swisspolo Posted September 21, 2007 Share Posted September 21, 2007 Shamefully my first post is begging for some help. I've taken an example of how to add to a mysql database with php from a sams teach yourself book. I've re hacked it to match what i want to do, which is eventually create a shout ox for my site. This is the first half, ie: add a shout. Everything looks fine on the surface but it just won't add to the table in the data base. I read some where about adding the lines $message = $_POST['message']; $name = $_POST['name']; the name one doesn't cause any issues but the message one creates a Notice: Undefined index. Please help me, I'm truly stuck <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Comment test</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" </head> <body> <?php error_reporting (E_ALL); $message = $_POST['message']; $name = $_POST['name']; if (isset( $name ) && isset ( $message ) ) { $dberror=""; $ret = add_to_db( $name, $message, $dberror ); if ( ! $ret ) print "Error: $dberror<br>"; else print "Thanks"; } else { write_form(); } function add_to_db( $name, $message, &$dberror ) { $link = mysql_pconnect( "xxxxxxx" , "xxxxxx" , "xxxxxx"); if ( ! $link ) { $dberror = "Connection error in add to db"; return false; } if ( ! mysql_select_db( "example" ) ) { $dberror = mysql_error(); return false; } $query = "INSERT INTO shoutbox ( name, message ) values( '$name' , '$message' )"; if ( ! mysql_query( $query, $link ) ) { $dberror = mysql_error(); return false; } return true; } function write_form() { $_SERVER['PHP_SELF']; print "<form method=\"post\">\n"; print "<input type=\"text\" name=\"name\"> "; print "Your name<p>\n"; print "<input type=\"longtext\"name=\message\"> "; print "Your message<p>\n"; print "<input type=\"submit\" value=\"shout!\">\n</form>\n"; } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
AdRock Posted September 21, 2007 Share Posted September 21, 2007 You were missing a double quote before message function write_form() { $_SERVER['PHP_SELF']; print "<form method=\"post\">\n"; print "<input type=\"text\" name=\"name\"> "; print "Your name<p>\n"; print "<input type=\"longtext\"name=\"message\"> "; print "Your message<p>\n"; print "<input type=\"submit\" value=\"shout!\">\n</form>\n"; } Quote Link to comment Share on other sites More sharing options...
AdRock Posted September 21, 2007 Share Posted September 21, 2007 Also use mysql_real_escape+string() to clean user input $message = mysql_real_escape_string($_POST['message']); $name = mysql_real_escape_string($_POST['name']); Quote Link to comment Share on other sites More sharing options...
swisspolo Posted September 21, 2007 Author Share Posted September 21, 2007 Thank you sooooo much. It works! Thanks for the extra tip on the mysql_real_escape_string(), where abouts would I put that in the code please? I replaced $message = $_POST["message"]; $name = $_POST["name"]; with it but it didn't seem to like that Thanks again Simon Quote Link to comment Share on other sites More sharing options...
AdRock Posted September 21, 2007 Share Posted September 21, 2007 Did you use what I gace you in the previous post becuase that should work? If it didn't what did it do? Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 21, 2007 Share Posted September 21, 2007 my version. <?php function write_form(){ $message = mysql_real_escape_string($_POST['message']); $name = mysql_real_escape_string($_POST['name']); $self=$_SERVER['PHP_SELF']; $form=<<<form <form action="$self" method="post"> <br><br> Your name: <br><br> <input type="text" name="name"> <br><br> Your message: <br><br> <textarea name="message" col="10" rows="10" name="message"> </textarea> <br><br> <input type="submit" value="shout!"> </form> form; echo $form; } // debug state test it. echo write_form(); ?> Quote Link to comment Share on other sites More sharing options...
swisspolo Posted September 21, 2007 Author Share Posted September 21, 2007 Yeah I copy pasted $message = mysql_real_escape_string($_POST['message']); $name = mysql_real_escape_string($_POST['name']); over $message = $_POST["message"]; $name = $_POST["name"]; and when i load the page i get: "Notice: Undefined index: message in mysite/comment.php on line 11 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in mysite/comment.php on line 11 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in mysite//comment.php on line 11 Notice: Undefined index: name in mysite/comment.php on line 12 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in mysite/comment.php on line 12 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in mysite/comment.php on line 12 Thanks" Cheers Quote Link to comment Share on other sites More sharing options...
redarrow Posted September 21, 2007 Share Posted September 21, 2007 sorry corrected <?php function write_form(){ $message = addslashes($_POST['message']); $name = addslashes($_POST['name']); $self=$_SERVER['PHP_SELF']; $form=<<<form <form action="$self" method="post"> <br><br> Your name: <br><br> <input type="text" name="name"> <br><br> Your message: <br><br> <textarea name="message" col="10" rows="10" name="message"> </textarea> <br><br> <input type="submit" value="shout!"> </form> form; echo $form; } // debug state test it. echo write_form(); ?> Quote Link to comment Share on other sites More sharing options...
swisspolo Posted September 21, 2007 Author Share Posted September 21, 2007 Cheers guys, You've been a real help, one last thing, it appears that now i've added a comment it is stuck in the "thanks" screen. How do I get it to revert back to a input screen please? If I want to add this to all my pages then (once the rest of the code is written) then having it stuck on a "thanks" screen will make it unable for people to read the site again. Cheers again Simon Quote Link to comment Share on other sites More sharing options...
swisspolo Posted September 21, 2007 Author Share Posted September 21, 2007 ok i think I've sorted it by adding this line $query = sprintf("INSERT INTO shoutbox ( name, message ) values( '$name' , '$message' )", mysql_real_escape_string($_POST['name']), mysql_real_escape_string($_POST['name']) ); Is this an ok line to use? Sorry to be a pain Cheers again Quote Link to comment Share on other sites More sharing options...
AdRock Posted September 21, 2007 Share Posted September 21, 2007 if you've already used the mysql_real_escape_string() earlier in the code you shouldn't need to do it again becuase user input would have been cleaned. $query = sprintf("INSERT INTO shoutbox ( name, message ) values( '$name' , '$message' )"); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.