Error adding to database via HTML form

[eMonk]

The php/mysql code below is called after a user fills out a html form and click on submit:

 

insert-model.php

 

<html>
<head>
<title>Untitled Document</title>
</head>

<body>
<h1>Model Entry Results</h1>

<?php
// create short variable names
$name=$_POST['name'];
$age=$_POST['age'];
$height=$_POST['height'];
$hair=$_POST['hair'];
$measurements=$_POST['measurements'];
$weight=$_POST['weight'];
$eyes=$_POST['eyes'];
$service=$_POST['service'];
$nationality=$_POST['nationality'];
$location=$_POST['location'];
$city_1=$_POST['city_1'];
$city_2=$_POST['city_2'];
$city_3=$_POST['city_3'];
$city_4=$_POST['city_4'];
$phone=$_POST['phone'];
$email_1=$_POST['email_1'];
$email_2=$_POST['email_2'];
$website=$_POST['website'];
$description=$_POST['description'];
$availability=$_POST['availability'];
$thumbnail=$_POST['thumbnail'];
$url=$_POST['url'];
$status=$_POST['status'];
$views=$_POST['views'];
$expiry_date=$_POST['expiry_date'];
$notes=$_POST['notes'];

if (!$name || !$thumbnail || !$url || !$views || !$expiry_date) {
  echo "You have not entered all the required details.<br />"
  ."Please go back and try again.";
  exit;
}

if (!get_magic_quotes_gpc()) {
  $name = addslashes($name);
  $height = addslashes($height);
  $hair = addslashes($hair);
  $measurements = addslashes($measurements);
  $eyes = addslashes($eyes);
  $nationality = addslashes($nationality);
  $location = addslashes($location);
  $phone = addslashes($phone);
  $email_1 = addslashes($email_1);
  $email_2 = addslashes($email_2);
  $website = addslashes($website);
  $description = addslashes($description);
  $availability = addslashes($availability);
  $thumbnail = addslashes($thumbnail);
  $url = addslashes($url);
  $expiry_date = addslashes($expiry_date);
  $notes = addslashes($notes);
}

@ $db = new mysqli('host', 'username', 'password', 'database'); // these values were removed

if (mysqli_connect_error()) {
  echo "Error: Could not connect to database. Please try again later.";
  exit;
}

$query = "insert into model values
  ('".$name."', '".$age."', '".$height."', '".$hair."', '".$measurements."', '".$weight."', '".$eyes."', '".$service."', '".$nationality."', '".$location."', '".$city_1."', '".$city_2."', '".$city_3."', '".$city_4."', '".$phone."', '".$email_1."', '".$email_2."', '".$website."', '".$description."', '".$availability."', '".$thumbnail."', '".$url."', '".$status."', '".$views."', '".$expiry_date."', '".$notes."')"; 
$result = $db->query($query);

if ($result) {
  echo $db->affected_rows." service provider inserted into the database.";
} else {
  echo "An error has occurred. The model was not added.";
}

$db->close();

?>
</body>
</html>

 

I keep getting the following error:

 

"An error has occurred. The model was not added."

 

Any ideas?

 

 

[Rommeo]

For to create short variables, you may write extract($_POST), you dont need to write that long.

and

for insert query :

"insert into model (dbfieldage, dbfieldname, ) values ( '$postedage', ... ) "

[eMonk]

I added in the following code but get the same error:

 

$query = "insert into model (model_name, age, height, hair, measurements, weight, eyes, service, nationality, location, city_1, city_2, city_3, city_4, phone, email_1, email_2, website, description, schedule, thumbnail, url, status, views, expiry_date, notes) values
  ('$name', '$age', '$height', '$hair', '$measurements', '$weight', '$eyes', '$service', '$nationality', '$location', '$city_1', '$city_2', '$city_3', '$city_4', '$phone', '$email_1', '$email_2', '$website', '$description', '$availability', '$thumbnail', '$url', '$status', '$views', '$expiry_date', '$notes')"; 
$result = $db->query($query);

 

[Rommeo]

$query = "insert into model (model_name, age, height, hair, measurements, weight, eyes, service, nationality, location, city_1, city_2, city_3, city_4, phone, email_1, email_2, website, description, schedule, thumbnail, url, status, views, expiry_date, notes) values

  ('$name', '$age', '$height', '$hair', '$measurements', '$weight', '$eyes', '$service', '$nationality', '$location', '$city_1', '$city_2', '$city_3', '$city_4', '$phone', '$email_1', '$email_2', '$website', '$description', '$availability', '$thumbnail', '$url', '$status', '$views', '$expiry_date', '$notes')";

 

after these, write these :

$result = mysql_result ( $query ) or die ( mysql_error() ) ;

 

now it will tell you what the problem is, copy it here if you can not figure it out.

[eMonk]

Warning: Wrong parameter count for mysql_result() in /usr/www/virtual/user/domain/v1/admin/insert-model.php on line 75

 

line 75 is:

 

$result = mysql_result ( $query ) or die ( mysql_error() ) ;

[Rommeo]

my mistake,

it has to be

mysql_query, not the result.

$result = mysql_query( $query ) or die ( mysql_error() ) ;

[eMonk]

Warning: mysql_query() [function.mysql-query]: Access denied for user 'root'@'localhost' (using password: NO) in /usr/www/virtual/user/domain/v1/admin/insert-model.php on line 75

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /usr/www/virtual/user/domain/v1/admin/insert-model.php on line 75

Access denied for user 'root'@'localhost' (using password: NO)

[Rommeo]

You are not using password, or your password is wrong as it says.

[eMonk]

@ $db = new mysqli('host', 'username', 'password', 'database'); // these values were removed

 

I just logged into the mysql server via putty with this info and it worked.

 

 

[Rommeo]

Did you create a DB and set the values ? added the user ? or is that a test server that you can use empty values ?

Generally by default host is "localhost" and you set the rest. 

[eMonk]

I have it working now...forgot to set NULL as the first value as I'm using model_id int unsigned not null auto_increment primary key

 

No idea why it was giving me those login/password errors as it was correct.

[eMonk]

By the way, what did you mean by  extract($_POST)

 

Do I just use that instead of my short variable names?

[Rommeo]

// create short variable names

$name=$_POST['name'];

$age=$_POST['age'];

$height=$_POST['height'];

$hair=$_POST['hair'];

$measurements=$_POST['measurements'];

$weight=$_POST['weight'];

$eyes=$_POST['eyes'];

$service=$_POST['service'];

$nationality=$_POST['nationality'];

$location=$_POST['location'];

$city_1=$_POST['city_1'];

$city_2=$_POST['city_2'];

$city_3=$_POST['city_3'];

$city_4=$_POST['city_4'];

$phone=$_POST['phone'];

$email_1=$_POST['email_1'];

$email_2=$_POST['email_2'];

$website=$_POST['website'];

$description=$_POST['description'];

$availability=$_POST['availability'];

$thumbnail=$_POST['thumbnail'];

$url=$_POST['url'];

$status=$_POST['status'];

$views=$_POST['views'];

$expiry_date=$_POST['expiry_date'];

$notes=$_POST['notes'];

 

echo $notes;

 

instead,

you just write

 

extract($_POST);

echo $notes;

 

Same thing.

[eMonk]

Oh wow, that is awesome.. thanks bro!

[Pikachu2000]

Regarding security vulnerabilities and the use of extract:

 

Do not use extract() on untrusted data' date=' like user input[/color'] (i.e. $_GET, $_FILES, etc.). If you do, for example if you want to run old code that relies on register_globals temporarily, make sure you use one of the non-overwriting extract_type values such as EXTR_SKIP and be aware that you should extract in the same order that's defined in variables_order within the php.ini.

[eMonk]

Would it be safer to just use my old short variable names instead of extract($_POST)?

 

I'm not too sure what the php manual meant on extract().