unistake Posted January 28, 2009 Share Posted January 28, 2009 Hi, can someone look at this! Ive done tons of these before and spent over 30mins going over each comma in this code! Ive double checked all the variables and links. Therefore it must be how ive written it! Please have a look thanks <?php @session_start(); if (@$_SESSION['auth'] !="yes") { include ("../login.htm"); exit(); } extract($_POST); include ("../wayla.inc"); $username = $_SESSION['username']; $query = "INSERT INTO ac_spec (admin, reg, make, model, year, value, avionics, horsepower, mtow, usefulload, fuelcap, fuelgph, cruisingspeed, cruisingrange, tod, ld, intrating, extrating) VALUES ('$username', '$reg', '$make', '$model', '$year', '$value', '$avionics', $horsepower', '$mtow', '$usefulload', '$fuelcap', '$fuelgph', '$cruisingspeed', '$cruisingrange', '$tod', '$ld', '$intrating', '$extrating')"; $result = mysqli_query ($cxn,$query) or die ("cant execute query!"); echo "done!"; ?> Quote Link to comment Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 What error are you getting and have you tried echo'ing $query? Quote Link to comment Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 the error is the 'die' result ("cant execute query") i havent echoed the $query. doing that now Quote Link to comment Share on other sites More sharing options...
Prismatic Posted January 28, 2009 Share Posted January 28, 2009 $result = mysqli_query ($cxn,$query) or die (mysql_error()); See what it says Quote Link to comment Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 that produces a blank screen :-S Quote Link to comment Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 the error is the 'die' result ("cant execute query") Those kinds of errors aren't at all helpfull. Hence, the mysql interface provides its own functionality for usefull messages. Quote Link to comment Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 You would need to use.... $result = mysqli_query ($cxn,$query) or die (mysqli_error($cnx)); Quote Link to comment Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 ok. thanks for the tip. but that other $result you made produced nothing. Quote Link to comment Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 Warning: mysqli_error() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\carbheat\TIMMYS\area\acspec_process.php on line 14 line 14 is the $result line. <?php @session_start(); if (@$_SESSION['auth'] !="yes") { include ("../login.htm"); exit(); } extract($_POST); include ("../wayla.inc"); $username = $_SESSION['username']; $query = "INSERT INTO ac_spec (admin, reg, make, model, year, value, avionics, horsepower, mtow, usefulload, fuelcap, fuelgph, cruisingspeed, cruisingrange, tod, ld, intrating, extrating) VALUES ('$username', '$reg', '$make', '$model', '$year', '$value', '$avionics', $horsepower', '$mtow', '$usefulload', '$fuelcap', '$fuelgph', '$cruisingspeed', '$cruisingrange', '$tod', '$ld', '$intrating', '$extrating')"; $result = mysqli_query ($cxn,$query) or die (mysqli_error($cnx)); echo "done!"; ?> Quote Link to comment Share on other sites More sharing options...
Prismatic Posted January 28, 2009 Share Posted January 28, 2009 Warning: mysqli_error() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\carbheat\TIMMYS\area\acspec_process.php on line 14 line 14 is the $result line. <?php @session_start(); if (@$_SESSION['auth'] !="yes") { include ("../login.htm"); exit(); } extract($_POST); include ("../wayla.inc"); $username = $_SESSION['username']; $query = "INSERT INTO ac_spec (admin, reg, make, model, year, value, avionics, horsepower, mtow, usefulload, fuelcap, fuelgph, cruisingspeed, cruisingrange, tod, ld, intrating, extrating) VALUES ('$username', '$reg', '$make', '$model', '$year', '$value', '$avionics', $horsepower', '$mtow', '$usefulload', '$fuelcap', '$fuelgph', '$cruisingspeed', '$cruisingrange', '$tod', '$ld', '$intrating', '$extrating')"; $result = mysqli_query ($cxn,$query) or die (mysqli_error($cnx)); echo "done!"; ?> $cnx obviously isn't a valid connection link then, where do you make the connection? Quote Link to comment Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 $cnx obviously isn't a valid connection link then, where do you make the connection? this is in the include("../wayla.inc") it does work i have checked this also Quote Link to comment Share on other sites More sharing options...
DarkWater Posted January 28, 2009 Share Posted January 28, 2009 It should be $cxn, not $cnx. Quote Link to comment Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 oh yeah. ok that says now, You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', '', '', '', '', '', '', '', '', '', '')' at line 2 Quote Link to comment Share on other sites More sharing options...
gaza165 Posted January 28, 2009 Share Posted January 28, 2009 <?php @session_start(); if (@$_SESSION['auth'] !="yes") { include ("../login.htm"); exit(); } extract($_POST); include ("../wayla.inc"); $username = $_SESSION['username']; $query = "INSERT INTO ac_spec (admin, reg, make, model, year, value, avionics, horsepower, mtow, usefulload, fuelcap, fuelgph, cruisingspeed, cruisingrange, tod, ld, intrating, extrating) VALUES ('$username', '$reg', '$make', '$model', '$year', '$value', '$avionics', $horsepower', '$mtow', '$usefulload', '$fuelcap', '$fuelgph', '$cruisingspeed', '$cruisingrange', '$tod', '$ld', '$intrating', '$extrating')"; $result = mysqli_query ($cxn,$query) or die (mysqli_error($cxn)); echo "done!"; ?> Quote Link to comment Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 Theres your problem. Your $_POST variables aren't being sent. ps: Simply extracting the $_POST array like that is VERY dangerous. You haven't sanatized your input at all. Quote Link to comment Share on other sites More sharing options...
gaza165 Posted January 28, 2009 Share Posted January 28, 2009 another thing $query = "INSERT INTO ac_spec (admin, reg, make, model, year, value, avionics, horsepower, mtow, usefulload, fuelcap, fuelgph, cruisingspeed, cruisingrange, tod, ld, intrating, extrating) VALUES ('$username', '$reg', '$make', '$model', '$year', '$value', '$avionics', HERE!!! $horsepower', '$mtow', '$usefulload', '$fuelcap', '$fuelgph', '$cruisingspeed', '$cruisingrange', '$tod', '$ld', '$intrating', '$extrating')"; should be $query = "INSERT INTO ac_spec (admin, reg, make, model, year, value, avionics, horsepower, mtow, usefulload, fuelcap, fuelgph, cruisingspeed, cruisingrange, tod, ld, intrating, extrating) VALUES ('$username', '$reg', '$make', '$model', '$year', '$value', '$avionics', '$horsepower', '$mtow', '$usefulload', '$fuelcap', '$fuelgph', '$cruisingspeed', '$cruisingrange', '$tod', '$ld', '$intrating', '$extrating')"; Quote Link to comment Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 ah! thanks for the "HERE!!!" Quote Link to comment Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 Thanks for all your instant help guys! thorpe, howcome the extract($_POST) is dangerous? - I take your word for it but would like to know Quote Link to comment Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 Thanks for all your instant help guys! thorpe, howcome the extract($_POST) is dangerous? - I take your word for it but would like to know Because you don't escape any of the incoming data. This meens I could execute sql injections on your database and remove any data, gain access, all sorts of stuff you probably don't want people doing. Quote Link to comment Share on other sites More sharing options...
Prismatic Posted January 28, 2009 Share Posted January 28, 2009 Thanks for all your instant help guys! thorpe, howcome the extract($_POST) is dangerous? - I take your word for it but would like to know anyone can send arbitrary post variables to your script and it would make them PHP variables automatically. I think Quote Link to comment Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 ok i'll take that on board. Sorry one more thing... Is there a way of doing something like this... SELECT * FROM database WHERE name='$username' OR member='$username' thanks Quote Link to comment Share on other sites More sharing options...
trq Posted January 28, 2009 Share Posted January 28, 2009 ok i'll take that on board. Sorry one more thing... Is there a way of doing something like this... SELECT * FROM database WHERE name='$username' OR member='$username' thanks Yes. You just did it. Quote Link to comment Share on other sites More sharing options...
unistake Posted January 28, 2009 Author Share Posted January 28, 2009 ah fantastic! i didnt try it. i didnt think that would be the correct way of doing it. cheers for all your help.. LEGENDS! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.