharing options...
akitchin Posted July 23, 2008 Share Posted July 23, 2008 ... you tell us. does it spit out an error? if so, what is the error? does it do the operation? what's wrong? Link to comment https://forums.phpfreaks.com/topic/116256-anything-wrong-with-this-using-php5/#findComment-597780 Share on other sites More sharing options...
.josh Posted July 23, 2008 Share Posted July 23, 2008 you mean other than the fact that you don't have quotes around your included files, and that you are putting posted variables directly into your database without sanitizing them? Link to comment https://forums.phpfreaks.com/topic/116256-anything-wrong-with-this-using-php5/#findComment-597781 Share on other sites More sharing options...
prcollin Posted July 23, 2008 Author Share Posted July 23, 2008 using the code above i get this error. and just to note all the filenames are correct and in the same directory Warning: include(clientconnectphp) [function.include]: failed to open stream: No such file or directory in /home/greencut/public_html/forms/newclientform/newclient.php on line 3 Warning: include(clientconnectphp) [function.include]: failed to open stream: No such file or directory in /home/greencut/public_html/forms/newclientform/newclient.php on line 3 Warning: include() [function.include]: Failed opening 'clientconnectphp' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/greencut/public_html/forms/newclientform/newclient.php on line 3 Warning: include(newclienthtml) [function.include]: failed to open stream: No such file or directory in /home/greencut/public_html/forms/newclientform/newclient.php on line 4 Warning: include(newclienthtml) [function.include]: failed to open stream: No such file or directory in /home/greencut/public_html/forms/newclientform/newclient.php on line 4 Warning: include() [function.include]: Failed opening 'newclienthtml' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/greencut/public_html/forms/newclientform/newclient.php on line 4 Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/greencut/public_html/forms/newclientform/newclient.php on line 6 Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/greencut/public_html/forms/newclientform/newclient.php on line 12 Error: Link to comment https://forums.phpfreaks.com/topic/116256-anything-wrong-with-this-using-php5/#findComment-597783 Share on other sites More sharing options...
prcollin Posted July 23, 2008 Author Share Posted July 23, 2008 not good at sanitizing can you help Link to comment https://forums.phpfreaks.com/topic/116256-anything-wrong-with-this-using-php5/#findComment-597784 Share on other sites More sharing options...
.josh Posted July 23, 2008 Share Posted July 23, 2008 Think you should focus on making your script work first. did you put quotes around your included files? include "clientconnect.php"; include "newclient.html"; If you did, and everything is now working, then instead of using $_POST['blah'] in your query, do this (for each one): $blah = mysql_real_escape_string($_POST['blah']); $sql = "insert into table (blah) values ('$blah')"; Link to comment https://forums.phpfreaks.com/topic/116256-anything-wrong-with-this-using-php5/#findComment-597789 Share on other sites More sharing options...
prcollin Posted July 23, 2008 Author Share Posted July 23, 2008 Think you should focus on making your script work first. did you put quotes around your included files? include "clientconnect.php"; include "newclient.html"; If you did, and everything is now working, then instead of using $_POST['blah'] in your query, do this (for each one): $blah = mysql_real_escape_string($_POST['blah']); $sql = "insert into table (blah) values ('$blah')"; so if i had 5 elements i would have it like this? $blah = mysql_real_escape_string($_POST['blah']); $sql = "insert into table (blah) values ('$blah')"; $blah = mysql_real_escape_string($_POST['blah']); $sql = "insert into table (blah) values ('$blah')"; $blah = mysql_real_escape_string($_POST['blah']); $sql = "insert into table (blah) values ('$blah')"; $blah = mysql_real_escape_string($_POST['blah']); $sql = "insert into table (blah) values ('$blah')"; $blah = mysql_real_escape_string($_POST['blah']); $sql = "insert into table (blah) values ('$blah')"; Link to comment https://forums.phpfreaks.com/topic/116256-anything-wrong-with-this-using-php5/#findComment-597799 Share on other sites More sharing options...
prcollin Posted July 24, 2008 Author Share Posted July 24, 2008 does this format look alright? <?php include "clientconnect.php"; include "newclient.html"; mysql_select_db("greencut_customercenter", $con); $client_fname = mysql_real_escape_string($_POST['client_fname']); $sql = "insert into table (clients) values ('$client_fname')"; $client_lname = mysql_real_escape_string($_POST['client_lname']); $sql = "insert into table (clients) values ('$client_lname')"; $client_address = mysql_real_escape_string($_POST['client_address']); $sql = "insert into table (clients) values ('$client_address')"; $client_city = mysql_real_escape_string($_POST['client_city']); $sql = "insert into table (clients) values ('$client_city')"; $client_state = mysql_real_escape_string($_POST['client_state']); $sql = "insert into table (clients) values ('$client_state')"; $client_zipcode = mysql_real_escape_string($_POST['client_zipcode']); $sql = "insert into table (clients) values ('$client_zipcode')"; $client_phone = mysql_real_escape_string($_POST['client_phone']); $sql = "insert into table (clients) values ('$client_phone')"; $client_cphone = mysql_real_escape_string($_POST['client_cphone']); $sql = "insert into table (clients) values ('$client_cphone')"; $client_email = mysql_real_escape_string($_POST['client_email']); $sql = "insert into table (clients) values ('$client_email')"; $client_website = mysql_real_escape_string($_POST['client_website']); $sql = "insert into table (clients) values ('$client_website')"; $client_notes = mysql_real_escape_string($_POST['client_notes']); $sql = "insert into table (clients) values ('$client_notes')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added";mysql_close($con) ?> Link to comment https://forums.phpfreaks.com/topic/116256-anything-wrong-with-this-using-php5/#findComment-598651 Share on other sites More sharing options...
.josh Posted July 24, 2008 Share Posted July 24, 2008 No you would still use one query string with all your columns/values. And unless your table is named "table" your table name needs to go where 'table' is in your query. And you're using the same column name in every single one of those query strings there... just use your original query string except with your sanitized vars instead of the posted vars. $sql="INSERT INTO clients (client_fname, client_lname, client_address, client_city, client_state, client_zipcode, client_phone, client_cphone, client_email, client_website, client_notes) VALUES('$client_fname','$client_lname','$client_address','$client_city','$client_state','$client_zipcode','$client_phone','$client_cphone','$client_email','$client_website','$client_notes')"; Link to comment https://forums.phpfreaks.com/topic/116256-anything-wrong-with-this-using-php5/#findComment-598791 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.