SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Mar 2011
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    insert mysql from form and exteral variable

    A mysql table with 8 field, which 4 value i want to take from a form and other 4 value from initializing variable. My code is here...

    1st field is auto increment, all value is inserting in table except initialized variable $cat and $subcat...


    <?php

    $cat = "aits";
    $subcat = "asdf";

    if (isset($_POST['name']) && isset($_POST['body'])) {
    $ret = add_to_database();
    if (!$ret) {
    print "";
    } else {
    print "Thank you for submission";
    }
    } else {
    write_form();
    }

    //functions
    function write_form() {
    $self =$_SERVER['PHP_SELF'];
    echo <<<EOT
    <form action="$self" method="POST">
    <table>
    <tr>
    <td width="50">Cell 1</td>
    <td width="350"><input type="text" name="name" style="width:100%"/></td>
    </tr>
    <tr>
    <td>Cell 3</td>
    <td><textarea name="body" cols="41" rows="5" name="des">
    </textarea></td>
    </tr>
    <tr>
    <td>Cell 3</td>
    <td><input type="text" name="url" style="width:100%"/></td>
    </tr>
    <tr>
    <td>Cell 3</td>
    <td><input type="text" name="email" style="width:100%"/></td>
    </tr>
    </table>

    </br>
    <input type="submit" style="margin-left:200px" value="submit"/>

    </form>
    EOT;
    }
    echo "$cat";
    echo "</br>";
    echo "$subcat";


    function add_to_database() {
    $name = trim($_POST['name']);
    $body = trim($_POST['body']);
    $url = trim($_POST['url']);
    $email = trim($_POST['email']);


    echo "$cat";
    echo "</br>";
    echo "$subcat";

    $date=date("Y-m-d");

    mysql_connect("localhost","root", "mdismail") or die("Couldn't connect to server");
    mysql_select_db("test");


    $sql = "INSERT INTO submit VALUES (' ','$name','$body','$url','$email','$cat','$subcat','$date')";

    mysql_query($sql);

    mysql_close();
    return true;
    }
    echo "$cat";
    ?>


    please give me a solution

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    If you posted the entire code and you wrote it then I should tell you what you are doing is totally insecure.

    If you posted the entire code and if someone else wrote that then you should both be sacked, you for buying it and them for writing it.

    That said, if this WAS working before, and has suddenly stopped working this may have been caused by a little known feature of Mysql.

    In Mysql 4 you were able to do this:
    Code:
    $sql = "INSERT INTO submit VALUES (' ','$name','$body' // etc
    Which exploited a failure in Mysql's integer handling for auto-increment fields - we were allowed to enter an empty string.

    In Mysql 5, you must use either leave the field out completely
    Code:
    $sql = "INSERT INTO submit VALUES ( '$name','$body' // etc
    OR Enter a 0.
    Code:
    $sql = "INSERT INTO submit VALUES (0 , '$name','$body' // etc
    So it was not a bug in Mysql 5 but a bug in Mysql 4 which permitted us to make such an error.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •