Jump to content

Anything wrong with this?? Using php5


prcollin

Recommended Posts

<?php

include clientconnect.php;
include newclient.html;

mysql_select_db("greencut_customercenter", $con);

$sql="INSERT INTO clients (client_fname, client_lname, client_address, client_city, client_state, client_zipcode, client_phone, client_cphone, client_email, client_website, client_notes)

VALUES('$_POST[client_fname]','$_POST[client_lname]','$_POST[client_address]','$_POST[client_city]','$_POST[client_state]','$_POST[client_zipcode]','$_POST[client_phone]','$_POST[client_cphone]','$_POST[client_email]','$_POST[client_website]','$_POST[client_notes]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";mysql_close($con)
?>

Link to comment
https://forums.phpfreaks.com/topic/116256-anything-wrong-with-this-using-php5/
Share on other sites

using the code above i get this error.

 

and just to note all the filenames are correct and in the same directory

 

Warning: include(clientconnectphp) [function.include]: failed to open stream: No such file or directory in /home/greencut/public_html/forms/newclientform/newclient.php on line 3

Warning: include(clientconnectphp) [function.include]: failed to open stream: No such file or directory in /home/greencut/public_html/forms/newclientform/newclient.php on line 3

Warning: include() [function.include]: Failed opening 'clientconnectphp' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/greencut/public_html/forms/newclientform/newclient.php on line 3

Warning: include(newclienthtml) [function.include]: failed to open stream: No such file or directory in /home/greencut/public_html/forms/newclientform/newclient.php on line 4

Warning: include(newclienthtml) [function.include]: failed to open stream: No such file or directory in /home/greencut/public_html/forms/newclientform/newclient.php on line 4

Warning: include() [function.include]: Failed opening 'newclienthtml' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/greencut/public_html/forms/newclientform/newclient.php on line 4

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/greencut/public_html/forms/newclientform/newclient.php on line 6

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/greencut/public_html/forms/newclientform/newclient.php on line 12
Error: 

Think you should focus on making your script work first.  did you put quotes around your included files?

 

 

include "clientconnect.php";

include "newclient.html";

 

If you did, and everything is now working, then instead of using $_POST['blah'] in your query, do this (for each one):

 

$blah = mysql_real_escape_string($_POST['blah']);

$sql = "insert into table (blah) values ('$blah')";

 

Think you should focus on making your script work first.  did you put quotes around your included files?

 

 

include "clientconnect.php";

include "newclient.html";

 

If you did, and everything is now working, then instead of using $_POST['blah'] in your query, do this (for each one):

 

$blah = mysql_real_escape_string($_POST['blah']);

$sql = "insert into table (blah) values ('$blah')";

 

 

 

so if i had 5 elements i would have it like this?

 

$blah = mysql_real_escape_string($_POST['blah']);
$sql = "insert into table (blah) values ('$blah')";

$blah = mysql_real_escape_string($_POST['blah']);
$sql = "insert into table (blah) values ('$blah')";

$blah = mysql_real_escape_string($_POST['blah']);
$sql = "insert into table (blah) values ('$blah')";

$blah = mysql_real_escape_string($_POST['blah']);
$sql = "insert into table (blah) values ('$blah')";

$blah = mysql_real_escape_string($_POST['blah']);
$sql = "insert into table (blah) values ('$blah')";

does this format look alright?

 

<?php

include "clientconnect.php";
include "newclient.html";


mysql_select_db("greencut_customercenter", $con);


$client_fname = mysql_real_escape_string($_POST['client_fname']);
$sql = "insert into table (clients) values ('$client_fname')";

$client_lname = mysql_real_escape_string($_POST['client_lname']);
$sql = "insert into table (clients) values ('$client_lname')";

$client_address = mysql_real_escape_string($_POST['client_address']);
$sql = "insert into table (clients) values ('$client_address')";

$client_city = mysql_real_escape_string($_POST['client_city']);
$sql = "insert into table (clients) values ('$client_city')";

$client_state = mysql_real_escape_string($_POST['client_state']);
$sql = "insert into table (clients) values ('$client_state')";

$client_zipcode = mysql_real_escape_string($_POST['client_zipcode']);
$sql = "insert into table (clients) values ('$client_zipcode')";

$client_phone = mysql_real_escape_string($_POST['client_phone']);
$sql = "insert into table (clients) values ('$client_phone')";


$client_cphone = mysql_real_escape_string($_POST['client_cphone']);
$sql = "insert into table (clients) values ('$client_cphone')";

$client_email = mysql_real_escape_string($_POST['client_email']);
$sql = "insert into table (clients) values ('$client_email')";

$client_website = mysql_real_escape_string($_POST['client_website']);
$sql = "insert into table (clients) values ('$client_website')";

$client_notes = mysql_real_escape_string($_POST['client_notes']);
$sql = "insert into table (clients) values ('$client_notes')";


if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";mysql_close($con)
?>



No you would still use one query string with all your columns/values. And unless your table is named "table" your table name needs to go where 'table' is in your query.  And you're using the same column name in every single one of those query strings there... just use your original query string except with your sanitized vars instead of the posted vars.

 

$sql="INSERT INTO clients (client_fname, client_lname, client_address, client_city, client_state, client_zipcode, client_phone, client_cphone, client_email, client_website, client_notes) VALUES('$client_fname','$client_lname','$client_address','$client_city','$client_state','$client_zipcode','$client_phone','$client_cphone','$client_email','$client_website','$client_notes')";

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.