mighty2361 Posted October 23, 2012 Share Posted October 23, 2012 I made a script, asked for help here and somebody told me what I was doing wrong. But now, it won't insert the data in a database. CODE: <?php $myusername = $_GET['user']; $mypassword = md5 ($_GET['pass']); $reportedplayer = $_GET['reportedplayer']; $by = $_GET['by']; $reason = $_GET['reason']; $host = "mysql.0adshost.tk"; $username = ""; $password = ""; $db_name = ""; $tbl_name = "users"; mysql_connect ($host, $username, $password)or die("Cannot connect"); mysql_select_db($db_name)or die("Cannot select db"); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql) or die("Error: ". mysql_error(). " with query ". $sql); $count=mysql_num_rows($result); if($count==1) { mysql_query ("INSERT INTO `reports`(`user`, `reportedplayer`, `by`, `reason`) VALUES ($myusername, $reportedplayer, $by, $reason)"); echo "SUCCESS!!!"; } else echo mysql_error; ?> I added echo "SUCCESS!!!" and it echoes "SUCCESS!!!" but it won't write to database for some reason. What am I doing wrong? Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted October 23, 2012 Share Posted October 23, 2012 (edited) Quotes are required around strings in mysql: mysql_query ("INSERT INTO `reports`(`user`, `reportedplayer`, `by`, `reason`) VALUES ('$myusername', '$reportedplayer', '$by', '$reason')"); You can't just stick an echo after mysql_query() and expect that to tell you if the query succeeded. You need to actually handle the error: $result = mysql_query ("INSERT INTO `reports`(`user`, `reportedplayer`, `by`, `reason`) VALUES ('$myusername', '$reportedplayer', '$by', '$reason')"); if ( $result === false ) { echo "MySQL Error Encountered: " . mysql_error(); } Edit: Also, if you're using GET for this form, stop. Use POST. You should never send usernames and passwords over GET, they show up in the URL. You also must run these values through mysql_real_escape_string(). Move your mysql_connect up to the top of the script, and then: $myusername = mysql_real_escape_string($_POST['user']); Edited October 23, 2012 by ManiacDan Quote Link to comment Share on other sites More sharing options...
mighty2361 Posted October 23, 2012 Author Share Posted October 23, 2012 I can't use post as I am using java http request. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted October 23, 2012 Share Posted October 23, 2012 Java supports POST. The rest of my advice still applies. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.