Can't Write To Database - Help!

[kaiman]

Hi everyone,

 

I am having problems getting this newsletter script I created to write to a table in the database. I know my connection is good and it seems to be executing several anti-sql injection functions correctly and reading stuff from another table just fine, but won't write to it. I am getting an error that it "Cannot write to database!" and am just redirected to the error page without adding a line to the db table.

 

The code in question is this line:

 

// insert data into database
$sql = "INSERT INTO $tbl_name1(confirm_code, name, email)VALUES('$confirm_code', '$name', '$email') LIMIT 1";
$result = mysql_query($sql) or trigger_error("Cannot write to database!");

 

This server is running PHP version 5.2.17 and MySQL 5.0.96.

 

Any comments or suggestions to illuminate my problem would help.

 

More code for the script up to that point is below.

 

Thanks,

 

kaiman

 

CREATE TABLE `temp_subscribers` (
`confirm_code` varchar(65) NOT NULL default '',
`name` varchar(65) NOT NULL default '',
`email` varchar(65) NOT NULL default ''
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

 

// connects to server and selects database
include ("../includes/dbconnect.inc.php");

// table names
$tbl_name1 = "temp_subscribers";
$tbl_name2 = "newsletter_subscribers";

// random confirmation code
$confirm_code = md5(uniqid(rand()));

// removes magic_quotes_gpc slashes
function stripQuotes($arg) {
if (get_magic_quotes_runtime()) {
return stripslashes($arg);
} else {
return $arg;
}
}

// protect against mysql injection
function cleanString($string){
htmlentities(mysql_real_escape_string($string));
return $string;
}

// values sent from form
$name = stripQuotes($_POST['name']);
$name = cleanString($name);
$email = stripQuotes($_POST['email']);
$email = cleanString($email);

// check for empty fields
if (empty($name) || empty($email)) {
header("Location: http://www.mysite.com/newsletter/error/");
exit ;
}

// sanitize and validate email address
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL) ;
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header( "Location: http://www.mysite.com/newsletter/error/" ) ;
exit;
}

//account check
$sql = "SELECT count(*) FROM $tbl_name2 WHERE email='$email' LIMIT 1";
$result = mysql_query($sql) or trigger_error("Cannot read from database!");
$num = mysql_result($result,0);
//check to see if email exists or not.
if($num > 0){
header("Location: http://www.mysite.com/newsletter/error/");
exit ;
}

// insert data into database
$sql = "INSERT INTO $tbl_name1(confirm_code, name, email)VALUES('$confirm_code', '$name', '$email') LIMIT 1";
$result = mysql_query($sql) or trigger_error("Cannot write to database!");

[Jessica]

See the link in my signature about SQL.

[Muddy_Funster]

Hi everyone,

 

I am having problems getting this newsletter script I created to write to a table in the database. I know my connection is good and it seems to be executing several anti-sql injection functions correctly and reading stuff from another table just fine, but won't write to it. I am getting an error that it "Cannot write to database!" and am just redirected to the error page without adding a line to the db table.

 

The code in question is this line:

 

// insert data into database
$sql = "INSERT INTO $tbl_name1(confirm_code, name, email)VALUES('$confirm_code', '$name', '$email') LIMIT 1";
$result = mysql_query($sql) or trigger_error("Cannot write to database!");

....

LIMIT 1?? How many times do you think it would try to insert if that wasn't there?

[kaiman]

LIMIT 1?? How many times do you think it would try to insert if that wasn't there?

 

Oops, my bad. Thanks for the help that part seems to be working now!