ardyandkari Posted January 13, 2007 Share Posted January 13, 2007 ok, here's the problem...i have created a php page that works...sort of... i dont think that the problem is in the php, but even if it isnt, ill post it here too:[code]<?$hostname="mysql.someserver.net";$username="pass";$password="word";$dbname="dbname";$usertable="a table";$first=$_POST['name'];$last=$_POST['type'];$phone=$_POST['phone'];$mobile=$_POST['city'];$fax=$_POST['county'];$email=$_POST['email'];$web=$_POST['web'];$description=$_POST['description'];mysql_connect($hostname,$username, $password) OR DIE ("Unable to connect to database! Please try again later.");mysql_select_db($dbname);$query = "INSERT INTO customers VALUES ('$name','$type','$phone','$city','$county','$email','$web','description')";$result = mysql_query($query) or die(mysql_error());mysql_close();?>[/code]the problem i am having is when i use the php file it places a row in the mysql db, but it is blank.......any idea what is going on? Quote Link to comment Share on other sites More sharing options...
Barand Posted January 13, 2007 Share Posted January 13, 2007 If you open this file without posting data to from a form then all fields will be blank.Use[code]<?phpif (isset($_POST['first'])) { /// your code here}?>[/code] Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 13, 2007 Author Share Posted January 13, 2007 when testing the form i just put in gibberish into the fields.i thought that the script should have put the randomness into the rows on the db, but it didnt...using phpadmin (i think thats what it is...) i tried to manually input some data in another db...it didnt come up with anything...then i changed something (i dont remember, i think it had something to do with ascii) and it placed the data into the table...i was just toying around with the db because it was my first time.thanks for the input. Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 14, 2007 Author Share Posted January 14, 2007 *bump* Quote Link to comment Share on other sites More sharing options...
Philip Posted January 14, 2007 Share Posted January 14, 2007 Look at http://www.tizag.com/mysqlTutorial/mysqlinsert.php for more info.You aren't telling it where to send the values to. Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 14, 2007 Author Share Posted January 14, 2007 changed to [code]$query = "INSERT INTO db (name, type, phone, city, county, email, web, description) VALUES ('$name', '$type', '$phone', '$city', '$county', '$email', '$web', '$description')";$result = mysql_query($query) or die(mysql_error());[/code]still doesnt place values into db....also tried this[code]$query = "INSERT INTO db ('name', 'type', 'phone', 'city', 'county', 'email', 'web', 'description') VALUES ('$name', '$type', '$phone', '$city', '$county', '$email', '$web', '$description')";$result = mysql_query($query) or die(mysql_error());[/code] Quote Link to comment Share on other sites More sharing options...
Barand Posted January 14, 2007 Share Posted January 14, 2007 The first looks OK except you are inserting into db. Shouldn't the table name be customers?. The second is wrong - never put quotes round col names. Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 14, 2007 Author Share Posted January 14, 2007 the first i edited for no real reason...i tried the second and it errored out....maybe i should be putting the =CHAR in the code... Quote Link to comment Share on other sites More sharing options...
fenway Posted January 14, 2007 Share Posted January 14, 2007 But you're not getting any error from the first? Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 14, 2007 Author Share Posted January 14, 2007 nope...no error. it creates a row, and doesnt put any info into it... Quote Link to comment Share on other sites More sharing options...
Philip Posted January 14, 2007 Share Posted January 14, 2007 Try this first, please tell us the results:[code]<?php$query = "INSERT INTO db (name, type, phone, city, county, email, web, description) VALUES ('$name', '$type', '$phone', '$city', '$county', '$email', '$web', '$description')";$result = mysql_query($query) or die(mysql_error());echo $query; ?>[/code]If it shows something like [quote]INSERT INTO db (name, type, phone, city, county, email, web, description) VALUES ('', '', '', '', '', '', '', '')[/quote] Try this next one:[code]<?php$query = "INSERT INTO `db` (name, type, phone, city, county, email, web, description) VALUES ('".$name."', '".$type."', '".$phone."', '".$city."', '".$county."', '".$email."', '".$web."', '".$description."')";$result = mysql_query($query) or die(mysql_error());echo $query;?>[/code] Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 15, 2007 Author Share Posted January 15, 2007 first one echoed INSERT INTO customers (name, type, phone, city, county, email, web, description) VALUES ('', '', '', '', '', '', '', '')the second returns this error:Duplicate entry '' for key 1i changed the second to this:[code]VALUES ('.$name.', '.$type.', '.$phone.', '.$city.', '.$county.', '.$email.', '.$web.', '.$description.')";$result = mysql_query($query) or die(mysql_error());[/code]and it echoed this:INSERT INTO `customers` (name, type, phone, city, county, email, web, description) VALUES ('..', '..', '..', '..', '..', '..', '..', '..')for some reason it isnt finding the variables.... Quote Link to comment Share on other sites More sharing options...
btherl Posted January 15, 2007 Share Posted January 15, 2007 The variable names you are using here[code=php:0]$first=$_POST['name'];$last=$_POST['type'];$phone=$_POST['phone'];$mobile=$_POST['city'];$fax=$_POST['county'];$email=$_POST['email'];$web=$_POST['web'];$description=$_POST['description'];[/code]don't match the variable names you are using here:[code=php:0]$query = "INSERT INTO customers VALUES ('$name','$type','$phone','$city','$county','$email','$web','description')";[/code]If you say [code=php:0]$first = $_POST['name'][/code] then you must use [code=php:0]$first[/code] in your query, not [code=php:0]$name[/code] Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 15, 2007 Author Share Posted January 15, 2007 yea, i noticed that last night and changed it...it didnt help...thanks though... Quote Link to comment Share on other sites More sharing options...
Philip Posted January 15, 2007 Share Posted January 15, 2007 When using a variable in double quotes, you have to either "bla blah". $bear ." blah" it. You have to end the quote, have a continuation (the period) and then show your variable. ...or use curly braces " blah blah {$bear} blah" Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 15, 2007 Author Share Posted January 15, 2007 used this[code]$query = "INSERT INTO `customers` (name, type, phone, city, county, email, web, description) VALUES ({$name}, {$type}, {$phone}, {$city}, {$county}, {$email}, {$web}, {$description})";[/code]got thisYou have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ' , , , , , , )' at line 1used this[code]$query = "INSERT INTO `customers` (name, type, phone, city, county, email, web, description) VALUES ('{$name}', '{$type}', '{$phone}', '{$city}', '{$county}', '{$email}', '{$web}', '{$description}')";[/code]got thisINSERT INTO `customers` (name, type, phone, city, county, email, web, description) VALUES ('', '', '', '', '', '', '', '')still inserting blanks... Quote Link to comment Share on other sites More sharing options...
Barand Posted January 16, 2007 Share Posted January 16, 2007 In the form that calls this script, is the method GET or POST? Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 16, 2007 Author Share Posted January 16, 2007 [code] <p align="left"><form action="../insert.php" method="post"> <p>Company Name: <input type="text" name="name"> <br>Company Type: <input type="text" name="type"><br>Phone: <input type="text" name="phone"> <br>City: <input type="text" name="city"><br>County: <input type="text" name="county"><br>E-mail: <input type="text" name="email"><br>Web: <input type="text" name="web"><br>Company Description: <textarea name="description" cols="50">Type your description here!</textarea> <br><input type="Submit"> </form></p>[/code] Quote Link to comment Share on other sites More sharing options...
btherl Posted January 16, 2007 Share Posted January 16, 2007 Can you post your entire script again, after you fixed the variable names at the start? That should have fixed things. Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 16, 2007 Author Share Posted January 16, 2007 the form:[code]Input your information</h1> <p align="left"><form action="../insert.php" method="post"> <p>Company Name: <input type="text" name="name"> <br>Company Type: <input type="text" name="type"><br>Phone: <input type="text" name="phone"> <br>City: <input type="text" name="city"><br>County: <input type="text" name="county"><br>E-mail: <input type="text" name="email"><br>Web: <input type="text" name="web"><br>Company Description: <textarea name="description" cols="50">Type your description here!</textarea> <br><input type="Submit">[/code]the script:[code]<?$hostname="mysql.someserver.net";$username="pass";$password="word";$dbname="database";$usertable="table";$name=$_POST['"name"'];$type=$_POST['"type"'];$phone=$_POST['"phone"'];$city=$_POST['"city"'];$county=$_POST['"county"'];$email=$_POST['"email"'];$web=$_POST['"web"'];$description=$_POST['"description"'];mysql_connect($hostname,$username, $password) OR DIE ("Unable to connect to database! Please try again later.");mysql_select_db($dbname);$query = "INSERT INTO `customers` (name, type, phone, city, county, email, web, description) VALUES ('{$name}', '{$type}', '{$phone}', '{$city}', '{$county}', '{$email}', '{$web}', '{$description}')";$result = mysql_query($query) or die(mysql_error());echo $query;mysql_close();[/code]on the mysql forum this guy said that the variables were being lost somewhere and i could echo somewhere earlier, but i dont know where...all that i have is the query and the result...should i echo the result also? or would that do nothing....ill try before you say anything...by the way, thanks for all of the help. Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 16, 2007 Author Share Posted January 16, 2007 ok i dont know what i did...i thought that i had tried all combinations of everything, but i was just adding and deleting and it came up...i will post the code.the form i didnt change at all...the script:[code]<?$hostname="mysql.someserver.net";$username="pass";$password="word";$dbname="database";$usertable="table";$name=$_POST['name'];$type=$_POST['type'];$phone=$_POST['phone'];$city=$_POST['city'];$county=$_POST['county'];$email=$_POST['email'];$web=$_POST['web'];$description=$_POST['description'];mysql_connect($hostname,$username, $password) OR DIE ("Unable to connect to database! Please try again later.");mysql_select_db($dbname);$query = "INSERT INTO `customers` (name, type, phone, city, county, email, web, description) VALUES ('{$name}', '{$type}', '{$phone}', '{$city}', '{$county}', '{$email}', '{$web}', '{$description}')";$result = mysql_query($query) or die(mysql_error());echo $query;mysql_close();?>[/code]please tell me what i did.....thanks again for all of the help! ;D Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 16, 2007 Author Share Posted January 16, 2007 also, i am planning to password protect the entire directory that the form resides in with .htaccess... i am using this to allow my prospective clients to upload their information themselves. that way i wouldnt have to really do anything. the question i have in regards to this is: should i put some code in there to prevent an injection attack? they will all be customers of mine, and it will be password protected.another question...can i use a list/menu box instead of the normal text box? Quote Link to comment Share on other sites More sharing options...
fenway Posted January 16, 2007 Share Posted January 16, 2007 Injection attacks can be prevented by proper quoting, most DB wrapper do this for you. Quote Link to comment Share on other sites More sharing options...
ardyandkari Posted January 16, 2007 Author Share Posted January 16, 2007 [quote author=fenway link=topic=122238.msg506275#msg506275 date=1168972948]Injection attacks can be prevented by proper quoting, most DB wrapper do this for you. [/quote]huh? db wrapper??? quoting???dar....me dumm clod Quote Link to comment Share on other sites More sharing options...
fenway Posted January 16, 2007 Share Posted January 16, 2007 Do you see how your values are quoted? This is good. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.