Jump to content

Recommended Posts

when you visit this link it is showing some errors http://omgtechnotes.me.pn/insert.php

 

below is the code for it 

 

I removed my user name and password for security purposes. 

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<img src="http://omgtechhelp.com/wp/wp-content/themes/OMGTech/images/logo7small.jpg" />
<center>
<h1><u>Notes For The Month Of August</u></h1>
</center>
  <a href="http://www.omgtechnotes.me.pn/index.html">
   <input type="button" value="New Entry" />
</a>
<body>
<?php
//Protect against mysql_injection
 
$customername = mysql_real_escape_string(trim($_POST["customername"]));
$phonenumber = mysql_real_escape_string(trim($_POST["pnumber"]));
$email = mysql_real_escape_string(trim($_POST["eaddy"]));
$issue = mysql_real_escape_string(trim($_POST["issue"]));
$result = mysql_real_escape_string(trim($_POST["results"]));
$date = mysql_real_escape_string(trim($_POST["Date"]));
 
 
//Now check form input(Validating the form).
$errmsg_arr = array(); //Array to store validation errors
$check_Error = false; //Validation error flag
 
if (empty($customername)){
$errmsg_arr[]= '.Please Enter Your Name';
 $check_Error = true;
}
if (empty($phonenumber)){
$errmsg_arr[]= '.Please Enter Your Phone Number';
 $check_Error = true;
}
if (empty($email)){
$errmsg_arr[]= '.Please Enter Your Email';
 $check_Error = true;
}
if (empty($issue)){
$errmsg_arr[]= '.Please what is your issue';
 $check_Error = true;
}
if (empty($result)){
$errmsg_arr[]= '.Please what is your issue';
 $check_Error = true;
}
  if (empty($date)){
$errmsg_arr[]= '.Please what is your issue';
 $check_Error = true;
}
//Printing out any error message stored in the array.
if ($check_Error == true){
  echo '<h1>ERROR: </h1><h3>Please check below for Error Details</h3>';
 
  if( isset($errmsg_arr) && is_array($errmsg_arr) && count($errmsg_arr) > 0 ) {
      echo '<ul><font color="red">';
      foreach($errmsg_arr as $msg) {
        echo '<li><b>Error:    '.$msg.'</b></li><br />';
       }
         echo '</font></ul>';
   }
      //Please change the a href link to the name of your page.
  echo "<p><a href='http://www.omgtechnotes.me.pn/index.html'>Go Back To Register</a></p>";
}
//After validating successfully
else {
/* Now we will write a query to insert user details into database */
$host = "fdb5.freehostingeu.com"; // Host name...change it to your configuration information.
$username = ""; // Mysql username...change it to your configuration information.
$password = ""; // Mysql password...change it to your configuration information.
$db_name = "usernote"; // Database name...change it to your configuration information.
// Connect to server
mysql_connect("$host", "$username", "$password") or die('ERROR: Cannot connect' .mysql_error());
//connect to database
mysql_select_db("$db_name") or die ('ERROR: Cannot connect'.mysql_error());
 
$tbl_name = "UserNote";  //Mysql Table name...change it to your configuration information.
 
$sql="INSERT INTO $tbl_name (CustomerName, Phone, Email, Issue, Result, Date)
        VALUES('$customername', '$phonenumber', '$email',  '$issue', '$result', '$date')";
}
if (!mysql_query($sql)) //notice the "!" it means if the mysql_query($sql)  cannot be executed, then die error. ELSE execute the mysql_querry($sql) to
                                        //insert into table in the database.
{   
die('Error in Registration,: ' . mysql_error());
}
else
{    //Insert User into the database.
}
?>
<hr/>
    <table border="1">

    <tr>
    <th align="center">DATE</th>
    <th align="center">NAME </th>
    <th align="center">EMAIL </th>
    <th align="center">PHONE </th>
    <th align="center">ISSUE </th>
    <th align="center">RESULT </th>
    </tr>
<?php
 $result=mysql_query("SELECT * FROM $tbl_name");  //sql query to call all the record available in database
 if ($result) {
  while ($fetch = mysql_fetch_assoc($result)) {
  //Using the WHILE - LOOP TO Display the whole recode in tabular form.
  echo '<tr>';
  echo '<td>'.$fetch['Date'] .'</td>';
  echo '<td>'.$fetch['CustomerName'] .'</td>';
  echo '<td>'.$fetch['Email'] .'</td>';
  echo '<td>'.$fetch['Phone'] .'</td>';
  echo '<td>'.$fetch['Issue'] .'</td>';
  echo '<td>'.$fetch['Result'] .'</td>';
  echo '</tr>';
  }
 }
 else {
  die ("ERROR: Could not fetch record : ".mysql_error());
 }
?>
 
 </table>
</body>
</html>
Link to comment
https://forums.phpfreaks.com/topic/281310-some-assistance-with-my-php/
Share on other sites

The issue may have something to do with your defined host.

 

Try changing it to localhost and see if that works.

 

If PHP says you're experience a connection error than that's what it is. The issue is definitely within your connection details and so you are overlooking something.

you must have a database connection before you use mysql_real_escape_string().

 

mysql_real_escape_string() is trying to create a database connection because there's isn't a connection already.

 

also, you should only escape string data right before you use it in a query. doing this before your validation logic can cause your validation logic to produce a different result than you expect, depending on what you are validating for.

 

you also don't have a valid database connection at the msyql_query() statement on line 84 and the mysql_query() statement is trying to create a database connection, edit: because your database connection logic is inside of a conditional statement that is false.

Edited by mac_gyver

I had all this working on a localhost on my computer and everything was functional, the only thing i did was go to the website www.freehostingseu.com and created a free hosting domain. then i created the database so i know i have that working in the database manager in there software, and i used the same credentials in the insert.php file to connect to and its not connecting 

 

so i already have a database connection

What about the port connection?

 

 

[jazz@centos-box ~]$ nmap 83.125.22.195

Starting Nmap 5.51 ( http://nmap.org ) at 2013-08-18 13:15 EDT
Nmap scan report for fdb5.runhosting.com (83.125.22.195)
Host is up (0.12s latency).
Not shown: 991 closed ports
PORT      STATE    SERVICE
80/tcp    open     http
873/tcp   filtered rsync
1007/tcp  filtered unknown
1132/tcp  filtered kvm-via-ip
1720/tcp  filtered H.323/Q.931
3283/tcp  filtered netassistant
5961/tcp  filtered unknown
8292/tcp  filtered blp3
27353/tcp filtered unknown
 

 

By default mysql use port 3306 to connect to database, but....I don't see this port to be opened for that domain.

Edited by jazzman1

if this code ran as expected on your localhost development system (actually inserting the submitted form data), it was because the default mysql credentials in your php.ini happened to match what you are using and the msyql_real_escape_string() statements were able to make a database connection.

 

you have two problems in your code, which i have already mentioned above and to fix them, you need to

 

1) move your code using mysql_real_escape_string() so that it is right before you put the data into your sql query statement. this will move it so that it is after the point where you have made a database connection. your validation logic needs to test the un-escaped values from the form.

 

2) your code containing the mysql_query() statement needs to be inside of the else{} statement where you are making the database connection. it is currently outside of and after this else{} statement. this else{} statement is currently false and is not running because of problem #1 (all the variables from your form are being set to a null from the mysql_real_escape_string() statements since there isn't a database connection.)

 

 

@jazzman1, just because you cannot reach this database host/port from an external server, doesn't mean that a web server who's ip address has been allowed to make database connections to it cannot.

 

@jazzman1, just because you cannot reach this database host/port from an external server, doesn't mean that a web server who's ip address has been allowed to make database connections to it cannot.

 

@mac_gyver, in the beginning I was thinking that the database server is external for omgtechnotes.me.pn.

Anyways, good spot :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.