[SOLVED] MySql help

[Trium918]

Correct me if I am wrong, but if register_globals = off

then php will not process $mysql variable from a form.

 

Could someone please explain to me what this code is doing?

It is keeping the values of the variable in memory some how

but it isn't entering the data in the database. This happens when

I change the code where it doesn't work, but when I correct the

error to where it is entering the data into the database it enters

the first input.

 

Example1: I enter this data in the form when it

has an error

[email protected]

Troy

Akiman

 

Example2: I enter this data in the form when it

allows data to be stored into the database.

[email protected]

Steve

Young

 

The code below is entering data into the database

but when I brake the program by taking out

$queryresult = mysql_query($sqlquery) or die("Could not excute mysql query!!");

I would then place it back in the program, refresh it in the browse enter Example2: but it enters

Example1: into the database instead of Example2:.

 

 

 

<form method="POST">
<table width="278" border="1">
  <tr>
    <td width="118">Email Address:</td>
    <td width="144"><input type="text" name="email" /></td>
  </tr>
  <tr>
    <td>First Name </td>
    <td><input type="text" name="first_name" /></td>
  </tr>
  <tr>
    <td>Last Name </td>
    <td><input type="text" name="last_name" /></td>
  </tr>
  <tr>
   <td colspan="2" align="center"><input type="submit" value="Sign Up" /></td>
  </tr>
</table>
</form>

<?
// secure variable from sql injection
$email = mysql_real_escape_string($_POST['email']); 
$first_name = mysql_real_escape_string($_POST['first_name']);
$last_name = mysql_real_escape_string($_POST['last_name']); 

$connect = mysql_connect('localhost','test');
if(!$connect){ echo "Cannot connect to database!!";}

$result = mysql_select_db('test')
or die("Could not select Test database!!");

$sqlquery = ("INSERT INTO member VALUES 
                         ('$email','$first_name','$last_name')");

$queryresult = mysql_query($sqlquery) or die("Could not excute mysql query!!");
?>

 

[per1os]

The reasoning is you are not doing any checks whatsoever anytime that page is refreshed it will enter in the old data. Try this:

 

if (isset($_POST['email'])) {
// secure variable from sql injection
$email = mysql_real_escape_string($_POST['email']); 
$first_name = mysql_real_escape_string($_POST['first_name']);
$last_name = mysql_real_escape_string($_POST['last_name']); 

unset($_POST['email']); // unset here to avoid duplications.

$connect = mysql_connect('localhost','test');
if(!$connect){ echo "Cannot connect to database!!";}

$result = mysql_select_db('test')
or die("Could not select Test database!!");

$sqlquery = ("INSERT INTO member VALUES 
                         ('$email','$first_name','$last_name')");

$queryresult = mysql_query($sqlquery) or die("Could not excute mysql query!!");
}

 

Try that. Refreshing with POST Data often times produces un-wanted results.

[Trium918]

Ok, why would I have to use unset()

with in the isset() instead of placing it

on the outside? Do I have to use the

email variable (isset($_POST['email']))?

[per1os]

If you place the unset before the if statement than that variable will be deleted and thus you cannot access it.

 

Inside the if we know the data is there so we unset it there since we know the data will be entered into the database.

[Trium918]

frost110