shinichi_nguyen Posted January 6, 2010 Share Posted January 6, 2010 I follow 2 tutorials online. One is validate with jQuery, one is how to Insert data into database with php. I had to modify the two method a little bit and it doesn't work :( There is some jquery code for the onlick submit button before, but when I put that code in, the validate wont work! so i removed it to get the validate, and i think that maybe i just simply sent the info to the php file but it does not work! (I'm positive I dont mistype and miss any variable and fieldname sent from html page to php file! ) Here is the html page (the form only) <form id="myform" action="members.php" method="post"> <table border="1" bgcolor="#CCCCCC"> <tr> <td width="282"><label for="name">Name</label></td> <td width="452"><input type="text" name="name" id="name" class="required" minlength="2" size="75" /></td> </tr> <tr> <td><label for="nationality">Nationality</label></td> <td><input type="text" name="nationality" id="nationality" /></td> </tr> <tr> <td><label for="address">Address</label></td> <td><textarea name="address" id="address" class="required"></textarea></td> </tr> <tr> <td><label for="phone1">Phone 1</label></td> <td><input type="text" name="phone1" id="phone1" class="digits" /></td> </tr> <tr> <td><label for="phone2">Phone 2</label></td> <td><input type="text" name="phone2" id="phone2" class="digits"/></td> </tr> <tr> <td><label for="fax">Fax</label></td> <td><input type="text" name="fax" id="fax" class="digits" /></td> </tr> <tr> <td><label for="email">Email</label></td> <td><input type="text" name="email" id="email" size="50" class="required email" /></td> </tr> <tr> <td><label for="companyname">Company name</label></td> <td><input type="text" name="companyname" id="companyname" size="50" /></td> </tr> <tr> <td><label for="title">Title</label></td> <td><input type="text" name="title" id="title" size="50" /></td> </tr> <tr> <td><label for="typeofbusiness">Type of business</label></td> <td><input type="text" name="typeofbusiness" id="typeofbusiness" size="50" /></td> </tr> <tr> <td> </td> <td>Choose the type of membership you wish to join</td> </tr> <tr> <td>Type of membership</td> <td><select name="typeofmember" id="typeofmember"> <option value="I" selected>Individual</option> <option value="C">Corporation</option> <option value="A">Associate</option> </select><br /> <br /> </tr> <tr> <td>Today is</td> <td><input type="text" name="datesubmitted" id="datesubmitted" disabled="disabled" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="submit" id="submit" value="Submit"/> </td> </tr> </table> </form> </div> And here is the php code with the inject attack prevent <?php $conn = new mysqli('localhost','someuser',somepassword,'somedbname'); $query = "INSERT INTO usvnmembers(name, nationality, address, phone1, phone2, fax, email, companyname, title, typeofbusiness, typeofmember, datesubmitted) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"; $stmt = $conn->stmt_init(); if($stmt->prepare($query)){ $stmt->bind_param('ssssssssssss', $_POST['name'], $_POST['nationality'], $_POST['address'], $_POST['phone1'], $_POST['phone2'], $_POST['fax'], $_POST['email'], $_POST['companyname'], $_POST['title'], $_POST['typeofbusiness'], $_POST['typeofmember'], $_POST['datesubmitted']); $stmt->execute(); } if($stmt){ echo "Thank you for registering. Please make payment to complete the process."; } else{ echo "There was a problem. Please try again later."; } ?> Link to comment https://forums.phpfreaks.com/topic/187484-pls-tell-me-wat-wrong-wthis-insert-method-cause-it-doesnt-work-thank-you/ Share on other sites More sharing options...
teamatomic Posted January 6, 2010 Share Posted January 6, 2010 Some valid values in you query statement might help. HTH Teamatomic Link to comment https://forums.phpfreaks.com/topic/187484-pls-tell-me-wat-wrong-wthis-insert-method-cause-it-doesnt-work-thank-you/#findComment-989971 Share on other sites More sharing options...
shinichi_nguyen Posted January 6, 2010 Author Share Posted January 6, 2010 Thanks for replying. Did you mean the part of (?,?,?,?,?...) I learned from that tutorial that it prevent the inject attack. After that row, there is the bind data code: $stmt->bind_param.... Or you have any other suggestion? Thank you Link to comment https://forums.phpfreaks.com/topic/187484-pls-tell-me-wat-wrong-wthis-insert-method-cause-it-doesnt-work-thank-you/#findComment-990019 Share on other sites More sharing options...
shinichi_nguyen Posted January 7, 2010 Author Share Posted January 7, 2010 Please help! Link to comment https://forums.phpfreaks.com/topic/187484-pls-tell-me-wat-wrong-wthis-insert-method-cause-it-doesnt-work-thank-you/#findComment-990038 Share on other sites More sharing options...
mrMarcus Posted January 7, 2010 Share Posted January 7, 2010 what is 'ssssssssssss'? Link to comment https://forums.phpfreaks.com/topic/187484-pls-tell-me-wat-wrong-wthis-insert-method-cause-it-doesnt-work-thank-you/#findComment-990056 Share on other sites More sharing options...
shinichi_nguyen Posted January 7, 2010 Author Share Posted January 7, 2010 It's a part of the bind_param function. Instead of putting the value directly, I put ? then feed it with the bind_param. Link to comment https://forums.phpfreaks.com/topic/187484-pls-tell-me-wat-wrong-wthis-insert-method-cause-it-doesnt-work-thank-you/#findComment-990080 Share on other sites More sharing options...
shinichi_nguyen Posted January 7, 2010 Author Share Posted January 7, 2010 Basically I have made it to work with the below code. If anyone still want to help me to figure out why the initial code didnt work, I would appreciate that. This working code as I know is not safe with injection. Help me to optimize it pls! <?php $conn = mysql_connect('localhost','user','mypasswd'); if (!conn) { die('Could not connect to database' . mysql_error()); } mysql_select_db("mydb",$conn); $query = "INSERT INTO usvnmembers(name, nationality, address, phone1, phone2, fax, email, companyname, title, typeofbusiness, typeofmember, datesubmitted) VALUES ('$_POST[name]', '$_POST[nationality]', '$_POST[address]', '$_POST[phone1]', '$_POST[phone2]', '$_POST[fax]', '$_POST[email]', '$_POST[companyname]', '$_POST[title]', '$_POST[typeofbusiness]', '$_POST[typeofmember]', '$_POST[datesubmitted]')"; if (!mysql_query($query,$conn)) { die('Error somewhere' . mysql_error()); } echo "Thank you." mysql_close($conn); ?> Link to comment https://forums.phpfreaks.com/topic/187484-pls-tell-me-wat-wrong-wthis-insert-method-cause-it-doesnt-work-thank-you/#findComment-990091 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.