SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Addict
    Join Date
    Aug 2007
    Posts
    318
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Values not going to db

    I have made a simple form with validation. when i press the submit button then if validation is ok the content of $sql; becomes

    INSERT INTO phpnews_news (mood,tags,time,month,year,subject,titletext,maintext,views,break,catid,trusted) VALUES ('1','tags','1187884757','8','2007','krishna','khanna','erts','0','0','1','0')

    But NO values are not available in the db

    PHP Code:
    <?php
    session_start
    ();

    if (!isset(
    $_SESSION['token']))
      {
        
    session_regenerate_id();
        
    $_SESSION['token'] = true;
      }
    //check for token

    if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
      {
    //token is correct
        
    $token_age time() - $_SESSION['token_time'];
        if (
    $token_age >= 600)
           {
    //token correct but timeout
        
    echo "Timeout!";
        exit;
            }
                if(isset(
    $_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] ) 
                  {
                  
    // correct security code, now validate name and other field


    // Strip slashes from all GPC data
    include("$_SERVER[DOCUMENT_ROOT]/includes/stripgpcslash.inc.php");
    //gpc slashes stripped

    //connect to db
        // Do includes
    include("$_SERVER[DOCUMENT_ROOT]/includes/connect.inc.php");
        
    // end includes
    //connect to db
                
    $fault=0;
                  if(
    strlen($_POST["subject"]) > 0)//name field is set
                  
    {
                   
    $n $_POST['subject'];
                   if (
    strlen($n) > && strlen($n) < 31//valid and sql friendly name now in $name
                     
    {
                     
    $subject trim(mysql_real_escape_string($_POST['subject']));
                     }
                   else {
                     
    // $n is not valid
                         
    echo "you to fill your subject properly.";
                   
    $fault++;
                   exit;
                        }
                       }     
                else {
                    
    //name not set
                   
    echo "you left the subject blank.";
                   
    $fault++;
                   exit;
                     }     

    //validation for next field
              
    if(strlen($_POST["titletext"]) > 0)//titletext field is set
                  
    {
                   
    $titletext trim(mysql_real_escape_string($_POST['titletext']));
                        }     
                else {
                echo 
    "you left the titletext blank.";
                
    $fault++;
                exit;
                     }     

    //validation for next field
              
    if(strlen($_POST["maintext"]) > 0)//content  field is set
                  
    {
                   
    $maintext trim(mysql_real_escape_string($_POST['maintext']));
                        }     
                else {
                echo 
    "you left the content field blank.";
                
    $fault++;
                exit;
                     }     

    //validating next field

              
    if(strlen($_POST["mood"]) > 0)
                  {
                   
    $n $_POST['mood'];
                   if (
    $n && $n 10
                     {
                      
    $mood trim(mysql_real_escape_string($_POST['mood']));
                           }
                   else {
                   echo 
    "you to select the mood properly.";
                   
    $fault++;
                   exit;
                        }
                       }     
                else {
                echo 
    "you left the mood field blank.";
                
    $fault++;    
                exit;
                     }     

    //validating next field

              
    if(strlen($_POST["catid"]) > 0)
                  {
                   
    $n $_POST['catid'];
                   if (
    $n && $n 9
                     {
                      
    $catid trim(mysql_real_escape_string($_POST['catid']));
                           }
                   else {
                   echo 
    "you to select the category properly.";
                   
    $fault++;
                   exit;
                        }
                       }     
                else {
                echo 
    "you left the category blank.";
                
    $fault++;    
                exit;
                     }     

    //validating next field

              
    if(strlen($_POST["tags"]) > 0)
                  {
                   
    $tags trim(mysql_real_escape_string($_POST['tags']));
                        }     
                else {
                      echo 
    "you left the tags field blank.";
                
    $fault++;    
                exit;
                     }     
    //validating next field

    $date mktime(date("G"), date("i"), date("s"), date("n"), date("d"), date("Y"));

    $month=date("n"$date);
    $year=date("Y"$date);
    $time strtotime("now");
    $ip $_SERVER['REMOTE_ADDR'];

    $sql="INSERT INTO phpnews_news (mood,tags,time,month,year,subject,titletext,maintext,views,break,catid,trusted)
    VALUES ('
    $mood','tags','$time','$month','$year','$subject','$titletext','$maintext','0','0','$catid','0')";
    mysql_close($con);

    if(! 
    $fault)
    {
    echo 
    $sql;
    exit;
    }
                  }
                    else {
                  
    // security code is invalid
                
    echo " invalid code.";
                exit;    }
      }
    else    
        {
    echo 
    "invalid referrer!";
    exit;
        }
    ?>

  2. #2
    SitePoint Wizard chris_fuel's Avatar
    Join Date
    May 2006
    Location
    Ventura, CA
    Posts
    2,751
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It could be that nowhere in your code are you running mysql_query?

  3. #3
    SitePoint Enthusiast
    Join Date
    May 2007
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use mysql_query($sql); instead of mysql_close($con);

  4. #4
    SitePoint Zealot
    Join Date
    Jul 2006
    Location
    Dundee, Scotland
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As has already been pointed out you are not using mysql_query() so the sql is never being executed.

    As well as this you should also enclose table names and gield names in backticks so your sql would be:-

    INSERT INTO `phpnews_news` (`mood`,`tags`,`time`,`month`,`year`,`subject`,`titletext`,`maintext`,`views`,`break`,`catid`,`trusted`) VALUES ('$mood','tags','$time','$month','$year','$subject','$titletext','$maintext','0','0','$catid','0')

  5. #5
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,016
    Mentioned
    53 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by filth View Post
    As well as this you should also enclose table names and field names in backticks...
    actually, no, you shouldn't

    you should never name a table or column with a name that requires backticks

    also, you shouldn't use quotes around numeric literals

    change this --

    INSERT INTO `tablename` ( ... `catid` ... ) VALUES ( ... '0' ... )

    to this --

    INSERT INTO tablename ( ... catid ... ) VALUES ( ... 0 ... )

    r937.com | rudy.ca | Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  6. #6
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,561
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think backticks are necessary only when you are using reserved keywords as table or column name.

    For example, this won't work:
    create database CURRENT_TIME

    but this would work:
    create database `CURRENT_TIME`.

  7. #7
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Not really...

    I have come across some mysql versions which completely mess up when you don't enclose the names in backticks when using a certain non-alphanumeric character.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  8. #8
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,016
    Mentioned
    53 Post(s)
    Tagged
    2 Thread(s)
    don't do that then

    never name a table or column with a name that requires backticks
    r937.com | rudy.ca | Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  9. #9
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,160
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes like when using "password" for a field name (which I usually avoid by calling the field pass instead).

    Also you have some error handling in most of your script but then you don't for the database part. You shouldn't echo the results of mysql_error in production, but having it there for debugging is pretty useful.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •