<?php /** First thing, we create a function that will make your data safe! **/ function mssql_escape($data) { if(is_numeric($data)) return $data; $unpacked = unpack('H*hex', $data); return '0x' . $unpacked['hex']; }
if (isset($_POST['LOWNUMBER'])) { //now we loop through the post data and sanitize it! foreach ($_POST as $key=>$value) { $_POST[$key] = mssql_escape($value); }
//now we build the query! $strSQL = "INSERT INTO MSAG "; $strSQL .="(StreetName) "; $strSQL .="VALUES "; $strSQL .= "({$_POST['StreetName']})";
//now we insert it mssql_query($strSQL); } ?>
<?php include 'includes/head/head_main.php'; ?>
<div id = "top_content"> <body>
<?php include 'includes/header/header_main.php'; ?>
The form shows up fine on this one, however, on submit, it thows an internal 500 error. I turned on error reporting, but that didnt help at all:
PHP Code:
<?php
ini_set('error_reporting', E_ALL);
/**
First thing, we create a function that will make your data safe!
**/
function mssql_escape($data) {
if(is_numeric($data))
return $data;
$unpacked = unpack('H*hex', $data);
return '0x' . $unpacked['hex'];
}
if (isset($_POST['LOWNUMBER'])) {
//now we loop through the post data and sanitize it!
foreach ($_POST as $key=>$value) {
$_POST[$key] = mssql_escape($value);
}
//now we build the query!
$strSQL = "INSERT INTO MSAG ";
$strSQL .="(StreetName) ";
$strSQL .="VALUES ";
$strSQL .= "({$_POST['StreetName']})";
//now we insert it
mssql_query($strSQL);
}
?>
<?php include 'includes/head/head_main.php'; ?>
<div id = "top_content">
<body>
<?php include 'includes/header/header_main.php'; ?>
Also, when this code is fixed, up and running, is there a place I can post it so that others can reference it should they be new and have this problem?
//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value.
Thats because he's a bl**dy good coder who knows his stuff. The better you become at coding the less tolerant you become with mistakes.
That's right! I'm [practically] perfect hehehe
One day I'll actually start programming again. My skills are becoming a bit antiquated over the past few years.
okay, now it shows the error being thrown:
Fatal error: Call to undefined function mssql_query() in C:\Inetpub\wwwroot\msag\enter.php on line 28
PHP Code:
<?php
include 'includes/db/connect.php';
ini_set("display_errors", "on");
/**
First thing, we create a function that will make your data safe!
**/
function mssql_escape($data) {
if(is_numeric($data))
return $data;
$unpacked = unpack('H*hex', $data);
return '0x' . $unpacked['hex'];
}
if (isset($_POST['LOWNUMBER'])) {
//now we loop through the post data and sanitize it!
foreach ($_POST as $key=>$value) {
$_POST[$key] = mssql_escape($value);
}
//now we build the query!
$strSQL = "INSERT INTO MSAG ";
$strSQL .="(StreetName) ";
$strSQL .="VALUES ";
$strSQL .= "({$_POST['StreetName']})";
//now we insert it
mssql_query($strSQL);
}
?>
<?php include 'includes/head/head_main.php'; ?>
<div id = "top_content">
<body>
<?php include 'includes/header/header_main.php'; ?>
You'll need to use the SQLSrv or PDO packages. The mssql isn't available on 5.3+, which appears to likely be the case here (or its just disabled).
You can use any language that's capable of external resource to manipulate a database. If you are looking for ease of use, then with SQLServer it would be easiest done using C# or VB.
Thats because he's a bl**dy good coder who knows his stuff. The better you become at coding the less tolerant you become with mistakes.
So true i feel really bad about giving out wrong info like that, honestly i should be thanking willscarlet because i leaned today that there is such a thing as MsSQL, its the first i have heard of it and again i am so sorry. I have only dealt with MySql and i had terrible tunnel vision on this one. When i saw MsSQL i thought it was a typo on his part. Again sorry lol.. .
Here is something i hope Fou-Lu and the rest of us will chuckle about, for the longest time (i dont know why) but until recently (a few weeks ago) i always thought Fou-Lu was a female lmao...
Fou, you are correct again. I remember having this issue in the very beggining when I started this project. I had to convert all the MySQL to sqlsrv for the most part. I did so, and had to add my $conn, variable to the query as well to clear a new error that arose. The new code now shows up, on the screen, when I hit submit, it refreshes the page (clearing the form data fields) but still is not inserting it into the database for some reason.
code:
PHP Code:
<?php
include 'includes/db/connect.php';
ini_set("display_errors", "on");
/**
First thing, we create a function that will make your data safe!
**/
function mssql_escape($data) {
if(is_numeric($data))
return $data;
$unpacked = unpack('H*hex', $data);
return '0x' . $unpacked['hex'];
}
if (isset($_POST['LOWNUMBER'])) {
//now we loop through the post data and sanitize it!
foreach ($_POST as $key=>$value) {
$_POST[$key] = mssql_escape($value);
}
//now we build the query!
$strSQL = "INSERT INTO MSAG ";
$strSQL .="(StreetName) ";
$strSQL .="VALUES ";
$strSQL .= "({$_POST['StreetName']})";
//now we insert it
sqlsrv_query($conn, $strSQL);
}
?>
<?php include 'includes/head/head_main.php'; ?>
<div id = "top_content">
<body>
<?php include 'includes/header/header_main.php'; ?>
If you insert it as a flat sql string, you need to provide the proper datatypes: $strSQL .= "({$_POST['StreetName']})"; . Assuming that street name is a string, you need to change that into $strSQL .= "('{$_POST['StreetName']}')"; (although you will need to execute an escape sequence on it such as the one provided by idalatob). Personally I'd use the parameter's for the statement.
You can verify that this is a datatype issue by executing the sqlsrv_query with an or die(print_r(sqlsrv_error(), true)); and inspecting the error.
Edit:
Quote:
Originally Posted by durangod
Here is something i hope Fou-Lu and the rest of us will chuckle about, for the longest time (i dont know why) but until recently (a few weeks ago) i always thought Fou-Lu was a female lmao...
I thank you for taking the time to continue to help me figure this out, however, I fear I may be a tad too simple minded. Im am very confused about your last post sir. Im sure it was worded properly, I just dont quite understand. Yes sir, StreetName is a string, I am assuming that the fields that are not strings I would simply need to take the ' out of it? I did change my code to what i believe you said to, and the results are still the same (Page just refreshes, nothign added to the DB):
PHP Code:
<?php
include 'includes/db/connect.php';
ini_set("display_errors", "on");
/**
First thing, we create a function that will make your data safe!
**/
function mssql_escape($data) {
if(is_numeric($data))
return $data;
$unpacked = unpack('H*hex', $data);
return '0x' . $unpacked['hex'];
}
if (isset($_POST['LOWNUMBER'])) {
//now we loop through the post data and sanitize it!
foreach ($_POST as $key=>$value) {
$_POST[$key] = mssql_escape($value);
}
//now we build the query!
$strSQL = "INSERT INTO MSAG ";
$strSQL .="(StreetName) ";
$strSQL .="VALUES ";
$strSQL .= "('{$_POST['StreetName']}')";
//now we insert it
sqlsrv_query($conn, $strSQL) or die(print_r(sqlsrv_error(), true));
}
?>
<?php include 'includes/head/head_main.php'; ?>
<div id = "top_content">
<body>
<?php include 'includes/header/header_main.php'; ?>
No error tossed against the sqlsrv_error?
Just looking at it I'd have to guess that the record itself cannot consist of just the StreetName. I can't tell for sure, but I would presume that you have more fields that are required for the insertion point, but I'd also expect that the sqlsrv_error would indicate that. Since it does not, it lends weight to the issue being that $_POST['LOWNUMBER'] isn't set. Looks to me that it is though. Make sure you are executing this script from scratch, not just refreshing and sending the same data.
I'm not 100% sure that the quotes are required actually. This is a hex string going in, so it may want it as a number. But if that were the case you'd be limited to 32/64 bit in length as well, so that wouldn't make sense. I'd expect it would also throw an error in the die call.
Wait I think I found it here. The error is actually sqlsrv_errors() with an 's' at the end. Make sure you open the error reporting up with error_reporting(E_ALL); that should have thrown an undefined function error.
/**
First thing, we create a function that will make your data safe!
**/
function mssql_escape($data) {
if(is_numeric($data))
return $data;
$unpacked = unpack('H*hex', $data);
return '0x' . $unpacked['hex'];
}
if (isset($_POST['LOWNUMBER'])) {
//now we loop through the post data and sanitize it!
foreach ($_POST as $key=>$value) {
$_POST[$key] = mssql_escape($value);
}
//now we build the query!
$strSQL = "INSERT INTO MSAG ";
$strSQL .="(StreetName) ";
$strSQL .="VALUES ";
$strSQL .= "('{$_POST['StreetName']}')";
//now we insert it
sqlsrv_query($conn, $strSQL) or die(print_r(sqlsrv_errors(), true));
}
?>
<?php include 'includes/head/head_main.php'; ?>
<div id = "top_content">
<body>
<?php include 'includes/header/header_main.php'; ?>
Before you post, read our: 
