Jump to content

Can someone possibly fix this?

Attila

By Attila
in PHP Coding Help

 Share

Recommended Posts

Attila Member

Attila

Posted
Posted

I want to insert this data from a form into my database.

 

$sql = mysql_query('INSERT INTO `Character`) WHERE (`user` = $uname AND `password` =  $Pass) VALUES (NULL, \'$uname\', \'$Pass]\', \'$_POST[realname]\', \'$_POST[maintoonsname]\', \'$_POST[location]\', \'$_POST[timezone]\', \'$_POST[playtime]\', \'$_POST[blog]') or die(mysql_error());

 

Link to comment
https://forums.phpfreaks.com/topic/121021-can-someone-possibly-fix-this/
Share on other sites
Attila Member

Attila

Posted
  • Author
Posted

OK I have done some fixing to this with the suggestions provided but still no luck:

 

mysql_query("UPDATE Character SET maintoonsname = '$_POST[maintoonsname]' 
AND SET location = '$_POST[location]' 
AND SET timezone = '$_POST[timezone]' 
AND SET playtime = '$_POST[playtime]' 
AND SET blog = "$blogging" 
WHERE user = "$uname" AND password = "$Pass"");

Attila Member

Attila

Posted
  • Author
Posted

Thanks for that last piece of input but still no help so let me provide everything it might help more on the grand sceme of this.  I am just creating a simple blog for a video game a group of us play.  It is not going to be super safe as I will hard code the user and password into the database so I am not too concerned about security.  If you could please look at this and tell me what is wrong I would realy appreciate it.  You can go to this website to view it the user name is Test and the pass it Test. http://thaczero.com/memberslog.php

 

You will notice a bunch of echo statements so I can see what data I am loosing and I might have those wrong as well. LOL

 

Things I notice wrong it is not updating the database and I can't seem to get the echo statements to echo the correct data or any data for that matter.

 

<?
// start the session 
session_start();
ob_start();
header("Cache-control: private"); //IE 6 Fix 
?>
<title>THAC0 (To Hit Armor Class Zero)</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="CSS/style.css" rel="stylesheet" type="text/css">
<body bgcolor="#000000" text="#CCCCCC">
<div>
<? 

include ('includes/thacoheader.php');
include ('includes/allfunctions.php');

if ($count != "1") 
{

$sql = "SELECT * FROM `Character` WHERE `user` = \"$_GET[uname]\" AND `password` =  \"$_GET[Password]\"";
database_connected();
$result = mysql_query($sql) or die(mysql_error());
$num_rows = mysql_num_rows($result);
while($row = mysql_fetch_array($result)) 
{  
$count = 1;
$uname = $_GET['Uname'];
$pass = $_GET['Password'];
$img = $row['picture'];
$rname = $row['realname'];
$toon = $row['maintoonsname'];
$loc = $row['location'];
$tim = $row['timezone'];
$ptim = $row['playtime'];
$origblog = $row['blog'];
} //end to the while loop
}
?>
<p align="center"><img src="<? echo $img; ?>"></p>
<?
$top_form = "<form method=\"post\" action=\"$_SERVER[php_SELF]\">

<table align=\"center\">
<tr class=\"cindex\">
    	<td>Field Name</td>
	<td>Whats in the Database</td>
	<td>This is the colum you edit</td>
	<td>Notes</td>
  </tr>
<tr class=\"cindex\">
    	<td>Real Name:</td>
	<td>$rname</td>
	<td><input name=\"textfield\" type=\"text\" name=\"realname\" size=\"30\" maxlength=\"30\" value=\"$_POST[realname]\"/></td>
	<td>This can only be up to 30 Characters long with no spaces just your first name.</td>
  </tr>
<tr class=\"cindex\">
    	<td>Main Toons Name:</td>
	<td>$toon </td>
	<td><input name=\"textfield\" type=\"text\" name=\"maintoonsname\" size=\"30\" maxlength=\"30\" value=\"$_POST[maintoonsname]\"/></td>
	<td>This can only be up to 30 Characters long with no spaces just your characters first name.</td>
  </tr>
<tr class=\"cindex\">
    	<td>Location:</td>
	<td>$loc</td>
	<td><input name=\"textfield\" type=\"text\" name=\"location\" size=\"30\" maxlength=\"30\" value=\"$_POST[location]\"/></td>
	<td>This can only be up to 30 Characters long and it is where you live.</td>
  </tr>
<tr class=\"cindex\">
    	<td>Time Zone:</td>
	<td>$tim</td>
	<td><input name=\"textfield\" type=\"text\" name=\"timezone\" size=\"30\" maxlength=\"30\" value=\"$_POST[timezone]\"/></td>
	<td>What time zone do you live in?</td>
  </tr>
<tr class=\"cindex\">
   	<td>Play time:</td>
	<td>$ptim</td>
	<td><input name=\"textfield\" type=\"text\" name=\"playtime\" size=\"30\" maxlength=\"30\" value=\"$_POST[playtime]\"/></td>		
	<td>What time of day do you usually play?</td>
  </tr>
<tr class=\"cindex\">
   	<td colspan=\"4\">Blog:</td>
  </tr>
    </tr>
<tr class=\"cindex\">
   	<td colspan=\"4\"><p>Just add more of your blog information at the top here.  
If you delete any data here and submit it will be lost.  This data is going to be parsed with BBC code.  
So some things that you can do to spruce up your coding look like this:  	
  </p>
  <p>This is for Bold					[b][/b]
  <br>	    
    This is for italix					[i][/i]
    <br>
    This is for underline				[u][/u]
    <br>
    This is for a hyperlink				[url][/url]
    <br>
    This is to align left				[align=left][/align]
    <br>
    This is to align center				[align=center][/align]
    <br>
    This is to align right				[align=right[/align]
        <br>
        This is for an image			    [img][/img] </p>
  <br>
  You will need to put your text between those tags so they will work.  
If you accidantly screwed up on what you are adding and want to start over please go to another web address like 
www.thaczero.com then relog back in so you will not loose what you already have in the database.
  </td>
  </tr>

<tr class=\"cindex\">
<td colspan=\"2\" valign=\"top\">$origblog
<td colspan=\"2\"><div align=\"center\"><textarea name=\"blog\" cols=\"75\" rows=\"30\">$_POST[blog]</textarea></div>
</tr>
</tr>
  </tr>
<tr class=\"cindex\">
   	<td colspan=\"4\"><div align=\"center\">
   	  <input type=\"submit\" name=\"Submit\" value=\"Submit\" />
      <input type=\"hidden\" name=\"op\" value=\"ds\">
	  </div></td>
  </tr>
</table>
</form>";


if ($_POST[op] != "ds") 
{ 
	// they need to see the form 
	echo $top_form; 
} 
else if ($_POST[op] == "ds") 
	{ 
	$blogging = "$origblog"."$_POST[blog]";

$query = mysql_query("UPDATE charactedatabase SET maintoonsname = '$_POST[maintoonsname]' 
, SET location = '$_POST[location]' 
, SET timezone = '$_POST[timezone]' 
, SET playtime = '$_POST[playtime]' 
, SET blog = '$blogging'
WHERE user = '$uname' 
, password = '$Pass'");

	echo $_POST['realname']."<br>";
	echo $_POST['maintoonsname']."<br>";
	echo $_POST['location']."<br>";
	echo $_POST['timezone']."<br>";
	echo $_POST['playtime']."<br>";
	echo $blogging."<br>";
	echo $uname."<br>";
	echo $Pass."<br>";
	echo "these are the variables<br>";
	echo $uname;
	echo "<br>";
	echo $pass;
	echo "<br>";
	echo $img;
	echo "<br>";
	echo $rname;
	echo "<br>";
	echo $toon;
	echo "<br>";
	echo $loc;
	echo "<br>";
	echo $tim;
	echo "<br>";
	echo $ptim;
	echo "<br>";
	echo $origblog;
	echo "<br>";
	exit;


	}
include ('includes/thacofooter.php');
?>

Caesar Newbie

Caesar

Posted
Posted

Not sure but maybe some of your column names are reserved words in MySQL. Try surrounding the table and field names in ticks.(Eg. UPDATE `charactedatabase` SET `maintoonsname` = ...)

 

And you definitely don't want to use the post data directly like that...such a security issue that can come back and bite you in the ass later.

Attila Member

Attila

Posted
  • Author
Posted

I tried what you said as well but still no luck.  If somoen can look at my echo statements at the bottom do I have them correcly to echo the data.  I am not seing any data after I submit and they echo.  So if I knew I was echoing them corectly then for some reason my variables are not getting the data.  So I could look into that.

Lamez Advanced Member

Lamez

Posted
Posted

I am not too sure what the other members are saying, but in a mysql insert query it should look like this:

 

<?php
$firstname = $_POST['firstname'];
$lastname =  $_POST['lastname'];
$query = "INSERT INTO `table` (firstname, lastname) VALUES (''$firstname', $'lastname')";

mysql_query($query);
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.