Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Jul 2005
    Posts
    153
    Thanks
    1
    Thanked 0 Times in 0 Posts

    php insert not working

    Hey Guys

    I have moved my site to a new hosting company and the sites forms do not insert to the database. I have made a sql user with every permision but no luck. It inserts a unique ID with the auto increment but thats it??



    PHP Code:

    <?php
    $con 
    mysql_connect("localhost","scor_test","test");
    if (!
    $con)
      {
      die(
    'Could not connect: ' mysql_error());
      }
    mysql_select_db("scor_main"$con);$sql="INSERT INTO contact (contact_name,contact_email,contact_comments)
    VALUES
    ('$_POST[contact_name]','$_POST[contact_email]','$_POST[contact_comments]')"
    ;if (!mysql_query($sql,$con))
      {
      die(
    'Error: ' mysql_error());
      }
    echo 
    "1 record added";mysql_close($con)
    ?>

  • #2
    Banned
    Join Date
    Feb 2008
    Location
    Winnipeg, Canada
    Posts
    396
    Thanks
    0
    Thanked 29 Times in 29 Posts
    Let's see the form that is posting to this script.

  • #3
    Regular Coder
    Join Date
    Jul 2005
    Posts
    153
    Thanks
    1
    Thanked 0 Times in 0 Posts
    lol found it

    method="post">


    its funny how it woked on the old server with method="get">

  • #4
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    The old server probably had register globals on though your current code is poorly written. You have no security in place making sure the user doesn't use mysql injection. You also don't check to see if the post is empty or not so you are putting in empty fields into your database. At its most basic form here is your code
    PHP Code:
    <?php
    $con 
    mysql_connect("localhost","scor_test","test") or die('Could not connect: ' mysql_error());
    mysql_select_db("scor_main"$con);
    if(
    trim($_POST['contact_name']) != '' || trim($_POST['contact_email']) != '' || trim($_POST['contact_comments']) != '')
    {
        
    $name mysql_real_escape_string($_POST['contact_name']);
        
    $email mysql_real_escape_string($_POST['contact_email']);
        
    $comments mysql_real_escape_string($_POST['contact_comments']);
        
    $sql "INSERT INTO contact (contact_name,contact_email,contact_comments) VALUES('$name','$email','$comments')";
        
    $result mysql_query($sql,$con) or die('Error: ' mysql_error());
        echo 
    "1 record added";
    }
    else
    {
        echo 
    'One or more of the inputs was empty, please fix them';
    }
    mysql_close($con);
    ?>
    It has simple error checking that needs to be expanded on. Read this about writing secure php: http://www.ilovejackdaniels.com/php/writing-secure-php/
    ||||If you are getting paid to do a job, don't ask for help on it!||||


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •