SitePoint Sponsor |
|
User Tag List
Results 1 to 9 of 9
Thread: Values not going to db
-
Aug 23, 2007, 09:14 #1
- Join Date
- Aug 2007
- Posts
- 318
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Values not going to db
I have made a simple form with validation. when i press the submit button then if validation is ok the content of $sql; becomes
INSERT INTO phpnews_news (mood,tags,time,month,year,subject,titletext,maintext,views,break,catid,trusted) VALUES ('1','tags','1187884757','8','2007','krishna','khanna','erts','0','0','1','0')
But NO values are not available in the db
PHP Code:<?php
session_start();
if (!isset($_SESSION['token']))
{
session_regenerate_id();
$_SESSION['token'] = true;
}//check for token
if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
{//token is correct
$token_age = time() - $_SESSION['token_time'];
if ($token_age >= 600)
{//token correct but timeout
echo "Timeout!";
exit;
}
if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] )
{
// correct security code, now validate name and other field
// Strip slashes from all GPC data
include("$_SERVER[DOCUMENT_ROOT]/includes/stripgpcslash.inc.php");
//gpc slashes stripped
//connect to db
// Do includes
include("$_SERVER[DOCUMENT_ROOT]/includes/connect.inc.php");
// end includes
//connect to db
$fault=0;
if(strlen($_POST["subject"]) > 0)//name field is set
{
$n = $_POST['subject'];
if (strlen($n) > 0 && strlen($n) < 31) //valid and sql friendly name now in $name
{
$subject = trim(mysql_real_escape_string($_POST['subject']));
}
else {
// $n is not valid
echo "you to fill your subject properly.";
$fault++;
exit;
}
}
else {
//name not set
echo "you left the subject blank.";
$fault++;
exit;
}
//validation for next field
if(strlen($_POST["titletext"]) > 0)//titletext field is set
{
$titletext = trim(mysql_real_escape_string($_POST['titletext']));
}
else {
echo "you left the titletext blank.";
$fault++;
exit;
}
//validation for next field
if(strlen($_POST["maintext"]) > 0)//content field is set
{
$maintext = trim(mysql_real_escape_string($_POST['maintext']));
}
else {
echo "you left the content field blank.";
$fault++;
exit;
}
//validating next field
if(strlen($_POST["mood"]) > 0)
{
$n = $_POST['mood'];
if ($n > 0 && $n < 10)
{
$mood = trim(mysql_real_escape_string($_POST['mood']));
}
else {
echo "you to select the mood properly.";
$fault++;
exit;
}
}
else {
echo "you left the mood field blank.";
$fault++;
exit;
}
//validating next field
if(strlen($_POST["catid"]) > 0)
{
$n = $_POST['catid'];
if ($n > 0 && $n < 9)
{
$catid = trim(mysql_real_escape_string($_POST['catid']));
}
else {
echo "you to select the category properly.";
$fault++;
exit;
}
}
else {
echo "you left the category blank.";
$fault++;
exit;
}
//validating next field
if(strlen($_POST["tags"]) > 0)
{
$tags = trim(mysql_real_escape_string($_POST['tags']));
}
else {
echo "you left the tags field blank.";
$fault++;
exit;
}
//validating next field
$date = mktime(date("G"), date("i"), date("s"), date("n"), date("d"), date("Y"));
$month=date("n", $date);
$year=date("Y", $date);
$time = strtotime("now");
$ip = $_SERVER['REMOTE_ADDR'];
$sql="INSERT INTO phpnews_news (mood,tags,time,month,year,subject,titletext,maintext,views,break,catid,trusted)
VALUES ('$mood','tags','$time','$month','$year','$subject','$titletext','$maintext','0','0','$catid','0')";
mysql_close($con);
if(! $fault)
{
echo $sql;
exit;
}
}
else {
// security code is invalid
echo " invalid code.";
exit; }
}
else
{
echo "invalid referrer!";
exit;
}
?>
-
Aug 23, 2007, 09:17 #2
- Join Date
- May 2006
- Location
- Ventura, CA
- Posts
- 2,750
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
It could be that nowhere in your code are you running mysql_query?
-
Aug 23, 2007, 09:18 #3
- Join Date
- May 2007
- Posts
- 40
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Use mysql_query($sql); instead of mysql_close($con);
-
Aug 23, 2007, 09:28 #4
- Join Date
- Jul 2006
- Location
- Dundee, Scotland
- Posts
- 179
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
As has already been pointed out you are not using mysql_query() so the sql is never being executed.
As well as this you should also enclose table names and gield names in backticks so your sql would be:-
INSERT INTO `phpnews_news` (`mood`,`tags`,`time`,`month`,`year`,`subject`,`titletext`,`maintext`,`views`,`break`,`catid`,`trusted`) VALUES ('$mood','tags','$time','$month','$year','$subject','$titletext','$maintext','0','0','$catid','0')
-
Aug 23, 2007, 09:46 #5
- Join Date
- Jul 2002
- Location
- Toronto, Canada
- Posts
- 39,347
- Mentioned
- 63 Post(s)
- Tagged
- 3 Thread(s)
actually, no, you shouldn't
you should never name a table or column with a name that requires backticks
also, you shouldn't use quotes around numeric literals
change this --
INSERT INTO `tablename` ( ... `catid` ... ) VALUES ( ... '0' ... )
to this --
INSERT INTO tablename ( ... catid ... ) VALUES ( ... 0 ... )
-
Aug 23, 2007, 09:55 #6
I think backticks are necessary only when you are using reserved keywords as table or column name.
For example, this won't work:
create database CURRENT_TIME
but this would work:
create database `CURRENT_TIME`.
-
Aug 23, 2007, 11:24 #7
- Join Date
- May 2006
- Location
- Lancaster University, UK
- Posts
- 7,062
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
Not really...
I have come across some mysql versions which completely mess up when you don't enclose the names in backticks when using a certain non-alphanumeric character.Jake Arkinstall
"Sometimes you don't need to reinvent the wheel;
Sometimes its enough to make that wheel more rounded"-Molona
-
Aug 23, 2007, 11:30 #8
- Join Date
- Jul 2002
- Location
- Toronto, Canada
- Posts
- 39,347
- Mentioned
- 63 Post(s)
- Tagged
- 3 Thread(s)
don't do that then
never name a table or column with a name that requires backticks
-
Aug 23, 2007, 11:54 #9
- Join Date
- Nov 2004
- Location
- Lincoln Nebraska
- Posts
- 1,161
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Yes like when using "password" for a field name (which I usually avoid by calling the field pass instead).
Also you have some error handling in most of your script but then you don't for the database part. You shouldn't echo the results of mysql_error in production, but having it there for debugging is pretty useful.
Bookmarks