Jump to content

[SOLVED] Data not INSERT'ing

DeathStar

By DeathStar
in PHP Coding Help

 Share

Recommended Posts

DeathStar Regular Member

DeathStar

Posted
Posted

Hi there.

I made something(simple) and it not inserting info to the db:

 

here is the code:

<?php
session_start();
require "spamhead.php";
print "<body bgcolor=black><center><h4><font color=white>Report someone</font></h4><br />";
if (!$_GET['action']){
echo "<form action='insertspam.php?action=do' name='insert' method='post'>
<font color=white>Name: <input type='text' name='name'><br>
Reson: <textarea name='reson'></textarea><br>
Status: <select name='status'>
<option value='1'>Abuser
</option><option value='2'>Beware
</option><option value='3'>Ban
</option><option value='0' selected='selected'>None
</option></select><br>
Email: <input type='text' name='email'><br>
IP: <input type='text' name='ip'><br>
Whois: <textarea name='whois'></textarea><br>
Date: <input type='text' name='date'><br>
About: <textarea name='about'></textarea><br>
Affected: <input type='text' name='affected'><br>
<input type='reset' value=' Reset '><input type='submit' value=' Insert '></form>";
}
elseif ($_GET['action'] == "do"){
$name1 = $_POST['name'];
$name = mysql_real_escape_string($name1);
$reson1 = $_POST['reson'];
$reson = mysql_real_escape_string($reson1);
$status1 = $_POST['status'];
$status = mysql_real_escape_string($status1);
$email1 = $_POST['email'];
$email = mysql_real_escape_string($email1);
$ip1 = $_POST['ip'];
$ip = mysql_real_escape_string($ip1);
$whois1 = $_POST['whois'];
$whois = mysql_real_escape_string($whois1);
$date1 = $_POST['date'];
$date = mysql_real_escape_string($date1);
$about1 = $_POST['about'];
$about = mysql_real_escape_string($about1);
$affected1 = $_POST['affected'];
$affected = mysql_real_escape_string($affected1);
mysql_query("INSERT INTO `spammers` ( `sid` , `name` , `reson` , `status` , `email` , `ip` , `date` , `other` , `about` , `whois` , `affected` )
VALUES (
NULL , $name, $reson, $status, $email, $ip, $date, $other, $about, $whois, $affexted)");
echo "<font color=red><center>Thanks for Inserting him/her to the database!";}
?>

Link to comment
Share on other sites
per1os Member

per1os

Posted
Posted 

mysql_query("INSERT INTO `spammers` ( `sid` , `name` , `reson` , `status` , `email` , `ip` , `date` , `other` , `about` , `whois` , `affected` )
VALUES (
NULL , $name, $reson, $status, $email, $ip, $date, $other, $about, $whois, $affexted)") OR DIE(mysql_error());

 

Report the error you are getting. Chances are it is because you do not have single quotes around any  of your inputted data.

Link to comment
Share on other sites
Kerblam Newbie

Kerblam

Posted
Posted

Perhaps its not the php itself then?

 

Instead of this:

<form action='insertspam.php?action=do' name='insert' method='post'>

 

Do this:

 

<form action=insertspam.php name=insert method=post>
<input type=hidden name=action value=do />

 

And then change the PHP to reflect this:

 

if ($_POST['action'] == do) {

 

etc.

Link to comment
Share on other sites
per1os Member

per1os

Posted
Posted

The problem lies within the lack of single quotes around values you are trying to insert into the DB.

 

mysql_query("INSERT INTO `spammers` ( `sid` , `name` , `reson` , `status` , `email` , `ip` , `date` , `other` , `about` , `whois` , `affected` )
VALUES (
NULL , '$name', '$reson', '$status', '$email', '$ip', '$date', '$other', '$about', '$whois', '$affected')") OR DIE(mysql_error());

 

Fix that and you should be alright. And a note, I would check the reson column, make sure it is spelled the same because it should be "reason".

Link to comment
Share on other sites
per1os Member

per1os

Posted
Posted

To Kerblam:

 

$_GET is correct because he is calling it as a get string:

 

<form action='insertspam.php?action=do'

 

Adding it to the action your like that sends it as a $_GET data even if you hit submit. It is still sending the action=do as get.

 

The code is correct except for the sql query.

Link to comment
Share on other sites
Kerblam Newbie

Kerblam

Posted
Posted

To Kerblam:

 

$_GET is correct because he is calling it as a get string:

 

<form action='insertspam.php?action=do'

 

Adding it to the action your like that sends it as a $_GET data even if you hit submit. It is still sending the action=do as get.

 

The code is correct except for the sql query.

 

Read my post above that one. I suggested that being part of the problem, and using a hidden field to store action=do instead.

Link to comment
Share on other sites
per1os Member

per1os

Posted
Posted

Yea, either way works to POST or to GET as long as he is calling it right. But yea that shouldn't be the problem at all =) I still say it is the single quotes, but without the original author to test the solutions suggested oh well =)

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.