MYSQL help

Discussion in 'Scripts, 3rd Party Apps, and Programming' started by xcaliberse, Dec 17, 2008.

  1. brunoais

    brunoais New Member

    Messages:
    115
    Likes Received:
    0
    Trophy Points:
    0
    Oh! And don't forget the
    PHP:
    OR Mysqlerror();
    it's useful to find sql syntax errors
     
  2. vol7ron

    vol7ron New Member

    Messages:
    434
    Likes Received:
    0
    Trophy Points:
    0
    or
    PHP:
    if (strtolower($_POST['submit'])=="submit") {...}
     
  3. vol7ron

    vol7ron New Member

    Messages:
    434
    Likes Received:
    0
    Trophy Points:
    0
    Code:
    1) $con = mysql_connect("localhost","username","password");
    2) mysql_select_db("Feedback", $con);
    3) mysql_query("INSERT INTO Feedback (Name, Message) 
    VALUES ('$firstname', '$message')");
    }
    
    1) make sure your username is in the form x10name_MySQLname (so like xcaliberse_username)
    2) the same thing goes for your database name xcalibers_Feedback
    3) make sure that there are no apostrophes insterted as a first name or any other SQL injection going on, if someone's name is O'Brien, that might terminate the string early and cause errors
     
  4. xcaliberse

    xcaliberse New Member

    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    0
    Ok 1 last problem, I fixed my script:

    Code:
    <?
    $firstname=$_POST['Name'];
    $message=$_POST['Message'];
    
    
    $submit=$_POST['submit'];
    if($submit=="Submit"){
    
    
    $con = mysql_connect("localhost","username","password");
    if (!$con)
      {
      die('Could not connect: ' . mysql_error());
      }
    
    mysql_select_db("databaseName", $con);
    
    mysql_query("INSERT INTO Feedback (Name, Message) 
    VALUES ('$firstname', '$message')");
    
    echo "DONE";
    }
    echo "$firstname";
    echo "$message";
    ?>
    
    <form method="post">
    Firstname: <input type="text" name="Name"><br />
    Message: <input type="text" name="Message"> <br />
    <input type="submit" name="submit" value="Submit">
    </form>
    
    One last problem is that, only the MESSAGE is saving but the NAME isnt saving in the table that I made...
     
  5. vol7ron

    vol7ron New Member

    Messages:
    434
    Likes Received:
    0
    Trophy Points:
    0
    well there may be a problem in naming the field "Name" because the attribute on the form is called "name". First, try calling it by something else, maybe something like:
    PHP:
    Firstname: <input type="text" name="Fname"><br />

    If that doesn't work, check the database to make sure the variable type is correct.

    Also does anyone know if ${variable} is acceptable in PHP like it is in Perl? If so, that's how you want to call your variable when directing to the database. This (at least in Perl) makes sure you don't have to escape anything inside the variable.

    So it would be something like:
    PHP:
    VALUES ('${firstname}''${message}')");

    but make sure that's correct PHP syntax first




    .
     
  6. gomarc

    gomarc Member

    Messages:
    516
    Likes Received:
    18
    Trophy Points:
    18
    As suggested by vol7ron, you may want to double check the structure of Feedback table since the last script you posted is working just fine...

    This is the Structure that I used in my test:

    [​IMG]
     
  7. blobtech

    blobtech New Member Prime Account

    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
  8. vol7ron

    vol7ron New Member

    Messages:
    434
    Likes Received:
    0
    Trophy Points:
    0
    oh i didn't even see he posted that. i would have said something sooner.

    hope this solved your problems.



    .
     
  9. xPlozion

    xPlozion New Member

    Messages:
    868
    Likes Received:
    1
    Trophy Points:
    0
    EDIT: ok, so i didn't see that this topic had legs (multiple pages), so what i said below could have already been covered.
    ----------

    or even to if (isset($submit)). it'll check if $submit is set, and doesn't care what the value of it is. if it's set (pressed), it'll continue, else it will just parse anything outside of the if () or the else

    again, if (isset($submit)) is the recommended way of checking if a submit button is pressed (or any button for that matter).
     
    Last edited: Dec 21, 2008
  10. xcaliberse

    xcaliberse New Member

    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    0
    My problem is still not fixed lol, it doesnt save it in the name part.
     
  11. brunoais

    brunoais New Member

    Messages:
    115
    Likes Received:
    0
    Trophy Points:
    0
    I don't think so. In PHP it has no problem but it must be usable so there is an other option. change the '' to `` that should do the trick
     
    Last edited: Dec 22, 2008
  12. gomarc

    gomarc Member

    Messages:
    516
    Likes Received:
    18
    Trophy Points:
    18
    In your table, did you change the Type of your field Name as suggested?

    Do so by going to your phpMyAdmin and change it there.

    Your code will then work and save the data into your table.
     
  13. vol7ron

    vol7ron New Member

    Messages:
    434
    Likes Received:
    0
    Trophy Points:
    0
    I don't think the `` are the correct thing to use in SQL syntax when referring to values. It is used elsewhere, however I don't think that's the case here.

    What I was talking about is that in Perl you can do this:
    take the string: like 'this' is it

    If you wanted to use that in an SQL, you'd have to escape each apostrophe: like \'this\' is it

    UPDATE tablename SET fieldname = 'like \'this\' is it';

    otherwise the following would break because of incorrect syntax:
    UPDATE tablename SET fieldname = 'like 'this' is it';

    That means it's more proper to use :
    my $variable = "like \'this\' is it";
    instead of: my $variable = "like 'this' is it";

    Well when inputting from a webpage, we can't trust users to escape it themselves, so the application has to.

    In Perl, you don't have to.
    my $formvariable = "like 'this' is it";

    $sql = "UPDATE tablename SET fieldname = '${formvariable}';
    No escape needed. Otherwise, we'd have to preprocess the string and add a \ before each invalid character. Get it?


    So in his example for name, if the person's name was O'Brien, the variable would have to have \ added for it to work: O\'Brien
     
  14. brunoais

    brunoais New Member

    Messages:
    115
    Likes Received:
    0
    Trophy Points:
    0
    no problemo ;)

    there's just the need to use
    PHP:
    addslashes ()
    Function. like:

    PHP:
    VALUES ('addslashes ($firstname)''addslashes ($message)')");  
    That would solve the problem

    edit:
    I just found the instructions for this. It's right here
    http://php.net/manual/en/function.addslashes.php
     
    Last edited: Dec 23, 2008
  15. vol7ron

    vol7ron New Member

    Messages:
    434
    Likes Received:
    0
    Trophy Points:
    0
    Terrific. That and some method of preventing SQL Injections and that's exactly what's needed.
     
  16. xcaliberse

    xcaliberse New Member

    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    0
    Somebody wanna just show me how my script is supposed to look like so i can copy and paste?
    Edit:
    Nevermind I got it to work and umm... Can someoen tell me how to display the table?
     
    Last edited: Dec 23, 2008
  17. gomarc

    gomarc Member

    Messages:
    516
    Likes Received:
    18
    Trophy Points:
    18
  18. vol7ron

    vol7ron New Member

    Messages:
    434
    Likes Received:
    0
    Trophy Points:
    0
    If after looking at gomarc's suggestion, please open a new thread.
     

Share This Page