11 replies to this topic

[bbqroast]

Well this isn't an error in PHP or MYSQL i'm sure its one of mine. This code basicly is mean't add data to my table i've checked it and to my knowledge it seems fine... I got the INSERT part from phpMyAdmin. I have made scripts that extract the data but i have to insert it into the database myself. Anyway so here is the insert script:

<?php

$from = $_POST['from'];

$to = $_POST['to'];

$subject = $_POST['subject'];

$date = date("d/m/y");

$body = $_POST['text'];

$query = "INSERT INTO `accountdata`.`mail` VALUES (NULL, \'$from\', \'$to\', \'$subject\', \'$body\', \'$date\', NULL);";

$usern = "******";

$passw = "***";

$database = "******";

mysql_connect(localhost,$usern,$passw);

@mysql_select_db($database) or die( "Unable to select database");

mysql_query($query);

mysql_close();

echo "<br> Message sent!! <br>";

?>

This also happened with my account system... I inserted the echo parts mainly so i knew what was happening... strangly it prints out all the tags and no errors, so i check my database no luck...
Using phpMyAdmin bye the way.

[Alexander]

Try amending the mysql_query line to this and you will see your error:

mysql_query($query) or die(mysql_error());

And as well you should add this for each value to be submitted into database as needed:

$from = mysql_real_escape_string($_POST['from']);

Edited by Alexander, 21 August 2010 - 07:36 PM.
fixed, need coffee..

[John]

@bbqroast - see this blog entry Debugging MySQL issues in PHP | John Ciacia. You may want to try taking out the semicolon at the end of your query.
@Nullw0rm - Consider what happens if if $_POST contains an array. For example this common situation:

	<form method="POST">

		<input type="checkbox" name="search[]" value="google">Google<br>

		<input type="checkbox" name="search[]" value="yahoo">Yahoo<br>

		<input type="checkbox" name="search[]" value="bing">Bing<br>

		<input type="checkbox" name="search[]" value="other">Other

		<input type="submit" />

	</form>

array_map is not a recursive function so it will fail.

[bbqroast]

Thanks... What does the second part do???

[bbqroast]

LOLS isn't it funny how i could debug most errors before but now i use notepad++ its seems so much harder... Must be all that color...

[Alexander]

bbqroast said:

Thanks... What does the second part do???

What if the user entered foo';DROP TABLE emails; as a name? You'd be in trouble! Applying mysql_real_escape_string() to each $_POST[] element escapes apostrophes with backslashes, essentially sanitizing them, this is an absolute must when getting input from a user.

[John]

Nullw0rm, I tend to escape all my request values individually, but I suppose array_walk_recursive would accomplish what you originally intended.

[bbqroast]

i had an idea i just realised i made my news management system like this and it worked... It must have working codes i can compare... Oh yeah and i'll check up on my handy tuorial site (tizag.com- best site for php/html/mysql)

[bbqroast]

GRR
This is angering me now- I have tried every thing my working scriptis identicle the semi colon is gone it is all fixed as far as i can see and yet:
(i added more markers)
passwords match
Connection established
Data insert script stated
script ran
And yet MySQL sees no error.
I checked my logs does MySQL log failed attempts???
It says i have had one failed attempt but i guess it was from somethign else.
Because my logs don't even menton this connection.

[bbqroast]

Just ran another script (yet another broken one).
I connect to MySQL, select the database, and send in 10 variables.
Then i check my status (in PHPMyAdmin) and find that the amount of connections has just gone up by 11!!

[bbqroast]

Yet another post:
Just noticed another account i have made for something (but never actually used) is connected (command: sleep). Earlier on my page suddenly logged out as i entered somedata and i had a failed login attempt yet the password was right.
I'm on a closed network and i have tried for years to let my router allow my server to go public...

[dbug]

Maybe the problem is here:

mysql_connect([COLOR="red"]localhost[/COLOR],$usern,$passw);

unless localhost is a defined constant, it should be a string constant ('localhost') or a variable ($localhost). It's possible that this fails. You should check errors returned by this function.

In the other calls to mysql, you don't specify the database connection to use. This means that it uses the default connection (returned by the last successful call to mysql_connect, maybe you have another connection stablished previously with another database ?) or tries to make a new connection (the same that calling mysql_connect without parameters. I don't think this could work in general unless you have some parameters defined in php.ini). If all this fail, the function should return an E_WARNING.

You can read the php manual for these functions to better understand what they do in special cases and when some arguments are not specified (mysql_connect, mysql_select_db).