unistake Posted January 28, 2009 Share Posted January 28, 2009 Hi, can someone look at this! Ive done tons of these before and spent over 30mins going over each comma in this code! Ive double checked all the variables and links. Therefore it must be how ive written it! Please have a look thanks <?php @session_start(); if (@$_SESSION['auth'] !="yes") { include ("../login.htm"); exit(); } extract($_POST); include ("../wayla.inc"); $username = $_SESSION['username']; $query = "INSERT INTO ac_spec (admin, reg, make, model, year, value, avionics, horsepower, mtow, usefulload, fuelcap, fuelgph, cruisingspeed, cruisingrange, tod, ld, intrating, extrating) VALUES ('$username', '$reg', '$make', '$model', '$year', '$value', '$avionics', $horsepower', '$mtow', '$usefulload', '$fuelcap', '$fuelgph', '$cruisingspeed', '$cruisingrange', '$tod', '$ld', '$intrating', '$extrating')"; $result = mysqli_query ($cxn,$query) or die ("cant execute query!"); echo "done!"; ?> Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/ Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 What error are you getting and have you tried echo'ing $query? Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749027 Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 the error is the 'die' result ("cant execute query") i havent echoed the $query. doing that now Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749031 Share on other sites More sharing options...
Prismatic Posted January 28, 2009 Share Posted January 28, 2009 $result = mysqli_query ($cxn,$query) or die (mysql_error()); See what it says Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749032 Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 that produces a blank screen :-S Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749035 Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 the error is the 'die' result ("cant execute query") Those kinds of errors aren't at all helpfull. Hence, the mysql interface provides its own functionality for usefull messages. Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749036 Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 You would need to use.... $result = mysqli_query ($cxn,$query) or die (mysqli_error($cnx)); Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749039 Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 ok. thanks for the tip. but that other $result you made produced nothing. Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749042 Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 Warning: mysqli_error() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\carbheat\TIMMYS\area\acspec_process.php on line 14 line 14 is the $result line. <?php @session_start(); if (@$_SESSION['auth'] !="yes") { include ("../login.htm"); exit(); } extract($_POST); include ("../wayla.inc"); $username = $_SESSION['username']; $query = "INSERT INTO ac_spec (admin, reg, make, model, year, value, avionics, horsepower, mtow, usefulload, fuelcap, fuelgph, cruisingspeed, cruisingrange, tod, ld, intrating, extrating) VALUES ('$username', '$reg', '$make', '$model', '$year', '$value', '$avionics', $horsepower', '$mtow', '$usefulload', '$fuelcap', '$fuelgph', '$cruisingspeed', '$cruisingrange', '$tod', '$ld', '$intrating', '$extrating')"; $result = mysqli_query ($cxn,$query) or die (mysqli_error($cnx)); echo "done!"; ?> Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749044 Share on other sites More sharing options...
Prismatic Posted January 28, 2009 Share Posted January 28, 2009 Warning: mysqli_error() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\carbheat\TIMMYS\area\acspec_process.php on line 14 line 14 is the $result line. <?php @session_start(); if (@$_SESSION['auth'] !="yes") { include ("../login.htm"); exit(); } extract($_POST); include ("../wayla.inc"); $username = $_SESSION['username']; $query = "INSERT INTO ac_spec (admin, reg, make, model, year, value, avionics, horsepower, mtow, usefulload, fuelcap, fuelgph, cruisingspeed, cruisingrange, tod, ld, intrating, extrating) VALUES ('$username', '$reg', '$make', '$model', '$year', '$value', '$avionics', $horsepower', '$mtow', '$usefulload', '$fuelcap', '$fuelgph', '$cruisingspeed', '$cruisingrange', '$tod', '$ld', '$intrating', '$extrating')"; $result = mysqli_query ($cxn,$query) or die (mysqli_error($cnx)); echo "done!"; ?> $cnx obviously isn't a valid connection link then, where do you make the connection? Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749045 Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 $cnx obviously isn't a valid connection link then, where do you make the connection? this is in the include("../wayla.inc") it does work i have checked this also Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749046 Share on other sites More sharing options...
DarkWater Posted January 28, 2009 Share Posted January 28, 2009 It should be $cxn, not $cnx. Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749047 Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 oh yeah. ok that says now, You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', '', '', '', '', '', '', '', '', '', '')' at line 2 Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749049 Share on other sites More sharing options...
gaza165 Posted January 28, 2009 Share Posted January 28, 2009 <?php @session_start(); if (@$_SESSION['auth'] !="yes") { include ("../login.htm"); exit(); } extract($_POST); include ("../wayla.inc"); $username = $_SESSION['username']; $query = "INSERT INTO ac_spec (admin, reg, make, model, year, value, avionics, horsepower, mtow, usefulload, fuelcap, fuelgph, cruisingspeed, cruisingrange, tod, ld, intrating, extrating) VALUES ('$username', '$reg', '$make', '$model', '$year', '$value', '$avionics', $horsepower', '$mtow', '$usefulload', '$fuelcap', '$fuelgph', '$cruisingspeed', '$cruisingrange', '$tod', '$ld', '$intrating', '$extrating')"; $result = mysqli_query ($cxn,$query) or die (mysqli_error($cxn)); echo "done!"; ?> Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749051 Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 Theres your problem. Your $_POST variables aren't being sent. ps: Simply extracting the $_POST array like that is VERY dangerous. You haven't sanatized your input at all. Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749055 Share on other sites More sharing options...
gaza165 Posted January 28, 2009 Share Posted January 28, 2009 another thing $query = "INSERT INTO ac_spec (admin, reg, make, model, year, value, avionics, horsepower, mtow, usefulload, fuelcap, fuelgph, cruisingspeed, cruisingrange, tod, ld, intrating, extrating) VALUES ('$username', '$reg', '$make', '$model', '$year', '$value', '$avionics', HERE!!! $horsepower', '$mtow', '$usefulload', '$fuelcap', '$fuelgph', '$cruisingspeed', '$cruisingrange', '$tod', '$ld', '$intrating', '$extrating')"; should be $query = "INSERT INTO ac_spec (admin, reg, make, model, year, value, avionics, horsepower, mtow, usefulload, fuelcap, fuelgph, cruisingspeed, cruisingrange, tod, ld, intrating, extrating) VALUES ('$username', '$reg', '$make', '$model', '$year', '$value', '$avionics', '$horsepower', '$mtow', '$usefulload', '$fuelcap', '$fuelgph', '$cruisingspeed', '$cruisingrange', '$tod', '$ld', '$intrating', '$extrating')"; Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749056 Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 ah! thanks for the "HERE!!!" Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749059 Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 Thanks for all your instant help guys! thorpe, howcome the extract($_POST) is dangerous? - I take your word for it but would like to know Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749062 Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 Thanks for all your instant help guys! thorpe, howcome the extract($_POST) is dangerous? - I take your word for it but would like to know Because you don't escape any of the incoming data. This meens I could execute sql injections on your database and remove any data, gain access, all sorts of stuff you probably don't want people doing. Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749064 Share on other sites More sharing options...
Prismatic Posted January 28, 2009 Share Posted January 28, 2009 Thanks for all your instant help guys! thorpe, howcome the extract($_POST) is dangerous? - I take your word for it but would like to know anyone can send arbitrary post variables to your script and it would make them PHP variables automatically. I think Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749065 Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 ok i'll take that on board. Sorry one more thing... Is there a way of doing something like this... SELECT * FROM database WHERE name='$username' OR member='$username' thanks Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749066 Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 ok i'll take that on board. Sorry one more thing... Is there a way of doing something like this... SELECT * FROM database WHERE name='$username' OR member='$username' thanks Yes. You just did it. Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749067 Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 ah fantastic! i didnt try it. i didnt think that would be the correct way of doing it. cheers for all your help.. LEGENDS! Link to comment https://forums.phpfreaks.com/topic/142875-solved-very-simple-query-problem-driving-me-insane/#findComment-749068 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.