Jump to content

Archived

This topic is now archived and is closed to further replies.

conker87

PHP Insert

Recommended Posts

I'm using PHP to insert into a database using forms.
This is the code I am using for the form:
[code]<form action="../index.php?database=gamereview" method="post">
<table class="content" width="100%">
  <tr>
    <td width="100%" colspan="2" height="21">REVIEW</td>
  </tr>
  <tr>
    <td width="25%" valign="top">User/Database Name:</td>
    <td width="75%" height="21"><input type="text" name="username" size="30"></td>
  </tr>
  <tr>
    <td width="25%" valign="top">Password:</td>
    <td width="75%" height="21"><input type="password" name="password" size="30"></td>
  </tr>
  <tr>
    <td width="25%" valign="top">Code:</td>
    <td width="75%" height="24"><input type="text" name="code" size="30"> 30 max</td>
  </tr>
  <tr>
    <td width="25%" valign="top">Name:</td>
    <td width="75%" height="25"><input type="text" name="name" size="20"> 20 max</td>
  </tr>
  <tr>
    <td width="25%" valign="top">Platform:</td>
    <td width="75%" height="25"> <input type="text" name="platform" size="20">20 max</td>
  </tr>
  <tr>
    <td width="25%" valign="top">Date:</td>
    <td width="75%" valign="top"><input type="text" name="date" size="20"> 20 max<br><input type="Submit"></td>
  </tr>
</table>
</form>[/code]
This is the code I am using to insert into the database:
[code]<?
$username=$_POST['username'];
$password=$_POST['password'];
$database=$_POST['username'];

$code=$_POST['code'];
$name=$_POST['name'];
$platform=$_POST['platform'];
$date=$_POST['date'];

mysql_connect("db2.awardspace.com",$username,$password) or die("Invalid Username or Password:<br><br>" . mysql_error());
@mysql_select_db($database) or die("Unable to select database");

$query = "INSERT INTO `wow_game_review` VALUES ('','$code','$name','$platform','$date')";mysql_query($query);
echo "<head><META HTTP-EQUIV=Refresh CONTENT='1; URL=news.php'></head>Thanks, redirecting in 1 second...";
mysql_close();
?>[/code]
However, whenever I click submit, I get the following error:
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Warning: mysql_connect(): Access denied for user 'conker87'@'#.#.#.#' (using password: NO) in /home/www/wow-domain.co.uk/include/gamereview_insert.php on line 11
Invalid Username or Password:

Access denied for user 'conker87'@'#.#.#.#' (using password: NO)[/quote]
I checked out the username and password, and they were correct. The username that is shown, 'conker87' is not the username I add into the Username input in the form above.

I used this exact code on my other websites' news insert form, and that works fine.
Anyone see what is going wrong here?

Share this post


Link to post
Share on other sites
You don't want to use the username/password that your users submit to access the database. The database username/password should be one picked out by either you or your DBA and be (almost) permenant.

The username/password that is entered on your form is checked by your script against any stored in your database.

Ken

Share this post


Link to post
Share on other sites
This is used by me only to insert News Articles to be displayed on my site. I ask for my database Username and Password for the form so that if anyone finds the url then they won't beable to insert anything into the database.

The Username and Passwords submitted from this form is that username, database name (that's the hosting) and the password used for the database.

The problem is that it seems to be sending the incorrect information from the form to the script. It only seems to be sending a half of my username and not my password at all.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.