Nothing echoed from $query = SELECT

[Matthew Herren]

What's wrong with this. I'm trying to show the user what was posted on a "confirm" page, and then give them the option to confirm, or edit. My first problem is getting it to echo so they can see it.

 

Here is the page:http://www.beccastowing.com/formdata/auto/form1.php

 

And here is the coding for the submit.php

<?php
include 'config.php';
include 'opendb.php';
$sql="INSERT INTO`dtherren`.`auto`(
`name`,
`last`,
`mi`,
`hp`,
`cp`,
`work`,
`email`,
`add`,
`add2`,
`city`,
`state`,
`zip`,
`password`
) VALUES (
'{$_POST['name']}',
'{$_POST['last']}',
'{$_POST['mi']}',
'{$_POST['hp']}',
'{$_POST['cp']}',
'{$_POST['work']}',
'{$_POST['email']}',
'{$_POST['add']}',
'{$_POST['add2']}',
'{$_POST['city']}',
'{$_POST['state']}',
'{$_POST['zip']}',
'{$_POST['password']}')";

$query  = "SELECT name, last, mi FROM auto";
$result = mysql_query($query);

{
    echo "Name :{$row['name']} " .
         "Subject : {$row['last']} " .
         "Message : {$row['mi']} ";
}
$res=mysql_query($sql)or die(mysql_error());
?>

Should these be separate query's or what?

[Mchl]

See mysql_fetch_array or mysql_fetch_row

[Matthew Herren]

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/content/d/h/e/dherren/html/formdata/auto/submit.php on line 35

 

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/content/d/h/e/dherren/html/formdata/auto/submit.php on line 39

 

What if I want to echo what was just posted?

[Mchl]

Can you show your code after changes?

[Matthew Herren]

<?php
include '/home/content/d/h/e/dherren/html/scripts/config.php';
include '/home/content/d/h/e/dherren/html/scripts/opendb.php';
$sql="INSERT INTO`dtherren`.`auto`(
`name`,
`last`,
`mi`,
`hp`,
`cp`,
`work`,
`email`,
`add`,
`add2`,
`city`,
`state`,
`zip`,
`password`
) VALUES (
'{$_POST['name']}',
'{$_POST['last']}',
'{$_POST['mi']}',
'{$_POST['hp']}',
'{$_POST['cp']}',
'{$_POST['work']}',
'{$_POST['email']}',
'{$_POST['add']}',
'{$_POST['add2']}',
'{$_POST['city']}',
'{$_POST['state']}',
'{$_POST['zip']}',
'{$_POST['password']}')";

$result = mysql_query("SELECT name, last FROM auto");

while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
    printf("ID: %s  Name: %s", $row[0], $row[1]);  
}

mysql_free_result($result);

$res=mysql_query($sql)or die(mysql_error());
?>

[Mchl]

Ok. These errors indicate, that something went wrong when executing the query.

We must now see what is the actual MySQL error message. Try changing

 

$result = mysql_query("SELECT name, last FROM auto");

 

to

 

$result = mysql_query("SELECT name, last FROM auto") or trigger_error('Query failed: ' . mysql_error(), E_USER_ERROR);

[Matthew Herren]

Ok it told me no database was selected. So i changed

$result = mysql_query("SELECT name, last FROM auto");

to:

$result = mysql_query("SELECT name, last FROM `dtherren`.`auto`");

thanks MCHL, does that only do what was just posted?

 

[Mchl]

You can select database using mysql_select_db

 

This query will pull all rows from 'auto' table. You do not put insert time into the table, so you can't select only the last one.

[Matthew Herren]

Insert Time? How would I do that? Actualy I was just wanting to show the user the one they just posted.

And now i'm getting a new error when i tried to add more values.

Fatal error: Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'add, add2, city, state, zip, password, FROM `dtherren`.`auto`' at line 1 in formdata/auto/submit.php on line 33

The Up-Dated Code:

<?php
include '/home/content/d/h/e/dherren/html/scripts/config.php';
include '/home/content/d/h/e/dherren/html/scripts/opendb.php';
$sql="INSERT INTO`dtherren`.`auto`(
`name`,
`last`,
`mi`,
`hp`,
`cp`,
`work`,
`email`,
`add`,
`add2`,
`city`,
`state`,
`zip`,
`password`
) VALUES (
'{$_POST['name']}',
'{$_POST['last']}',
'{$_POST['mi']}',
'{$_POST['hp']}',
'{$_POST['cp']}',
'{$_POST['work']}',
'{$_POST['email']}',
'{$_POST['add']}',
'{$_POST['add2']}',
'{$_POST['city']}',
'{$_POST['state']}',
'{$_POST['zip']}',
'{$_POST['password']}')";

$result = mysql_query("SELECT name, last, mi, hp, cp, work, email, add, add2, city, state, zip, password, FROM `dtherren`.`auto`") or trigger_error('Query failed: ' . mysql_error(), E_USER_ERROR);

while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
    printf("First: %s  Last: %s", $row[0], $row[1]);  
}

mysql_free_result($result);

$res=mysql_query($sql)or die(mysql_error());
?>

[Mchl]

You have unnecessary comma (,) after 'password' in SELECT query.

 

Do you have a primary key for this table? If yes, is it auto_increment column?

[jon23d]

You should scrub your data prior to insertion.  Use mysql_escape_string on each post variable you are inserting.  If there is no other validation that needs to be performed, you can literally use:

 

foreach ($_POST as $key => $value) $_POST[$key] = mysql_escape_string($value);

 

As far as your query failing, I could be wrong, but I think that if you use backticks in some places, then you have to use them everywhere.  So, try:

 

SELECT `name`, `last`, `mi`, `hp`, `cp`, `work`, `email`, `add`, `add2`, `city`, `state`, `zip`, `password`, FROM `dtherren`.`auto`

 

And do you really want to store your password in plain-text?

[Matthew Herren]

Ok the backticks worked.

Yes I have the ID field and it auto_increment.

I do have validation, but it's on the page with the form. I'm using a javascript validation.

[Mchl]

Validation is one thing, but escaping data is quite another. See Chapter 3 here.

 

You can use mysql_insert_id to get ID of last row inserted and use it to display this data.

[jon23d]

Javascript is not sufficient for scrubbing your data.  Javascript can be disabled or changed by the client, I do it routinely.  You MUST escape your data, or you will regret it!