robolist Posted February 26, 2011 Share Posted February 26, 2011 Hi there guys, I am very new to php and mySQL and i am currently working on a new site which I want to create a form where my sit visitors can leave their details so i can send them emails with future promotions... I have uploaded the files and when testing the form there doesnt seem to be any errors messages, but then when i go to my phpMyAdmin to check i it has worked. I can not see any of the information to which i ave entered from the form n the website.. I would be very grateful if somebody can please help me... the code for the php is as below.. Many many thanks in advance.. <?php $username="rdo10000_robin"; $password="mypassword"; $database="rdo10000_email"; mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); mysql_query($query); $query = "INSERT INTO data1 VALUES ('$_POST[name]','$_POST[email]','$_POST[phone]','$_POST[country]','$_POST[age]')"; header('Location: fish.html'); mysql_close(); ?> I really hope some one can help, many thanks in advance Quote Link to comment Share on other sites More sharing options...
Altrozero Posted February 26, 2011 Share Posted February 26, 2011 There are several problems with the script that I can see, first of all unless you have specified localhost as a const someone else you need to put quotation marks around it, mysql_connect('localhost',$username,$password); Second of all you are running the query $query before you have setup the query so switch the lines so they are in this order $query = "INSERT INTO data1 VALUES ('$_POST[name]','$_POST','$_POST[phone]','$_POST[country]','$_POST[age]')"; mysql_query($query); Thirdly you need to do error validation on the text going in to the query or you are leaving your database open to SQL injection. I would suggest reading up on it before you put this script online. Hope this helps. If you continue to have problems disable your redirect via the header function so you can see if any other errors are poping up. Quote Link to comment Share on other sites More sharing options...
robolist Posted February 26, 2011 Author Share Posted February 26, 2011 Hi Altrozero, Yes well i did take it off line as soon as it didnt work and just replaced it with a simple php script to send me an email with the details... But of course i really want to try to work out how to start using the database.. I will try what you have suggested if that still fails i will consult a professional to write the code for me.. Thanks again for your kind advice... Quote Link to comment Share on other sites More sharing options...
robolist Posted February 26, 2011 Author Share Posted February 26, 2011 There are several problems with the script that I can see, first of all unless you have specified localhost as a const someone else you need to put quotation marks around it, This worked... Thank you so much... Quote Link to comment Share on other sites More sharing options...
Altrozero Posted February 26, 2011 Share Posted February 26, 2011 Good good Try this article for securing your code http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php Quote Link to comment Share on other sites More sharing options...
robolist Posted February 26, 2011 Author Share Posted February 26, 2011 Good good Try this article for securing your code http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php Thank you so much... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.