alexander007 Posted October 2, 2007 Share Posted October 2, 2007 Wel... I move my page from on hosting to Godaddy....my problem is that it stop working correctly...now I have this problem... <? session_start(); if(!session_is_registered(username)){ header("location:/travel/admin"); } ?> <?php include"config.php"; extract($_GET); $sql="UPDATE $tbl_name SET comentario='$comentario' WHERE id='$id'"; $result=mysql_query($sql); if($result){ echo "<center>Cambio se realizo satifactoriamente.</center>"; echo "<BR>"; echo "<center><a href='viewvisitante.php'>Volver Atras</a><center>"; } else { echo "ERROR"; } ?> Im just keep getting the ERROR message...the curious is that in my other hosting the exact same script works ok.... Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted October 2, 2007 Share Posted October 2, 2007 can we see config.php? also, add this die(): $result=mysql_query($sql) or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
alexander007 Posted October 2, 2007 Author Share Posted October 2, 2007 this is my config.php <?php $host=""; // hostname $username=""; // mysql username $password=""; // mysql password $db_name=""; // database name //se conecta a la base de datos mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); ?> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET comentario='' WHERE id=''' at line 1 Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted October 2, 2007 Share Posted October 2, 2007 i assume your values for $host, $username, etc. aren't actually blank but that you removed them to post. Try adding or die(): $result=mysql_query($sql) or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
alexander007 Posted October 2, 2007 Author Share Posted October 2, 2007 i assume your values for $host, $username, etc. aren't actually blank but that you removed them to post. Try adding or die(): $result=mysql_query($sql) or die(mysql_error()); Of course I remove that info .. Yeah look my reply above...error in the syntax...but how I do? ??? Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 2, 2007 Share Posted October 2, 2007 try print_r($_GET); check the following are being set tbl_name comentario id as a note this is a VERY bad move!!! extract($_GET); $sql="UPDATE $tbl_name SET comentario='$comentario' WHERE id='$id'"; Quote Link to comment Share on other sites More sharing options...
alexander007 Posted October 2, 2007 Author Share Posted October 2, 2007 try print_r($_GET); check the following are being set tbl_name comentario id as a note this is a VERY bad move!!! extract($_GET); $sql="UPDATE $tbl_name SET comentario='$comentario' WHERE id='$id'"; why you think its bad? Im new on this Quote Link to comment Share on other sites More sharing options...
mag00 Posted October 2, 2007 Share Posted October 2, 2007 For your host are you using localhost or the h50mysqlXX.secureserver.net? With godaddy you cannot use localhost Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted October 2, 2007 Share Posted October 2, 2007 echo $sql; so we can see what looks bad. Quote Link to comment Share on other sites More sharing options...
alexander007 Posted October 2, 2007 Author Share Posted October 2, 2007 For your host are you using localhost or the h50mysqlXX.secureserver.net? With godaddy you cannot use localhost yeah in using the correct host...the problem is not connecting to the database...its not inserting the info onto it...this is the error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET comentario='' WHERE id=''' at line 1 Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 2, 2007 Share Posted October 2, 2007 basically your open to SQL injection (major secuirty risk) in other words your handing control of your database to anyone who goes to that page! Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted October 2, 2007 Share Posted October 2, 2007 apparently it is as MadTechie suspected. no values are being inserted into the sql. perhaps fortunately. Quote Link to comment Share on other sites More sharing options...
alexander007 Posted October 2, 2007 Author Share Posted October 2, 2007 And how I can repair that?...Im new on this... :-\ Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted October 2, 2007 Share Posted October 2, 2007 try print_r($_GET); check the following are being set tbl_name comentario id as a note this is a VERY bad move!!! extract($_GET); $sql="UPDATE $tbl_name SET comentario='$comentario' WHERE id='$id'"; Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 2, 2007 Share Posted October 2, 2007 open the script via the URL like so script.php?tbl_name=table&comentario=comentario&id=1 change the blue parts to suite Quote Link to comment Share on other sites More sharing options...
alexander007 Posted October 2, 2007 Author Share Posted October 2, 2007 mmmm that dont do anything... IM still getting this error ralted to the syntax... Array ( ) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET comentario='' WHERE id=''' at line 1 Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 2, 2007 Share Posted October 2, 2007 what are you typing in the URL (address bar) (don't worry about the full url just the script name + params Quote Link to comment Share on other sites More sharing options...
alexander007 Posted October 2, 2007 Author Share Posted October 2, 2007 what are you typing in the URL (address bar) (don't worry about the full url just the script name + params I put this editvisitantes.php?tbl_name=visitantes&comentario=test&id=1 Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 2, 2007 Share Posted October 2, 2007 ok try this editvisitantes.php?id=1 with this update <? session_start(); if(!session_is_registered(username)){ header("location:/travel/admin"); } ?> <?php include"config.php"; $comentario = 'test'; $tbl_name = 'visitantes'; $id = (int)$_GET['id']; $sql="UPDATE $tbl_name SET comentario='$comentario' WHERE id='$id'"; $result=mysql_query($sql); if($result){ echo "<center>Cambio se realizo satifactoriamente.</center>"; echo "<BR>"; echo "<center><a href='viewvisitante.php'>Volver Atras</a><center>"; } else { echo "ERROR"; } ?> Quote Link to comment Share on other sites More sharing options...
alexander007 Posted October 2, 2007 Author Share Posted October 2, 2007 I do this....Doesnt work....I dont why in Godaddy the original script dont work...in my other host works ok... <?php include"config.php"; $tbl_name = (int)$_GET['tbl_name']; $id = (int)$_GET['id']; $comentario = (int)$_GET['comentario']; $sql="UPDATE $tbl_name SET comentario='$comentario' WHERE id='$id'"; $result=mysql_query($sql); if($result){ echo "<center>Cambio se realizo satifactoriamente.</center>"; echo "<BR>"; echo "<center><a href='viewvisitante.php'>Volver Atras</a><center>"; } else { echo "ERROR"; } ?> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 2, 2007 Share Posted October 2, 2007 that won't work! try this is you must keep the params <?php include"config.php"; $tbl_name = $_GET['tbl_name']; $id = (int)$_GET['id']; $comentario = $_GET['comentario']; $sql="UPDATE $tbl_name SET comentario='$comentario' WHERE id='$id'"; $result=mysql_query($sql)or die(mysql_error()); if($result){ echo "<center>Cambio se realizo satifactoriamente.</center>"; echo "<BR>"; echo "<center><a href='viewvisitante.php'>Volver Atras</a><center>"; } else { echo "ERROR"; } ?> Quote Link to comment Share on other sites More sharing options...
alexander007 Posted October 2, 2007 Author Share Posted October 2, 2007 Nop...dont work.... //// You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET comentario='' WHERE id='0'' at line 1 I think I not getting the info form the other form....why! Quote Link to comment Share on other sites More sharing options...
MadTechie Posted October 3, 2007 Share Posted October 3, 2007 your not setting comentario ie &comentario=blar Quote Link to comment Share on other sites More sharing options...
alexander007 Posted October 3, 2007 Author Share Posted October 3, 2007 This what I have on the form that call this script... <?php session_start(); if(!session_is_registered(username)){ header("location:admin.php"); } ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <style type="text/css"> <!-- .style1 { font-size: x-large; font-weight: bold; } --> </style> </head> <body> <?php include"config.php"; $id=$_GET['id']; $tbl_name=$_GET['tbl_name']; $sql="SELECT * FROM $tbl_name WHERE id='$id'"; $result = mysql_query($sql); $row = mysql_fetch_array($result); ?> <div align="center" class="style1">Editar Visitante </div> <form id="form1" name="form1" method="post" action="editvisitante.php"> <table width="730" border="1" align="center"> <tr> <td width="181"><div align="center"><strong>Nombre</strong></div></td> <td width="181"><div align="center"><strong>Telefono</strong></div></td> <td width="181"><div align="center"><strong>Email</strong></div></td> <td width="159"><div align="center"><strong>Comentario</strong></div></td> </tr> <tr> <td><div align="center"><?php echo $row['nombre'];?></div></td> <td><div align="center"><?php echo $row['telefono'];?></div></td> <td><div align="center"><?php echo $row['email'];?></div></td> <td><textarea name="comentario" id="comentario"><?php echo $row['comentario']; ?></textarea></td> </tr> </table> <p> <input name="id" type="hidden" id="id" value="<?php echo $row['id']; ?>"/> <input name="tbl_name" type="hidden" value="<?php echo $tbl_name; ?>"/> </p> <p align="center"> <input type="submit" name="Submit" value="Enviar" /> </p> </form> <?php mysql_close(); ?> Quote Link to comment Share on other sites More sharing options...
sKunKbad Posted October 3, 2007 Share Posted October 3, 2007 WAIT! Godaddy has a special database connection script. It isn't standard php/mysql. I know because I have godaddy accounts. Maybe this is your problem??? $x = "p83mysql62.secureserver.net" ; $y = "database_name_db" ; $z = "FunKyPassWoRd" ; $xyz = @mysql_connect($x,$y,$z); if (!$xyz) { die('Could not connect to database'); } $db = @mysql_select_db ($y,$xyz); if (!$db) { die ('Database cannot be found'); } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.