PHP won't add to MYSQL databse

[swisspolo]

Shamefully my first post is begging for some help. I've taken an example of how to add to a mysql database with php from a sams teach yourself book. I've re hacked it to match what i want to do, which is eventually create a shout ox for my site. This is the first half, ie: add a shout.

 

Everything looks fine on the surface but it just won't add to the table in the data base. I read some where about adding the lines

 

$message = $_POST['message'];

$name = $_POST['name'];

 

the name one doesn't cause any issues but the message one creates a Notice: Undefined index.

 

Please help me, I'm truly stuck

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<title>Comment test</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"

</head>

<body>

 

<?php

error_reporting (E_ALL);

$message = $_POST['message'];

$name = $_POST['name'];

 

if (isset( $name ) && isset ( $message ) )

{

$dberror="";

$ret = add_to_db( $name, $message, $dberror );

if ( ! $ret )

print "Error: $dberror<br>";

else

print "Thanks";

}

else

{

write_form();

}

 

function add_to_db( $name, $message, &$dberror )

{

$link = mysql_pconnect( "xxxxxxx" , "xxxxxx" , "xxxxxx");

if ( ! $link )

{

$dberror = "Connection error in add to db";

return false;

}

if ( ! mysql_select_db( "example" ) )

{

$dberror = mysql_error();

return false;

}

$query = "INSERT INTO shoutbox ( name, message ) values( '$name' , '$message' )";

if ( ! mysql_query( $query, $link ) )

{

$dberror = mysql_error();

return false;

}

return true;

}

 

function write_form()

{

$_SERVER['PHP_SELF'];

print "<form method=\"post\">\n";

print "<input type=\"text\" name=\"name\"> ";

print "Your name<p>\n";

print "<input type=\"longtext\"name=\message\"> ";

print "Your message<p>\n";

print "<input type=\"submit\" value=\"shout!\">\n</form>\n";

}

?>

</body>

</html>

[AdRock]

You were missing a double quote before message

 

function write_form()
   {
   $_SERVER['PHP_SELF'];
   print "<form method=\"post\">\n";
   print "<input type=\"text\" name=\"name\"> ";
   print "Your name<p>\n";
   print "<input type=\"longtext\"name=\"message\"> ";
   print "Your message<p>\n";
   print "<input type=\"submit\" value=\"shout!\">\n</form>\n";
   }

[AdRock]

Also use mysql_real_escape+string() to clean user input

 

$message = mysql_real_escape_string($_POST['message']);
$name = mysql_real_escape_string($_POST['name']);

[swisspolo]

Thank you sooooo much. It works!

 

Thanks for the extra tip on the mysql_real_escape_string(), where abouts would I put that in the code please? I replaced

 

$message = $_POST["message"];

$name = $_POST["name"];

 

with it but it didn't seem to like that

 

Thanks again

 

Simon

[AdRock]

Did you use what I gace you in the previous post becuase that should work?  If it didn't what did it do?

[redarrow]

my version.

<?php

  function write_form(){
    $message = mysql_real_escape_string($_POST['message']);
   $name = mysql_real_escape_string($_POST['name']);
  $self=$_SERVER['PHP_SELF'];
  $form=<<<form
  <form action="$self" method="post">
   <br><br> 
  Your name:
  <br><br>
  <input type="text" name="name">
  <br><br>
  Your message:
  <br><br>
  <textarea name="message" col="10" rows="10" name="message"> </textarea>
  <br><br>
  <input type="submit" value="shout!">
  </form>
  
form;
  
  
  echo $form;
}

// debug state test it.

echo write_form();
?>

[swisspolo]

Yeah I copy pasted

 

$message = mysql_real_escape_string($_POST['message']);
$name = mysql_real_escape_string($_POST['name']);

 

over

$message = $_POST["message"];
$name = $_POST["name"];

 

and when i load the page i get:

 

 

"Notice: Undefined index: message in mysite/comment.php on line 11

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in mysite/comment.php on line 11

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in mysite//comment.php on line 11

 

Notice: Undefined index: name in mysite/comment.php on line 12

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in mysite/comment.php on line 12

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in mysite/comment.php on line 12

Thanks"

 

 

Cheers

[redarrow]

sorry corrected

<?php

   function write_form(){
    $message = addslashes($_POST['message']);
   $name = addslashes($_POST['name']);
   $self=$_SERVER['PHP_SELF'];
   $form=<<<form
   <form action="$self" method="post">
    <br><br> 
   Your name:
   <br><br>
   <input type="text" name="name">
   <br><br>
   Your message:
   <br><br>
   <textarea name="message" col="10" rows="10" name="message"> </textarea>
   <br><br>
   <input type="submit" value="shout!">
   </form>
   
form;
   
   
   echo $form;
}

// debug state test it.

echo write_form();
?>

[swisspolo]

Cheers guys,

 

You've been a real help,

 

one last thing, it appears that now i've added a comment it is stuck in the "thanks" screen. How do I get it to revert back to a input screen please?

 

If I want to add this to all my pages then (once the rest of the code is written) then having it stuck on a "thanks" screen will make it unable for people to read the site again.

 

Cheers again

 

Simon

[swisspolo]

ok i think I've sorted it by adding this line

 

 

 

$query = sprintf("INSERT INTO shoutbox ( name, message ) values( '$name' , '$message' )", mysql_real_escape_string($_POST['name']), mysql_real_escape_string($_POST['name']) );

 

 

Is this an ok line to use?

 

Sorry to be a pain

 

Cheers again

[AdRock]

if you've already used the mysql_real_escape_string() earlier in the code you shouldn't need to do it again becuase user input would have been cleaned.

 

$query = sprintf("INSERT INTO shoutbox ( name, message ) values( '$name' , '$message' )");