Jump to content


Photo

PHP Insert


  • Please log in to reply
2 replies to this topic

#1 conker87

conker87
  • Members
  • PipPipPip
  • Advanced Member
  • 504 posts
  • LocationDerby

Posted 15 April 2006 - 01:40 PM

I'm using PHP to insert into a database using forms.
This is the code I am using for the form:
<form action="../index.php?database=gamereview" method="post">
<table class="content" width="100%">
  <tr>
    <td width="100%" colspan="2" height="21">REVIEW</td>
  </tr>
  <tr>
    <td width="25%" valign="top">User/Database Name:</td>
    <td width="75%" height="21"><input type="text" name="username" size="30"></td>
  </tr>
  <tr>
    <td width="25%" valign="top">Password:</td>
    <td width="75%" height="21"><input type="password" name="password" size="30"></td>
  </tr>
  <tr>
    <td width="25%" valign="top">Code:</td>
    <td width="75%" height="24"><input type="text" name="code" size="30"> 30 max</td>
  </tr>
  <tr>
    <td width="25%" valign="top">Name:</td>
    <td width="75%" height="25"><input type="text" name="name" size="20"> 20 max</td>
  </tr>
  <tr>
    <td width="25%" valign="top">Platform:</td>
    <td width="75%" height="25"> <input type="text" name="platform" size="20">20 max</td>
  </tr>
  <tr>
    <td width="25%" valign="top">Date:</td>
    <td width="75%" valign="top"><input type="text" name="date" size="20"> 20 max<br><input type="Submit"></td>
  </tr>
</table>
</form>
This is the code I am using to insert into the database:
<?
$username=$_POST['username'];
$password=$_POST['password'];
$database=$_POST['username'];

$code=$_POST['code'];
$name=$_POST['name'];
$platform=$_POST['platform'];
$date=$_POST['date'];

mysql_connect("db2.awardspace.com",$username,$password) or die("Invalid Username or Password:<br><br>" . mysql_error());
@mysql_select_db($database) or die("Unable to select database");

$query = "INSERT INTO `wow_game_review` VALUES ('','$code','$name','$platform','$date')";mysql_query($query);
echo "<head><META HTTP-EQUIV=Refresh CONTENT='1; URL=news.php'></head>Thanks, redirecting in 1 second...";
mysql_close();
?>
However, whenever I click submit, I get the following error:
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Warning: mysql_connect(): Access denied for user 'conker87'@'#.#.#.#' (using password: NO) in /home/www/wow-domain.co.uk/include/gamereview_insert.php on line 11
Invalid Username or Password:

Access denied for user 'conker87'@'#.#.#.#' (using password: NO)[/quote]
I checked out the username and password, and they were correct. The username that is shown, 'conker87' is not the username I add into the Username input in the form above.

I used this exact code on my other websites' news insert form, and that works fine.
Anyone see what is going wrong here?
WG4G - Articles, Opinions, Podcasts and Reviews.

#2 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 15 April 2006 - 03:14 PM

You don't want to use the username/password that your users submit to access the database. The database username/password should be one picked out by either you or your DBA and be (almost) permenant.

The username/password that is entered on your form is checked by your script against any stored in your database.

Ken

#3 conker87

conker87
  • Members
  • PipPipPip
  • Advanced Member
  • 504 posts
  • LocationDerby

Posted 15 April 2006 - 08:27 PM

This is used by me only to insert News Articles to be displayed on my site. I ask for my database Username and Password for the form so that if anyone finds the url then they won't beable to insert anything into the database.

The Username and Passwords submitted from this form is that username, database name (that's the hosting) and the password used for the database.

The problem is that it seems to be sending the incorrect information from the form to the script. It only seems to be sending a half of my username and not my password at all.
WG4G - Articles, Opinions, Podcasts and Reviews.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users