Asacole Posted October 10, 2012 Share Posted October 10, 2012 So I was making a form and I followed a tutorial.. But it doesn't seem to work. This is the connect file: <? $DBhost = ""; $DBuser = ""; $DBpass = ""; $DBName = ""; $table = "fromdatamod"; mysql_connect($DBhost,$DBuser,$DBpass) or die("Unable to connect to database"); @mysql_select_db("$DBName") or die("Unable to select database $DBName"); $name=$_POST['name']; $whymodonserver=$_POST['lastname']; $playtimeonserver=$_POST['email']; $improveserver=$_POST['email']; $describeserver=$_POST['email']; $buildwithothermodstoimprove=$_POST['email']; $questionsamount=$_POST['email']; $swearorgreifhandle=$_POST['email']; $offerhelpanytime=$_POST['email']; $helpnoother=$_POST['email']; $competition=$_POST['email']; $playaday=$_POST['email']; $experienceother=$_POST['email']; $extrainfo=$_POST['email']; $apponserver=$_POST['email']; $sqlquery = "INSERT INTO $table(id, name, whymodonserver, playtimeonserver, improveserver, describeserver, buildwithothermodstoimprove, questionsamount, swearorgreifhandle, offerhelpanytime, helpnoother, competition, playaday, experienceother, extrainfo, apponserver) VALUES('$id','$name','$whymodonserver','$playtimeonserver','$improveserver','$describeserver','$buildwithothermodstoimprove','$questionsamount','$swearorgreifhandle','$offerhelpanytime','$helpnoother','$competition','$playaday','$experienceother','$extrainfo','$apponserver')"; $results = mysql_query($sqlquery); mysql_close(); print "<HTML><TITLE> PHP and MySQL </TITLE><BODY BGCOLOR=\"#FFFFFF\"><center><table border=\"0\" width=\"500\"><tr><td>"; print "<p><font face=\"verdana\" size=\"+0\"> <center>You Just Entered This Information Into the Database<p><blockquote>"; print "Posters IGN: $name Why do you want to be a moderator on starmine?: $whymodonserver How long have you played on starmine?: $playtimeonserver If we accepted you, what would you do to improve the server?: $improveserver How would you descride starmine?: $describeserver Are you willing to rebuild/build with other mods to improve the server?: $buildwithothermodstoimprove Considering the amount of players online, do you think you can handle the amount of qestions?: $questionsamount If someone swears or greifs, what would YOU do?: $swearorgreifhandle Are you willing to offer some freetime of your minecraft-ingame adventure to help people out?: $offerhelpanytime If no other mods are online, neither are admins, and someone has a problem, would you help him/her?: $helpnoother We sometimes host contests, would you encourage people to get in the competition?: $competition How long do you play a day?: $playaday Got any experience as a moderator on another server?: $experienceother Any extra info here: $extrainfo Applying to what server?: $apponserver" ?> <html> <body> </body> </html> Now it writes to the MySQL table.. But the problem is that it is empty :I This is the form: <form action="procapps&oper.php" method="post"> <p><input type="hidden" name="id" value="NULL"></p> <br> <p>In-game Name: <center><input type="text" name="name" /> </center> <br> </p> <p>Why do you want to be a moderator on <br> starmine?: <center><input type="text" name="whymodonserver" /> </center> <br> </p> <p>How long have you played on starmine?: <center><input type="text" name="playtimeonserver" /> </center> <br> </p> <p>If we accepted you, what would you do <br> to improve the server?: <center><input type="text" name="improveserver" /> </center> <br> </p> <p>How would you descride starmine?: <center><input type="text" name="describeserver" /> </center> <br> </p> <p>Are you willing to rebuild/build with <br> other mods to improve the server?: <center><input type="text" name="buildwithothermodstoimprove" /> </center> <br> </p> <p>Considering the amount of players online, <br> do you think you can handle the amount of qestions?: <center><input type="text" name="questionsamount" /> </center> <br> </p> <p>If someone swears or greifs, what would YOU do?: <center><input type="text" name="swearorgreifhandle" /> </center> <br> </p> <p>Are you willing to offer some freetime of <br> your minecraft-ingame adventure to help people out?: <center><input type="text" name="offerhelpanytime" /> </center> <br> </p> <p>If no other mods are online, neither are admins, <br> and someone has a problem, would you help him/her?: <center><input type="text" name="helpnoother" /> </center> <br> </p> <p>We sometimes host contests, would you encourage <br> people to get in the competition?: <center><input type="text" name="competition" /> </center> <br> </p> <p>How long do you play a day?: <center><input type="text" name="playaday" /> </center> <br> </p> <p>Got any experience as a moderator on another server?: <center><input type="text" name="experienceother" /> </center> <br> </p> <p>Any extra info here: <center><input type="text" name="extrainfo" /> </center> <br> </p> <p>Applying to what server?: <select name="apponserver"> <option value="null" selected="selected">Select a server or both</option> <option value="srv">Survival</option> <option value="pvp">PvP</option> <option value="both">Both</option> </select></p> <p><input type="submit" value="Submit" /> </p> </form></div> Can anyone see anything wrong? Please help Quote Link to comment Share on other sites More sharing options...
Barand Posted October 10, 2012 Share Posted October 10, 2012 Take the id column and $id value out of the insert query. Quote Link to comment Share on other sites More sharing options...
Asacole Posted October 10, 2012 Author Share Posted October 10, 2012 Take the id column and $id value out of the insert query. Thanks! But now there is another problem :I It seems like only the name is written into the table :I Not the other values.. Did anything do something weird? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 10, 2012 Share Posted October 10, 2012 Do you realize you're assigning the value of $_POST['email']to nearly every variable in the query? Quote Link to comment Share on other sites More sharing options...
Asacole Posted October 10, 2012 Author Share Posted October 10, 2012 Wow I did not notice that... Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 10, 2012 Share Posted October 10, 2012 Also, since you've done no input validation and/or output escaping your script is wide open for attackers. Read up on both Input Validatoin, and Output Escaping. Latter for both MySQL and for HTML. Quote Link to comment Share on other sites More sharing options...
Asacole Posted October 11, 2012 Author Share Posted October 11, 2012 Also, since you've done no input validation and/or output escaping your script is wide open for attackers. Read up on both Input Validatoin, and Output Escaping. Latter for both MySQL and for HTML. I'm sorry, but I am still quite new to this, could you tell me how? Please? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.