Help with mysql_query

[BoltZ]

Hi everyone. Can someone help me with this code? I am trying to get the user to fill out a form and (its method=post) then it inserts into a table those values. I am not in anyway knowledgable with mysql queries as I have never had to use them. Can someone give me example code? Here is my form

 

<form action="install.php" method="post">
<div><div>
<fieldset><legend>Select your database type</legend>
<div><label><strong>Database type</strong><br />
<select name="req_db_type">
<option value="mysqli">MySQL Improved</option>
<option value="mysql">MySQL Standard</option>
</select><br /></label></div>
</fieldset></div>

<fieldset><legend>Enter the Tables Prefix</legend>
<div><p>This allows you to run multiple copies of RemoteBB in the same database</p>
<label><strong>Table Prefix</strong><br />
<input type="text" name="table_prefix" value="bb_" size="25" maxlength="25" /><br /></label></div>
</fieldset></div>

<div><div>
<h3>Administration setup</h3>
<p>Please enter the requested information in order to setup an administrator for your RemoteBB installation</p>
<br /></div>
<fieldset><legend>Enter Administrators username</legend>
<div><p>The username of the forum administrator. You can later create more administrators and moderators. Usernames can be between 3 and 25 characters long.</p>
<label><strong>Administrator username</strong><br />
<input type="text" name="admin_username" size="25" maxlength="25" /><br /></label></div>
</fieldset></div><div>
<fieldset><legend>Enter and confirm Administrator password</legend>
<div><p>Passwords can be between 4 and 16 characters long. Passwords are case sensitive.</p>
<label><strong>Password</strong><br />
<input id="req_password1" type="text" name="admin_password1" size="16" maxlength="16" /><br /></label> <label><strong>Confirm password</strong><br />
<input type="text" name="admin_password" size="16" maxlength="16" /><br /></label></div>
</fieldset></div><div>
<fieldset><legend>Enter Administrator's e-mail</legend>
<div><p>The e-mail address of the forum administrator.</p>
<label for="req_email"><strong>Administrator's e-mail</strong><br />
<input id="req_email" type="text" name="admin_email" size="50" maxlength="50" /><br /></label></div>
</fieldset></div></div>
<div class="button input"><input type="submit" value="Finish Installation" alt="Submit button" name="step1" /></div>
</form>

 

this is the table structure

 

$query13 = "CREATE TABLE `pre_forum_admin` (
  `admin_username` varchar(32) NOT NULL default '',
  `admin_password` varchar(32) NOT NULL default '',
  `admin_email` varchar(128) NOT NULL default '',
  `table_prefix` varchar(32) NOT NULL default 'bb_',
  PRIMARY KEY  (`admin_username`),
  UNIQUE KEY `user_email` (`admin_email`)
) TYPE=MyISAM";

 

and i need to do like

$query14 = INSERT INTO `pre_forum_admin` (admin_username, admin_password, admin_email, table_prefix) values($_POST['admin_username'],$_POST['admin_password'],$_POST['admin_email'],$_POST['table_prefix'])

[corbin]

You need quotes around your variables.  (Since quotes.)

 

 

Also, you should consider relearning PHP if you didn't put quotes around the SQL query... lol...

 

 

Anyway:

 

$query14 = "INSERT INTO `pre_forum_admin` (admin_username, admin_password, admin_email, table_prefix) VALUES ('{$_POST['admin_username']}','{$_POST['admin_password']}','{$_POST['admin_email']'},'{$_POST['table_prefix']'});";

 

 

 

 

Also, google the term "SQL injection," because your script either relies on magic quotes (which are the devil) or it's wide open to SQL injection.

[BoltZ]

As I have said I have never used a mysql_query before. Who says I have even grasped PHP yet? I already know what an SQL injection is. I used to try out the missions on HackThisSite.org. Thanks I see what you did and I'll try to remember that for the future. And I already know I had to put "" there I was just in a hurry to get this thread opened.

[BoltZ]

Oh darn I have an error with your code. It says its expecting a }

 

 

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting '}' in /home/ericr/public_html/test/install/remote.sql on line 142

 

$query14 = "INSERT INTO `pre_forum_admin` (admin_username, admin_password, admin_email, table_prefix) VALUES ('{$_POST['admin_username']}','{$_POST['admin_password']}','{$_POST['admin_email']'},'{$_POST['table_prefix']'});";

 

I don't see a spot where you forgot the closing }..

[kenrbnsn]

In this segment

'{$_POST['admin_email']'}

the terminating '} needs to be reversed }'

'{$_POST['admin_email']}'

 

Ken

[BoltZ]

Nice eye

 

edit:

 

It displays the page now but with this warning at the top of the page

 

 

Warning: Unexpected character in input: ''' (ASCII=39) state=1 in /home/ericr/public_html/test/install/remote.sql on line 142

 

I have never had this error before so I don't know what to look for.

 

Heres my updated code

$query14 = "INSERT INTO `pre_forum_admin` (admin_username, admin_password, admin_email, table_prefix) VALUES ('{$_POST['admin_username']}','{$_POST['admin_password']}','{$_POST['admin_email']}','{$_POST['table_prefix']'});";

[BoltZ]

I have started to research this error and in this one thread they were talking about cache. Not sure if thats related to this problem though

[corbin]

Well ASCII code 39 is ' so I would assume it's something wrong with one of the ' marks.

 

 

Man I'm just full of typos today....

 

 

,'{$_POST['table_prefix']'}

 

should be

 

,'{$_POST['table_prefix']}