...

View Full Version : Data not being stored/selected



nicky
08-08-2008, 09:16 PM
Here is my page... www.inthedesigns.net/comment.php

When I go to test my comment form, it successfully submits, but the information doesn't get stored in the table or displayed on my page. I'm not sure what coding you would need me to give you to help, but this is so irritating.

Fumigator
08-08-2008, 09:25 PM
The comment is getting created, because the number of blank comments increases as you add, so the problem is probably either the comment being inserted is blank for some reason or the mechanism that displays the comments isn't properly echoing the data from the table.

Can't help without seeing the code of course....

nicky
08-10-2008, 01:39 AM
The comment is getting created, because the number of blank comments increases as you add, so the problem is probably either the comment being inserted is blank for some reason or the mechanism that displays the comments isn't properly echoing the data from the table.

Can't help without seeing the code of course....

Here is the code on my first page which contains the posts and then the form to fill it out.



<h1>View Comments</h1>

<?php

include("connect.php");

$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);

while($rows=mysql_fetch_array($result)){
?>

<p>Posted by <a href="mailto:<? echo $rows['email']; ?>"><? echo $rows['name']; ?></a> on <? echo $rows['datetime']; ?>
<br/>Comment: <? echo $rows['comment']; ?></p>

<?
}
mysql_close(); //close database
?>

<h1>Post a Comment</h1>

<form id="form1" name="form1" method="post" action="addcomment.php">

<div class="center">
<strong>Name:</strong>
<br/><input name="name" type="text" id="name" size="25"/>

<p><strong>Email Address:</strong>
<br/><input name="email" type="text" id="email" size="25"/></p>

<p><strong>Comment:</strong>
<br/><textarea name="comment" cols="35" rows="5" id="comment"></textarea></p>

<p><input type="submit" class="button" value=" Post Comment "/></p>
</div>
</form>



And here is the code for the addcomment.php page.



<?php

include("connect.php");

$datetime=date("l, F jS g:i A"); //date time

$sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
$result=mysql_query($sql);

//check if query successful
if($result){
echo "Your post has successfully been submitted.";
echo "<BR>";
echo "<a href='comment.php'>View Comments</a>"; // link to view guestbook page
}

else {
echo "ERROR";
}

mysql_close();
?>

Fumigator
08-10-2008, 04:16 AM
Do your variables $name, $email, etc, contain values?

nicky
08-10-2008, 02:28 PM
Like within the database table? Or in the form?

Fumigator
08-10-2008, 06:41 PM
Like at the point your script uses those variables to insert a row into your database. Use echo to find out.

nicky
08-11-2008, 07:56 PM
In the first code I gave you it says



<p>Posted by <a href="mailto:<? echo $rows['email']; ?>"><? echo $rows['name']; ?></a> on <? echo $rows['datetime']; ?>
<br/>Comment: <? echo $rows['comment']; ?></p>


Like that?

Fumigator
08-13-2008, 05:41 PM
Like add



echo $name;
echo $email;
etc.....


Right before the Insert statement. This is a basic debugging technique. If you find out there are no values in these variables, you've found your problem, and then you just need to find out why there are no values in these variables. You basically debug one step at a time, discovering a little bit of information at each step that leads to what the next step must be, like bread crumbs in a forest, eventually bringin you to a solution.

nicky
08-14-2008, 06:31 PM
That didn't work. :[

Fumigator
08-14-2008, 10:21 PM
It's not meant to fix the problem, it's meant to give you enough information about the problem to find the solution, or at least the next step in finding the solution.

If your variables $name and $email are empty, then that's exactly what's being inserted into your table. So did you find out if they are empty? Yes?

Now you've got to find out why they are empty. Where are you putting values into them? Are you assuming register_globals is turned on? If so, is register_globals actually turned on?

nicky
08-17-2008, 02:28 PM
Register globals is turned off. Should I turn it on?

CFMaBiSmAd
08-17-2008, 03:35 PM
No. Don't turn register globals on. They were turned off in php4.2 in the year 2002 because they were the greatest security blunder ever deliberately added to a programming language and they have been completely eliminated in upcoming php6. No new code, new books, new tutorials, or new hosting accounts should have been created after 2002 that relied on register globals or turned them on and all code that is dependent on register globals will stop working under php6.

What Fumigator was trying to get you to realize is that the code you posted is not specifically setting the program variables $name, $email, and $comment that are being used in the INSERT query, which is why empty values are being inserted and displayed. The posted code is dependent on register_globals being on to "magically" populate program variables from GET/POST/COOKIE/SESSION variables. (Register_globals also allow SESSION variables to be "magically" set to any value a hacker wants by sending your script GET/POST/COOKIE values using the same name as a session variable.)

You need to set the variables $name, $email, and $comment from the equivalent $_POST variables. You also need to validate what is in them (are they empty, do they contain bad content...) and escape what is in them using mysql_real_escape_string() to prevent sql injection.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum