Values not going to db

**krishnakhanna** · Aug 23, 2007, 08:14

I have made a simple form with validation. when i press the submit button then if validation is ok the content of $sql; becomes

INSERT INTO phpnews_news (mood,tags,time,month,year,subject,titletext,maintext,views,break,catid,trusted) VALUES ('1','tags','1187884757','8','2007','krishna','khanna','erts','0','0','1','0')

But NO values are not available in the db

PHP Code:


<?php

session_start();



if (!isset($_SESSION['token']))

  {

    session_regenerate_id();

    $_SESSION['token'] = true;

  }//check for token



if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])

  {//token is correct

    $token_age = time() - $_SESSION['token_time'];

    if ($token_age >= 600)

       {//token correct but timeout

    echo "Timeout!";

    exit;

        }

            if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] ) 

              {

              // correct security code, now validate name and other field





// Strip slashes from all GPC data

include("$_SERVER[DOCUMENT_ROOT]/includes/stripgpcslash.inc.php");

//gpc slashes stripped



//connect to db

    // Do includes

include("$_SERVER[DOCUMENT_ROOT]/includes/connect.inc.php");

    // end includes

//connect to db

            $fault=0;

              if(strlen($_POST["subject"]) > 0)//name field is set

              {

               $n = $_POST['subject'];

               if (strlen($n) > 0 && strlen($n) < 31) //valid and sql friendly name now in $name

                 {

                 $subject = trim(mysql_real_escape_string($_POST['subject']));

                 }

               else {

                 // $n is not valid

                     echo "you to fill your subject properly.";

               $fault++;

               exit;

                    }

                   }     

            else {

                //name not set

               echo "you left the subject blank.";

               $fault++;

               exit;

                 }     



//validation for next field

          if(strlen($_POST["titletext"]) > 0)//titletext field is set

              {

               $titletext = trim(mysql_real_escape_string($_POST['titletext']));

                    }     

            else {

            echo "you left the titletext blank.";

            $fault++;

            exit;

                 }     



//validation for next field

          if(strlen($_POST["maintext"]) > 0)//content  field is set

              {

               $maintext = trim(mysql_real_escape_string($_POST['maintext']));

                    }     

            else {

            echo "you left the content field blank.";

            $fault++;

            exit;

                 }     



//validating next field



          if(strlen($_POST["mood"]) > 0)

              {

               $n = $_POST['mood'];

               if ($n > 0 && $n < 10) 

                 {

                  $mood = trim(mysql_real_escape_string($_POST['mood']));

                       }

               else {

               echo "you to select the mood properly.";

               $fault++;

               exit;

                    }

                   }     

            else {

            echo "you left the mood field blank.";

            $fault++;    

            exit;

                 }     



//validating next field



          if(strlen($_POST["catid"]) > 0)

              {

               $n = $_POST['catid'];

               if ($n > 0 && $n < 9) 

                 {

                  $catid = trim(mysql_real_escape_string($_POST['catid']));

                       }

               else {

               echo "you to select the category properly.";

               $fault++;

               exit;

                    }

                   }     

            else {

            echo "you left the category blank.";

            $fault++;    

            exit;

                 }     



//validating next field



          if(strlen($_POST["tags"]) > 0)

              {

               $tags = trim(mysql_real_escape_string($_POST['tags']));

                    }     

            else {

                  echo "you left the tags field blank.";

            $fault++;    

            exit;

                 }     

//validating next field



$date = mktime(date("G"), date("i"), date("s"), date("n"), date("d"), date("Y"));



$month=date("n", $date);

$year=date("Y", $date);

$time = strtotime("now");

$ip = $_SERVER['REMOTE_ADDR'];



$sql="INSERT INTO phpnews_news (mood,tags,time,month,year,subject,titletext,maintext,views,break,catid,trusted)

VALUES ('$mood','tags','$time','$month','$year','$subject','$titletext','$maintext','0','0','$catid','0')";

mysql_close($con);



if(! $fault)

{

echo $sql;

exit;

}

              }

                else {

              // security code is invalid

            echo " invalid code.";

            exit;    }

  }

else    

    {

echo "invalid referrer!";

exit;

    }

?>

**chris_fuel** · Aug 23, 2007, 08:17

It could be that nowhere in your code are you running mysql_query?

**mysql_beginner** · Aug 23, 2007, 08:18

Use mysql_query($sql); instead of mysql_close($con);

**filth** · Aug 23, 2007, 08:28

As has already been pointed out you are not using mysql_query() so the sql is never being executed.

As well as this you should also enclose table names and gield names in backticks so your sql would be:-

INSERT INTO `phpnews_news` (`mood`,`tags`,`time`,`month`,`year`,`subject`,`titletext`,`maintext`,`views`,`break`,`catid`,`trusted`) VALUES ('$mood','tags','$time','$month','$year','$subject','$titletext','$maintext','0','0','$catid','0')

**r937** · Aug 23, 2007, 08:46

Originally Posted by filth

As well as this you should also enclose table names and field names in backticks...

actually, no, you shouldn't

you should never name a table or column with a name that requires backticks

also, you shouldn't use quotes around numeric literals

change this --

INSERT INTO `tablename` ( ... `catid` ... ) VALUES ( ... '0' ... )

to this --

INSERT INTO tablename ( ... catid ... ) VALUES ( ... 0 ... )

**Kailash Badu** · Aug 23, 2007, 08:55

I think backticks are necessary only when you are using reserved keywords as table or column name.

For example, this won't work:
create database CURRENT_TIME

but this would work:
create database `CURRENT_TIME`.

**Jake Arkinstall** · Aug 23, 2007, 10:24

Not really...

I have come across some mysql versions which completely mess up when you don't enclose the names in backticks when using a certain non-alphanumeric character.

**r937** · Aug 23, 2007, 10:30

don't do that then

never name a table or column with a name that requires backticks

**Hammer65** · Aug 23, 2007, 10:54

Yes like when using "password" for a field name (which I usually avoid by calling the field pass instead).

Also you have some error handling in most of your script but then you don't for the database part. You shouldn't echo the results of mysql_error in production, but having it there for debugging is pretty useful.

The SitePoint Forums have moved.

User Tag List

Thread: Values not going to db

Thread Tools

Display

Values not going to db

Bookmarks

Bookmarks

Posting Permissions