some assistance with my php

[spudly1987]

when you visit this link it is showing some errors http://omgtechnotes.me.pn/insert.php

 

below is the code for it 

 

I removed my user name and password for security purposes. 

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<img src="http://omgtechhelp.com/wp/wp-content/themes/OMGTech/images/logo7small.jpg" />
<center>
<h1><u>Notes For The Month Of August</u></h1>
</center>
  <a href="http://www.omgtechnotes.me.pn/index.html">
   <input type="button" value="New Entry" />
</a>
<body>
<?php
//Protect against mysql_injection
 
$customername = mysql_real_escape_string(trim($_POST["customername"]));
$phonenumber = mysql_real_escape_string(trim($_POST["pnumber"]));
$email = mysql_real_escape_string(trim($_POST["eaddy"]));
$issue = mysql_real_escape_string(trim($_POST["issue"]));
$result = mysql_real_escape_string(trim($_POST["results"]));
$date = mysql_real_escape_string(trim($_POST["Date"]));
 
 
//Now check form input(Validating the form).
$errmsg_arr = array(); //Array to store validation errors
$check_Error = false; //Validation error flag
 
if (empty($customername)){
$errmsg_arr[]= '.Please Enter Your Name';
 $check_Error = true;
}
if (empty($phonenumber)){
$errmsg_arr[]= '.Please Enter Your Phone Number';
 $check_Error = true;
}
if (empty($email)){
$errmsg_arr[]= '.Please Enter Your Email';
 $check_Error = true;
}
if (empty($issue)){
$errmsg_arr[]= '.Please what is your issue';
 $check_Error = true;
}
if (empty($result)){
$errmsg_arr[]= '.Please what is your issue';
 $check_Error = true;
}
  if (empty($date)){
$errmsg_arr[]= '.Please what is your issue';
 $check_Error = true;
}
//Printing out any error message stored in the array.
if ($check_Error == true){
  echo '<h1>ERROR: </h1><h3>Please check below for Error Details</h3>';
 
  if( isset($errmsg_arr) && is_array($errmsg_arr) && count($errmsg_arr) > 0 ) {
      echo '<ul><font color="red">';
      foreach($errmsg_arr as $msg) {
        echo '<li><b>Error:    '.$msg.'</b></li><br />';
       }
         echo '</font></ul>';
   }
      //Please change the a href link to the name of your page.
  echo "<p><a href='http://www.omgtechnotes.me.pn/index.html'>Go Back To Register</a></p>";
}
//After validating successfully
else {
/* Now we will write a query to insert user details into database */
$host = "fdb5.freehostingeu.com"; // Host name...change it to your configuration information.
$username = ""; // Mysql username...change it to your configuration information.
$password = ""; // Mysql password...change it to your configuration information.
$db_name = "usernote"; // Database name...change it to your configuration information.
// Connect to server
mysql_connect("$host", "$username", "$password") or die('ERROR: Cannot connect' .mysql_error());
//connect to database
mysql_select_db("$db_name") or die ('ERROR: Cannot connect'.mysql_error());
 
$tbl_name = "UserNote";  //Mysql Table name...change it to your configuration information.
 
$sql="INSERT INTO $tbl_name (CustomerName, Phone, Email, Issue, Result, Date)
        VALUES('$customername', '$phonenumber', '$email',  '$issue', '$result', '$date')";
}
if (!mysql_query($sql)) //notice the "!" it means if the mysql_query($sql)  cannot be executed, then die error. ELSE execute the mysql_querry($sql) to
                                        //insert into table in the database.
{   
die('Error in Registration,: ' . mysql_error());
}
else
{    //Insert User into the database.
}
?>
<hr/>
    <table border="1">

    <tr>
    <th align="center">DATE</th>
    <th align="center">NAME </th>
    <th align="center">EMAIL </th>
    <th align="center">PHONE </th>
    <th align="center">ISSUE </th>
    <th align="center">RESULT </th>
    </tr>
<?php
 $result=mysql_query("SELECT * FROM $tbl_name");  //sql query to call all the record available in database
 if ($result) {
  while ($fetch = mysql_fetch_assoc($result)) {
  //Using the WHILE - LOOP TO Display the whole recode in tabular form.
  echo '<tr>';
  echo '<td>'.$fetch['Date'] .'</td>';
  echo '<td>'.$fetch['CustomerName'] .'</td>';
  echo '<td>'.$fetch['Email'] .'</td>';
  echo '<td>'.$fetch['Phone'] .'</td>';
  echo '<td>'.$fetch['Issue'] .'</td>';
  echo '<td>'.$fetch['Result'] .'</td>';
  echo '</tr>';
  }
 }
 else {
  die ("ERROR: Could not fetch record : ".mysql_error());
 }
?>
 
 </table>
</body>
</html>

[0xMatt]

Your connection information is wrong.

 

Double check your host, username, password and database.

[spudly1987]

i've done that already like 10 times 

[0xMatt]

The issue may have something to do with your defined host.

 

Try changing it to localhost and see if that works.

 

If PHP says you're experience a connection error than that's what it is. The issue is definitely within your connection details and so you are overlooking something.

[mac_gyver]

you must have a database connection before you use mysql_real_escape_string().

 

mysql_real_escape_string() is trying to create a database connection because there's isn't a connection already.

 

also, you should only escape string data right before you use it in a query. doing this before your validation logic can cause your validation logic to produce a different result than you expect, depending on what you are validating for.

 

you also don't have a valid database connection at the msyql_query() statement on line 84 and the mysql_query() statement is trying to create a database connection, edit: because your database connection logic is inside of a conditional statement that is false.

Edited August 18, 2013 by mac_gyver

[spudly1987]

I had all this working on a localhost on my computer and everything was functional, the only thing i did was go to the website www.freehostingseu.com and created a free hosting domain. then i created the database so i know i have that working in the database manager in there software, and i used the same credentials in the insert.php file to connect to and its not connecting 

 

so i already have a database connection

[spudly1987]

I've just double checked the user name, password, host and everything its all correct

[jazzman1]

I've just double checked the user name, password, host and everything its all correct

 

What about the mysql address?

[spudly1987]

i don't see anywhere in the code that it states mysql address can you let me know what line it is?

[jazzman1]

i don't see anywhere in the code that it states mysql address can you let me know what line it is?

 

$host = "fdb5.freehostingeu.com";

[spudly1987]

yeah that is the correct host name from the web site 

 

Database Host fdb5.freehostingeu.com

[jazzman1]

What about the port connection?

 

 

[jazz@centos-box ~]$ nmap 83.125.22.195

Starting Nmap 5.51 ( http://nmap.org ) at 2013-08-18 13:15 EDT
Nmap scan report for fdb5.runhosting.com (83.125.22.195)
Host is up (0.12s latency).
Not shown: 991 closed ports
PORT      STATE    SERVICE
80/tcp    open     http
873/tcp   filtered rsync
1007/tcp  filtered unknown
1132/tcp  filtered kvm-via-ip
1720/tcp  filtered H.323/Q.931
3283/tcp  filtered netassistant
5961/tcp  filtered unknown
8292/tcp  filtered blp3
27353/tcp filtered unknown
 

 

By default mysql use port 3306 to connect to database, but....I don't see this port to be opened for that domain.

Edited August 18, 2013 by jazzman1

[spudly1987]

this is all the information i have for connection 

 

Database Host

fdb5.freehostingeu.com

Database Port

3306

Database Name

1487284_mydb

Database User

1487284_mydb

Database Password

The password you have chosen. change

Database Version

5.1

[jazzman1]

Phone and ask them why the port 3306/port is closed for mysql.By default, it should be filtered not closed.

[spudly1987]

i already spoke with them and they stated that the connection is successful they ran a test file and it was all good so nothing is being blocked there is an issue with links or something

[jazzman1]

Change this:

$host = "fdb5.freehostingeu.com"; 

to 

$host = "83.125.22.199"; 

Also, as mac_giver said:

 

 

you must have a database connection before you use mysql_real_escape_string().

[mac_gyver]

if this code ran as expected on your localhost development system (actually inserting the submitted form data), it was because the default mysql credentials in your php.ini happened to match what you are using and the msyql_real_escape_string() statements were able to make a database connection.

 

you have two problems in your code, which i have already mentioned above and to fix them, you need to

 

1) move your code using mysql_real_escape_string() so that it is right before you put the data into your sql query statement. this will move it so that it is after the point where you have made a database connection. your validation logic needs to test the un-escaped values from the form.

 

2) your code containing the mysql_query() statement needs to be inside of the else{} statement where you are making the database connection. it is currently outside of and after this else{} statement. this else{} statement is currently false and is not running because of problem #1 (all the variables from your form are being set to a null from the mysql_real_escape_string() statements since there isn't a database connection.)

 

 

@jazzman1, just because you cannot reach this database host/port from an external server, doesn't mean that a web server who's ip address has been allowed to make database connections to it cannot.

[spudly1987]

Would there be any chance you can edit up the code for me, i'm a bit brain dead at the moment. 

[mac_gyver]

afraid not. that's not how help/learning works.

[jazzman1]

 

@jazzman1, just because you cannot reach this database host/port from an external server, doesn't mean that a web server who's ip address has been allowed to make database connections to it cannot.

 

@mac_gyver, in the beginning I was thinking that the database server is external for omgtechnotes.me.pn.

Anyways, good spot