yshua Posted August 10, 2012 Share Posted August 10, 2012 Hello, group of swell people again: Have finally gotten mysql and php configured successfully, php5.3.8, mysql5.5, Apache2.2, Win7.... So my consultant was unsure if the following statement needed to be upgraded to Mysqli command format to keep it from messing up: <?php $conn = mysql_connect( "localhost", "host", "password"); or die("Unable to connect to MySQL"); mysql_select_db("reccus2"); if (mysql_error()) { echo "<br />". mysql_errno(). " : ". mysql_error(); } mysql_query("INSERT INTO usertbl (fname,lname,address,city,state,zip,phone,emailid,howhear) VALUES ('".$_REQUEST['fname']."','".$_REQUEST['lname']."','".$_REQUEST['address']."','".$_REQUEST['city']."','".$_REQUEST['state']."','".$_REQUEST['zip']."','".$_REQUEST['phone']."' ,'".$_REQUEST['emailid']."','".$_REQUEST['howhear']."')"); session_start(); $_SESSION['user']=$_REQUEST['fname']; ?> No emsg is generated from code above, so am wondering why the usertbl table record is unrecorded. All comments appreciated, Yshua mod edit: add tags Quote Link to comment Share on other sites More sharing options...
xyph Posted August 10, 2012 Share Posted August 10, 2012 You aren't checking for errors after you execute your query. Changing over to mysqli won't save you from query errors, but it will allow you to use prepared statements to help automatically prevent injection attacks - something your current code has no protection from. Quote Link to comment Share on other sites More sharing options...
yshua Posted August 10, 2012 Author Share Posted August 10, 2012 Dear Xyph: My consultant just told me to remove the semicolon out of the above code before the "or" in the first connect to Mysql emsg and now that is the message coming forth! Also could you please elaborate on what to change in the above code to incorporate the mysqli security features. Just any pointer will do! Thanks so very much, Yshua Quote Link to comment Share on other sites More sharing options...
xyph Posted August 10, 2012 Share Posted August 10, 2012 http://www.google.com/search?q=preventing+mysql+injection+php Quote Link to comment Share on other sites More sharing options...
yshua Posted August 21, 2012 Author Share Posted August 21, 2012 Dear forum: Got a handle on it now!! All about a charset conflict because original programmers were designing a "decorative" website, without a webserver database in mind.... Must work it back from the ground up. So MYSQLI logic is up and running, without ever being the real issue. Yshua Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.