JamesThePanda Posted January 15, 2010 Share Posted January 15, 2010 Any Ideas on why this isnt working ? $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); // Note "$conn" param added mysql_select_db(DB_NAME, $conn) or trigger_error('MySQL error: '.mysql_error(), E_USER_ERROR); if (isset($_POST['url']) & isset($_POST['page'])) { // Secure against SQL injection $url8 = $_POST['url']; $page8 = $_POST['page']; // Store the result resource returned $submit9 = mysql_query(" INSERT INTO `wordpress`.`wp_xposts` ( `id` , `postid` , `url`) VALUES ( NULL , `$page8`, `$url8`"); // Remove this part after if you want - just // makes it easier to spot if it's worked... if (mysql_affected_rows() > 0) { echo htmlentities($url8).' was added.'; } else { echo 'There was an error: '.mysql_error(); } } else { print_r($_POST, false); } $sql2 = "SELECT `ID`, `post_title` FROM `wordpress`.`wp_posts` WHERE post_status = 'publish' "; $result2 = mysql_query($sql2) or trigger_error(mysql_error()); echo '<form id="form1" name="form1" method="post" action=""> <label>url <input type="text" name="url" /> </label> <label>pages <select name="select">'; while($row = mysql_fetch_assoc($result2)){ echo ' <option name="page" page="'.$row['ID'].'" value="'.$row['ID'].'">'.$row['post_title'].'</option>'; } echo '</select> Add <input type="submit" name="Submit" value="Submit" /> </label> </form>'; Thanks James Quote Link to comment Share on other sites More sharing options...
RaythMistwalker Posted January 15, 2010 Share Posted January 15, 2010 // Secure against SQL injection $url8 = $_POST['url']; $page8 = $_POST['page']; that isn't securing against SQL injection. Quote Link to comment Share on other sites More sharing options...
JamesThePanda Posted January 15, 2010 Author Share Posted January 15, 2010 yes that was just a comment left by someone helping Does it need to secure it ? thanks James Quote Link to comment Share on other sites More sharing options...
Felex Posted January 15, 2010 Share Posted January 15, 2010 what is wrong with this code, cause i dont have an opportunity to test it and couldnt see any wrong at your code. you can get some errors for your insert statement, according to user inputs for $url8, $page8. secure them with mysql_real_escape_string() function. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.