php form -> mysql problem (please help!)

Codes here !

Moderators: egami, macek, gesf

Post Reply
Xerpher
New php-forum User
New php-forum User
Posts: 164
Joined: Tue Aug 27, 2002 8:25 pm
Location: Ontario, Canada
Contact:

Sun Mar 23, 2003 5:37 pm

That's because your using the ancient way of calling form variables which is both a security whole and no longer works... Try this:

Code: Select all

<?php 
$dbh = mysql_connect ("localhost", "ascendan_cat", "paws") or die ( 'I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("ascendan_pets") or die (mysql_error());
$result = mysql_query ("INSERT INTO pets (Name, Fav food) values ('".$_POST['petname']."','".$_POST['ffood']."')", $dbh);
?>
<form method="post" action="<?php echo $PHP_SELF?>">
Pet Name: <input type="text" name="petname"><br>
Favourite Food: <input type="text" name="ffood"><br>
<input type="submit" name="submit" value="Enter information">
</form>
Terra Design, my business and sole / huge PHP project... a fully dynamic and adaptive site engine.

User avatar
mammal
New php-forum User
New php-forum User
Posts: 37
Joined: Wed Apr 02, 2003 1:31 am
Location: Hythe, UK

Wed Apr 02, 2003 2:16 am

Try this:

<?php

if ($ffood AND $petname) {

$db = mysql_connect ("localhost", "ascendan_cat", "paws");
$db_select = mysql_select_db ("ascendan_pets");
if (!$db){ echo "DB Connection Failure";}
if (!$db_select){ echo "DB Selection Failure";}

$query = "INSERT INTO pets (Name, Fav food) VALUES ('$petname', '$ffood')";

// echo $query;
/* Uncomment the echo command above to see the SQL query printed on the screen. If the variables are missing you may have global_variable turned ON there you can try $HTTP_POST_VARS[petname] AND $HTTP_POST_VARS[ffood] instead. */

if ($result = mysql_query ($query)) {
echo "Information Inserted";
} else {
echo "Database Error Occured!";
}
}
?>
<form method="post" action="<?=$PHP_SELF ?>">
Pet Name: <input type="text" name="petname"><br>
Favourite Food: <input type="text" name="ffood"><br>
<input type="submit" name="submit" value="Enter information">
</form>

User avatar
Redcircle
Moderator
Moderator
Posts: 826
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA
Contact:

Wed Apr 02, 2003 5:57 pm

Try this code.

Code: Select all

<?php 

$dbh = mysql_connect ("localhost", "ascendan_cat", "paws") or die ( 'I cannot connect to the database because: ' . mysql_error());

mysql_select_db ("ascendan_pets") or die (mysql_error());

$result = mysql_query ("INSERT INTO pets (Name, Fav food) values ('".$_POST['petname']."','".$_POST['ffood']."')", $dbh);

?>

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
Pet Name: <input type="text" name="petname"><br>
Favourite Food: <input type="text" name="ffood"><br>
<input type="submit" name="submit" value="Enter information">
</form>

Post Reply
  • Information
  • Who is online

    Users browsing this forum: Bing [Bot] and 2 guests