Jump to content

Anything wrong with this?? Using php5

prcollin

By prcollin
in PHP Coding Help

 Share

Recommended Posts

prcollin Advanced Member

prcollin

Posted
Posted 
<?php

include clientconnect.php;
include newclient.html;

mysql_select_db("greencut_customercenter", $con);

$sql="INSERT INTO clients (client_fname, client_lname, client_address, client_city, client_state, client_zipcode, client_phone, client_cphone, client_email, client_website, client_notes)

VALUES('$_POST[client_fname]','$_POST[client_lname]','$_POST[client_address]','$_POST[client_city]','$_POST[client_state]','$_POST[client_zipcode]','$_POST[client_phone]','$_POST[client_cphone]','$_POST[client_email]','$_POST[client_website]','$_POST[client_notes]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";mysql_close($con)
?>

Link to comment
https://forums.phpfreaks.com/topic/116256-anything-wrong-with-this-using-php5/
Share on other sites
prcollin Advanced Member

prcollin

Posted
  • Author
Posted

using the code above i get this error.

 

and just to note all the filenames are correct and in the same directory

 

Warning: include(clientconnectphp) [function.include]: failed to open stream: No such file or directory in /home/greencut/public_html/forms/newclientform/newclient.php on line 3

Warning: include(clientconnectphp) [function.include]: failed to open stream: No such file or directory in /home/greencut/public_html/forms/newclientform/newclient.php on line 3

Warning: include() [function.include]: Failed opening 'clientconnectphp' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/greencut/public_html/forms/newclientform/newclient.php on line 3

Warning: include(newclienthtml) [function.include]: failed to open stream: No such file or directory in /home/greencut/public_html/forms/newclientform/newclient.php on line 4

Warning: include(newclienthtml) [function.include]: failed to open stream: No such file or directory in /home/greencut/public_html/forms/newclientform/newclient.php on line 4

Warning: include() [function.include]: Failed opening 'newclienthtml' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/greencut/public_html/forms/newclientform/newclient.php on line 4

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/greencut/public_html/forms/newclientform/newclient.php on line 6

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/greencut/public_html/forms/newclientform/newclient.php on line 12
Error:

.josh Advanced Member

.josh

Posted
Posted

Think you should focus on making your script work first.  did you put quotes around your included files?

 

 

include "clientconnect.php";

include "newclient.html";

 

If you did, and everything is now working, then instead of using $_POST['blah'] in your query, do this (for each one):

 

$blah = mysql_real_escape_string($_POST['blah']);

$sql = "insert into table (blah) values ('$blah')";

 

prcollin Advanced Member

prcollin

Posted
  • Author
Posted

Think you should focus on making your script work first.  did you put quotes around your included files?

 

 

include "clientconnect.php";

include "newclient.html";

 

If you did, and everything is now working, then instead of using $_POST['blah'] in your query, do this (for each one):

 

$blah = mysql_real_escape_string($_POST['blah']);

$sql = "insert into table (blah) values ('$blah')";

 

 

 

so if i had 5 elements i would have it like this?

 

$blah = mysql_real_escape_string($_POST['blah']);
$sql = "insert into table (blah) values ('$blah')";

$blah = mysql_real_escape_string($_POST['blah']);
$sql = "insert into table (blah) values ('$blah')";

$blah = mysql_real_escape_string($_POST['blah']);
$sql = "insert into table (blah) values ('$blah')";

$blah = mysql_real_escape_string($_POST['blah']);
$sql = "insert into table (blah) values ('$blah')";

$blah = mysql_real_escape_string($_POST['blah']);
$sql = "insert into table (blah) values ('$blah')";

prcollin Advanced Member

prcollin

Posted
  • Author
Posted

does this format look alright?

 

<?php

include "clientconnect.php";
include "newclient.html";


mysql_select_db("greencut_customercenter", $con);


$client_fname = mysql_real_escape_string($_POST['client_fname']);
$sql = "insert into table (clients) values ('$client_fname')";

$client_lname = mysql_real_escape_string($_POST['client_lname']);
$sql = "insert into table (clients) values ('$client_lname')";

$client_address = mysql_real_escape_string($_POST['client_address']);
$sql = "insert into table (clients) values ('$client_address')";

$client_city = mysql_real_escape_string($_POST['client_city']);
$sql = "insert into table (clients) values ('$client_city')";

$client_state = mysql_real_escape_string($_POST['client_state']);
$sql = "insert into table (clients) values ('$client_state')";

$client_zipcode = mysql_real_escape_string($_POST['client_zipcode']);
$sql = "insert into table (clients) values ('$client_zipcode')";

$client_phone = mysql_real_escape_string($_POST['client_phone']);
$sql = "insert into table (clients) values ('$client_phone')";


$client_cphone = mysql_real_escape_string($_POST['client_cphone']);
$sql = "insert into table (clients) values ('$client_cphone')";

$client_email = mysql_real_escape_string($_POST['client_email']);
$sql = "insert into table (clients) values ('$client_email')";

$client_website = mysql_real_escape_string($_POST['client_website']);
$sql = "insert into table (clients) values ('$client_website')";

$client_notes = mysql_real_escape_string($_POST['client_notes']);
$sql = "insert into table (clients) values ('$client_notes')";


if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";mysql_close($con)
?>

.josh Advanced Member

.josh

Posted
Posted

No you would still use one query string with all your columns/values. And unless your table is named "table" your table name needs to go where 'table' is in your query.  And you're using the same column name in every single one of those query strings there... just use your original query string except with your sanitized vars instead of the posted vars.

 

$sql="INSERT INTO clients (client_fname, client_lname, client_address, client_city, client_state, client_zipcode, client_phone, client_cphone, client_email, client_website, client_notes) VALUES('$client_fname','$client_lname','$client_address','$client_city','$client_state','$client_zipcode','$client_phone','$client_cphone','$client_email','$client_website','$client_notes')";

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.