Matthew Herren Posted October 3, 2009 Share Posted October 3, 2009 What's wrong with this. I'm trying to show the user what was posted on a "confirm" page, and then give them the option to confirm, or edit. My first problem is getting it to echo so they can see it. Here is the page:http://www.beccastowing.com/formdata/auto/form1.php And here is the coding for the submit.php <?php include 'config.php'; include 'opendb.php'; $sql="INSERT INTO`dtherren`.`auto`( `name`, `last`, `mi`, `hp`, `cp`, `work`, `email`, `add`, `add2`, `city`, `state`, `zip`, `password` ) VALUES ( '{$_POST['name']}', '{$_POST['last']}', '{$_POST['mi']}', '{$_POST['hp']}', '{$_POST['cp']}', '{$_POST['work']}', '{$_POST['email']}', '{$_POST['add']}', '{$_POST['add2']}', '{$_POST['city']}', '{$_POST['state']}', '{$_POST['zip']}', '{$_POST['password']}')"; $query = "SELECT name, last, mi FROM auto"; $result = mysql_query($query); { echo "Name :{$row['name']} " . "Subject : {$row['last']} " . "Message : {$row['mi']} "; } $res=mysql_query($sql)or die(mysql_error()); ?> Should these be separate query's or what? Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 3, 2009 Share Posted October 3, 2009 See mysql_fetch_array or mysql_fetch_row Quote Link to comment Share on other sites More sharing options...
Matthew Herren Posted October 3, 2009 Author Share Posted October 3, 2009 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/content/d/h/e/dherren/html/formdata/auto/submit.php on line 35 Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/content/d/h/e/dherren/html/formdata/auto/submit.php on line 39 What if I want to echo what was just posted? Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 3, 2009 Share Posted October 3, 2009 Can you show your code after changes? Quote Link to comment Share on other sites More sharing options...
Matthew Herren Posted October 3, 2009 Author Share Posted October 3, 2009 <?php include '/home/content/d/h/e/dherren/html/scripts/config.php'; include '/home/content/d/h/e/dherren/html/scripts/opendb.php'; $sql="INSERT INTO`dtherren`.`auto`( `name`, `last`, `mi`, `hp`, `cp`, `work`, `email`, `add`, `add2`, `city`, `state`, `zip`, `password` ) VALUES ( '{$_POST['name']}', '{$_POST['last']}', '{$_POST['mi']}', '{$_POST['hp']}', '{$_POST['cp']}', '{$_POST['work']}', '{$_POST['email']}', '{$_POST['add']}', '{$_POST['add2']}', '{$_POST['city']}', '{$_POST['state']}', '{$_POST['zip']}', '{$_POST['password']}')"; $result = mysql_query("SELECT name, last FROM auto"); while ($row = mysql_fetch_array($result, MYSQL_NUM)) { printf("ID: %s Name: %s", $row[0], $row[1]); } mysql_free_result($result); $res=mysql_query($sql)or die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 3, 2009 Share Posted October 3, 2009 Ok. These errors indicate, that something went wrong when executing the query. We must now see what is the actual MySQL error message. Try changing $result = mysql_query("SELECT name, last FROM auto"); to $result = mysql_query("SELECT name, last FROM auto") or trigger_error('Query failed: ' . mysql_error(), E_USER_ERROR); Quote Link to comment Share on other sites More sharing options...
Matthew Herren Posted October 3, 2009 Author Share Posted October 3, 2009 Ok it told me no database was selected. So i changed $result = mysql_query("SELECT name, last FROM auto"); to: $result = mysql_query("SELECT name, last FROM `dtherren`.`auto`"); thanks MCHL, does that only do what was just posted? Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 3, 2009 Share Posted October 3, 2009 You can select database using mysql_select_db This query will pull all rows from 'auto' table. You do not put insert time into the table, so you can't select only the last one. Quote Link to comment Share on other sites More sharing options...
Matthew Herren Posted October 3, 2009 Author Share Posted October 3, 2009 Insert Time? How would I do that? Actualy I was just wanting to show the user the one they just posted. And now i'm getting a new error when i tried to add more values. Fatal error: Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'add, add2, city, state, zip, password, FROM `dtherren`.`auto`' at line 1 in formdata/auto/submit.php on line 33 The Up-Dated Code: <?php include '/home/content/d/h/e/dherren/html/scripts/config.php'; include '/home/content/d/h/e/dherren/html/scripts/opendb.php'; $sql="INSERT INTO`dtherren`.`auto`( `name`, `last`, `mi`, `hp`, `cp`, `work`, `email`, `add`, `add2`, `city`, `state`, `zip`, `password` ) VALUES ( '{$_POST['name']}', '{$_POST['last']}', '{$_POST['mi']}', '{$_POST['hp']}', '{$_POST['cp']}', '{$_POST['work']}', '{$_POST['email']}', '{$_POST['add']}', '{$_POST['add2']}', '{$_POST['city']}', '{$_POST['state']}', '{$_POST['zip']}', '{$_POST['password']}')"; $result = mysql_query("SELECT name, last, mi, hp, cp, work, email, add, add2, city, state, zip, password, FROM `dtherren`.`auto`") or trigger_error('Query failed: ' . mysql_error(), E_USER_ERROR); while ($row = mysql_fetch_array($result, MYSQL_NUM)) { printf("First: %s Last: %s", $row[0], $row[1]); } mysql_free_result($result); $res=mysql_query($sql)or die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 3, 2009 Share Posted October 3, 2009 You have unnecessary comma (,) after 'password' in SELECT query. Do you have a primary key for this table? If yes, is it auto_increment column? Quote Link to comment Share on other sites More sharing options...
jon23d Posted October 3, 2009 Share Posted October 3, 2009 You should scrub your data prior to insertion. Use mysql_escape_string on each post variable you are inserting. If there is no other validation that needs to be performed, you can literally use: foreach ($_POST as $key => $value) $_POST[$key] = mysql_escape_string($value); As far as your query failing, I could be wrong, but I think that if you use backticks in some places, then you have to use them everywhere. So, try: SELECT `name`, `last`, `mi`, `hp`, `cp`, `work`, `email`, `add`, `add2`, `city`, `state`, `zip`, `password`, FROM `dtherren`.`auto` And do you really want to store your password in plain-text? Quote Link to comment Share on other sites More sharing options...
Matthew Herren Posted October 3, 2009 Author Share Posted October 3, 2009 Ok the backticks worked. Yes I have the ID field and it auto_increment. I do have validation, but it's on the page with the form. I'm using a javascript validation. Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 3, 2009 Share Posted October 3, 2009 Validation is one thing, but escaping data is quite another. See Chapter 3 here. You can use mysql_insert_id to get ID of last row inserted and use it to display this data. Quote Link to comment Share on other sites More sharing options...
jon23d Posted October 3, 2009 Share Posted October 3, 2009 Javascript is not sufficient for scrubbing your data. Javascript can be disabled or changed by the client, I do it routinely. You MUST escape your data, or you will regret it! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.