Asacole Posted October 10, 2012 Share Posted October 10, 2012 So I was making a form and I followed a tutorial.. But it doesn't seem to work. This is the connect file: <? $DBhost = ""; $DBuser = ""; $DBpass = ""; $DBName = ""; $table = "fromdatamod"; mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database"); @mysql_select_db("$DBName") or die("Unable to select database $DBName"); $name=$_POST['name']; $whymodonserver=$_POST['lastname']; $playtimeonserver=$_POST['email']; $improveserver=$_POST['email']; $describeserver=$_POST['email']; $buildwithothermodstoimprove=$_POST['email']; $questionsamount=$_POST['email']; $swearorgreifhandle=$_POST['email']; $offerhelpanytime=$_POST['email']; $helpnoother=$_POST['email']; $competition=$_POST['email']; $playaday=$_POST['email']; $experienceother=$_POST['email']; $extrainfo=$_POST['email']; $apponserver=$_POST['email']; $sqlquery = "INSERT INTO $table(id, name, whymodonserver, playtimeonserver, improveserver, describeserver, buildwithothermodstoimprove, questionsamount, swearorgreifhandle, offerhelpanytime, helpnoother, competition, playaday, experienceother, extrainfo, apponserver) VALUES('$id','$name','$whymodonserver','$playtimeonserver','$improveserver','$describeserver','$buildwithothermodstoimprove','$questionsamount','$swearorgreifhandle','$offerhelpanytime','$helpnoother','$competition','$playaday','$experienceother','$extrainfo','$apponserver')"; $results = mysql_query($sqlquery); mysql_close(); print "<HTML><TITLE> PHP and MySQL </TITLE><BODY BGCOLOR=\"#FFFFFF\"><center><table border=\"0\" width=\"500\"><tr><td>"; print "<p><font face=\"verdana\" size=\"+0\"> <center>You Just Entered This Information Into the Database<p><blockquote>"; print "Posters IGN: $name Why do you want to be a moderator on starmine?: $whymodonserver How long have you played on starmine?: $playtimeonserver If we accepted you, what would you do to improve the server?: $improveserver How would you descride starmine?: $describeserver Are you willing to rebuild/build with other mods to improve the server?: $buildwithothermodstoimprove Considering the amount of players online, do you think you can handle the amount of qestions?: $questionsamount If someone swears or greifs, what would YOU do?: $swearorgreifhandle Are you willing to offer some freetime of your minecraft-ingame adventure to help people out?: $offerhelpanytime If no other mods are online, neither are admins, and someone has a problem, would you help him/her?: $helpnoother We sometimes host contests, would you encourage people to get in the competition?: $competition How long do you play a day?: $playaday Got any experience as a moderator on another server?: $experienceother Any extra info here: $extrainfo Applying to what server?: $apponserver" ?> <html> <body> </body> </html> Now it writes to the MySQL table.. But the problem is that it is empty :I This is the form: <form action="procapps&oper.php" method="post"> <p><input type="hidden" name="id" value="NULL"></p> <br> <p>In-game Name: <center><input type="text" name="name" /> </center> <br> </p> <p>Why do you want to be a moderator on <br> starmine?: <center><input type="text" name="whymodonserver" /> </center> <br> </p> <p>How long have you played on starmine?: <center><input type="text" name="playtimeonserver" /> </center> <br> </p> <p>If we accepted you, what would you do <br> to improve the server?: <center><input type="text" name="improveserver" /> </center> <br> </p> <p>How would you descride starmine?: <center><input type="text" name="describeserver" /> </center> <br> </p> <p>Are you willing to rebuild/build with <br> other mods to improve the server?: <center><input type="text" name="buildwithothermodstoimprove" /> </center> <br> </p> <p>Considering the amount of players online, <br> do you think you can handle the amount of qestions?: <center><input type="text" name="questionsamount" /> </center> <br> </p> <p>If someone swears or greifs, what would YOU do?: <center><input type="text" name="swearorgreifhandle" /> </center> <br> </p> <p>Are you willing to offer some freetime of <br> your minecraft-ingame adventure to help people out?: <center><input type="text" name="offerhelpanytime" /> </center> <br> </p> <p>If no other mods are online, neither are admins, <br> and someone has a problem, would you help him/her?: <center><input type="text" name="helpnoother" /> </center> <br> </p> <p>We sometimes host contests, would you encourage <br> people to get in the competition?: <center><input type="text" name="competition" /> </center> <br> </p> <p>How long do you play a day?: <center><input type="text" name="playaday" /> </center> <br> </p> <p>Got any experience as a moderator on another server?: <center><input type="text" name="experienceother" /> </center> <br> </p> <p>Any extra info here: <center><input type="text" name="extrainfo" /> </center> <br> </p> <p>Applying to what server?: <select name="apponserver"> <option value="null" selected="selected">Select a server or both</option> <option value="srv">Survival</option> <option value="pvp">PvP</option> <option value="both">Both</option> </select></p> <p><input type="submit" value="Submit" /> </p> </form></div> Can anyone see anything wrong? Please help Link to comment https://forums.phpfreaks.com/topic/269305-need-help-writing-into-mysql/ Share on other sites More sharing options...
Barand Posted October 10, 2012 Share Posted October 10, 2012 Take the id column and $id value out of the insert query. Link to comment https://forums.phpfreaks.com/topic/269305-need-help-writing-into-mysql/#findComment-1384198 Share on other sites More sharing options...
Asacole Posted October 10, 2012 Author Share Posted October 10, 2012 Take the id column and $id value out of the insert query. Thanks! But now there is another problem :I It seems like only the name is written into the table :I Not the other values.. Did anything do something weird? Link to comment https://forums.phpfreaks.com/topic/269305-need-help-writing-into-mysql/#findComment-1384200 Share on other sites More sharing options...
Pikachu2000 Posted October 10, 2012 Share Posted October 10, 2012 Do you realize you're assigning the value of $_POST['email']to nearly every variable in the query? Link to comment https://forums.phpfreaks.com/topic/269305-need-help-writing-into-mysql/#findComment-1384220 Share on other sites More sharing options...
Asacole Posted October 10, 2012 Author Share Posted October 10, 2012 Wow I did not notice that... Link to comment https://forums.phpfreaks.com/topic/269305-need-help-writing-into-mysql/#findComment-1384308 Share on other sites More sharing options...
Christian F. Posted October 10, 2012 Share Posted October 10, 2012 Also, since you've done no input validation and/or output escaping your script is wide open for attackers. Read up on both Input Validatoin, and Output Escaping. Latter for both MySQL and for HTML. Link to comment https://forums.phpfreaks.com/topic/269305-need-help-writing-into-mysql/#findComment-1384311 Share on other sites More sharing options...
Asacole Posted October 11, 2012 Author Share Posted October 11, 2012 Also, since you've done no input validation and/or output escaping your script is wide open for attackers. Read up on both Input Validatoin, and Output Escaping. Latter for both MySQL and for HTML. I'm sorry, but I am still quite new to this, could you tell me how? Please? Link to comment https://forums.phpfreaks.com/topic/269305-need-help-writing-into-mysql/#findComment-1384520 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.