#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    258
    Rep Power
    13

    Data not Inserting to MySQL via PHP?


    I've got a comment type script that shows current comments and then has a space for visitors to submit new ones. Things were going fine but now no worky... I inserted data directly to the database and that is CORRECTLY showing where the current comments are...but for some reason the new comments aren't inserting from that page.

    Is there something here that looks obviously wrong?
    PHP Code:

    <? 

    ////////////////////////////////
    // This checks to see if we need to add another guestbook entry.
    ////////////////////////////////
    if (($REQUEST_METHOD=='POST')) {
     include(
    "san.php");
    ////////////////////////////////
    // This loop removed "dangerous" characters from the posted data
    // and puts backslashes in front of characters that might cause problems in the database.


      // This will catch if someone is trying to submit a blank
      // or incomplete form.
      ////////////////////////////////
      
    if ($message ) {
        
        
    ////////////////////////////////
        // This is the meat of the query that updates the guests table
        ////////////////////////////////
        
    mysql_connect("192.xxx.xxx.","username","password")
                       or die(
    "Unable to connect to SQL server");
        
    mysql_select_db("mytable") or die("Unable to select database");
        
    $ip getenv ("REMOTE_ADDR"); 
        
    $query "INSERT INTO comments ";
        
    $query .= "(what_id,  ";
        
    $query .= "what, name, time_add, ip) ";
        
    $query .= "values(0000, '$message', '$name', NULL, '$ip')";
        
    mysql_query($query) or die("Insert Failed!");
        
        
      } else {

        
    ////////////////////////////////
        // If they didn't include all the required fields set a variable
        // and keep going.
        ////////////////////////////////
        
    $notall 1;

      }
    }
    ?>
    And here's my form
    Code:
    <form method="post" action="<?=$_SERVER['PHP_SELF']?>">
    Submit a comment: <TEXTAREA NAME="message" COLS="20" ROWS="4" WRAP="Virtual"></TEXTAREA><br>
     
    Your name (optional)<TEXTAREA NAME="name" COLS="20" ROWS="1" WRAP="Virtual"></TEXTAREA><br>
                    
    <INPUT TYPE="submit" VALUE="Add">
    </form>
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    189
    Rep Power
    0
    If you turned on error-reporting you might get an idea of something. At first glance I see you referencing a var called REQUEST_METHOD. Is that something you created somewhere? Or did you mean to say $_SERVER['REFERENCE_METHOD'] ?

    Comments on this post

    • mytwocents agrees
  4. #3
  5. Old Fart
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Location
    Chicago
    Posts
    108
    Rep Power
    5
    mysql is deprecated and will someday go away.
    I suggest that you consider using mysqli instead.
    See http://php.net/manual/en/book.mysqli.php

    Of course, this should not be the cause of your problem.

    Comments on this post

    • Jacques1 agrees
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    DO NOT COPYPASTE RANDOM CODE YOU FOUND SOMEWHERE ON THE INTERNET!

    That stuff you've stolen is from 1999! That's 14 years ago. It's the time of Windows 98 and the Netscape Navigator 4.

    Most of those guestbook scripts were originally written by 10-year-old kids as their very first "application". After that, the code was copypasted and copypasted and copypasted ... And it's still being copypasted in 2013.

    Now I ask you: Is this really the code you wanna have on your server? Do you really wanna make it accessible to the whole world and let anybody send any data to it?

    I don't think I would. Throw away this stuff and write your own code. Learn the language instead of relying on strangers to provide code. Yeah, programming takes much longer than copypasting, and it's much more effort. But in the end, you'll actually learn PHP. You'll know what your script does and why.

    A good way to start is by reading up on modern database code. Once you know how to do proper and secure(!) queries, it shouldn't be too hard to write a script for inserting the rows and one for displaying them.

    // I just realized you're no newbie at all, you're doing this since 2003. C'mon, you can do better than that.

    Comments on this post

    • mytwocents agrees : I copy and pasted a long time ago...fwiw :)
    Last edited by Jacques1; October 5th, 2013 at 06:37 AM.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    258
    Rep Power
    13
    Originally Posted by jimmyg999
    If you turned on error-reporting you might get an idea of something. At first glance I see you referencing a var called REQUEST_METHOD. Is that something you created somewhere? Or did you mean to say $_SERVER['REFERENCE_METHOD'] ?
    I'm not even sure what that was referencing to be honest...I've used that script for so long (and it's still working on another site I have that's housed on a different server so I'm thinking it's got something to do with the version of mysql or something...I like the 'if it ain't broke' mentality) that I just sort cut, paste, adjust. But clearly that wasn't working now so I changed things up and got it working (and yes, took that out). Thanks for pointing me in the right direction!
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    258
    Rep Power
    13
    Originally Posted by Jacques1
    DO NOT COPYPASTE RANDOM CODE YOU FOUND SOMEWHERE ON THE INTERNET!

    That stuff you've stolen is from 1999! That's 14 years ago. It's the time of Windows 98 and the Netscape Navigator 4.

    Most of those guestbook scripts were originally written by 10-year-old kids as their very first "application". After that, the code was copypasted and copypasted and copypasted ... And it's still being copypasted in 2013.

    Now I ask you: Is this really the code you wanna have on your server? Do you really wanna make it accessible to the whole world and let anybody send any data to it?

    I don't think I would. Throw away this stuff and write your own code. Learn the language instead of relying on strangers to provide code. Yeah, programming takes much longer than copypasting, and it's much more effort. But in the end, you'll actually learn PHP. You'll know what your script does and why.

    A good way to start is by reading up on modern database code. Once you know how to do proper and secure(!) queries, it shouldn't be too hard to write a script for inserting the rows and one for displaying them.

    // I just realized you're no newbie at all, you're doing this since 2003. C'mon, you can do better than that.
    I freely admit it was stolen. And truth be told, I'm a newbie in the sense that I only 'make adjustments' to code. I know my code is old...it's just that it was working, so I didn't mess with it . But I will absolutely look at the link you provided and see if I can do things the proper way.

    Thank you I'm quite embarrassed

    Comments on this post

    • Jacques1 agrees
  12. #7
  13. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    First of all: Great reaction. Many people get offended by criticism or come up with all kinds of lame excuses for why they keep the code. But you're obviously open for suggestions.

    In general, there's nothing wrong with using code from somebody else. We all do that, because we didn't write PHP or its libraries. The problem is that most of the free-floating code you'll find online is incredibly poor. It's outdated, or it's insecure, or it's simply badly written. And sometimes it's all at the same time.

    Unfortunately, it's not enough for code to kinda sorta "work". The Internet is a hostile environment. Many programmers don't realize this. They write code for friendly users who only do what they're supposed to do. But the Internet is full of frustrated kids, professional criminals and dumb people. Does your current script still "work" if confronted with this kind of user? I don't think so.

    My teacher used to call this "The panzer test": It's not enough for a bridge to hold some walkers on a sunny day. It must survive a tank rolling over it in a heavy storm. That's when you can claim that it works.

    Old code also leads to permanent compatibility issues. The PHP of 2013 is very different from the PHP of 1999. Many features were removed, many were added. If your code doesn't keep up to this, it's condemned to death. You may keep it alive for a while by deferring the PHP update (risking the security of your server), but sooner or later it will stop working.

    So I can only encourage you to write your own code. Programming a guest book is not difficult. And if you have any talent, your code will be much better than 99% of what you find online.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2009
    Posts
    45
    Rep Power
    47
    Originally Posted by Jacques1
    First of all: Great reaction. Many people get offended by criticism or come up with all kinds of lame excuses for why they keep the code. But you're obviously open for suggestions.

    In general, there's nothing wrong with using code from somebody else. We all do that, because we didn't write PHP or its libraries. The problem is that most of the free-floating code you'll find online is incredibly poor. It's outdated, or it's insecure, or it's simply badly written. And sometimes it's all at the same time.

    Unfortunately, it's not enough for code to kinda sorta "work". The Internet is a hostile environment. Many programmers don't realize this. They write code for friendly users who only do what they're supposed to do. But the Internet is full of frustrated kids, professional criminals and dumb people. Does your current script still "work" if confronted with this kind of user? I don't think so.

    My teacher used to call this "The panzer test": It's not enough for a bridge to hold some walkers on a sunny day. It must survive a tank rolling over it in a heavy storm. That's when you can claim that it works.

    Old code also leads to permanent compatibility issues. The PHP of 2013 is very different from the PHP of 1999. Many features were removed, many were added. If your code doesn't keep up to this, it's condemned to death. You may keep it alive for a while by deferring the PHP update (risking the security of your server), but sooner or later it will stop working.

    So I can only encourage you to write your own code. Programming a guest book is not difficult. And if you have any talent, your code will be much better than 99% of what you find online.
    Just out of curiosity, how is one supposed to learn PHP without looking at prior written code and seeing what it does? That's how I learned ASP, and after a year I was writing my own scripts, but I could never look at something like:
    PHP Code:
    $yourvariable (resourceinteger
    or whatever (I literally have just started learning this week, hence the nonsensical example) and then know exactly how to use it or where to put it in a script.

    It's like if I were to teach you guitar by merely telling you the chords in a song but not show you how to play the chords, you're not going to figure it out. Am I right?

    Just to avoid yet another brouhahah like the one I started on PHPFreaks, I'm not saying I disagree with you but I think you're just a bit too harsh on someone just starting out by insisting they write their own code right from the get go.

    Comments on this post

    • richpri agrees : Nurchuring new coders should be one of the goals of forums such as this. But I also admire Jacques1's encuraging first sentence quoted in this reply.
  16. #9
  17. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by mystic7
    Just out of curiosity, how is one supposed to learn PHP without looking at prior written code and seeing what it does?
    Who said that you shouldn't look at other code? I didn't.

    You should definitely read code from other programmers and see how they do it. If the code is good, you'll learn a lot from it. But what you should never is do take code you found somewhere on the Internet and upload it to your server.

    The Internet is brimful of bad PHP code. You'll find stuff that hasn't been updated since the 90s. You'll find bad practices and huge security holes. If you upload this code to your server, you have a problem, because now every problem caused by the code will happen on your server. You may not even notice it. Criminals often capture servers in order to use them as "zombies" in a botnet. Your website will still be online, but at the same time the servers is abused for sending spam or doing denial-of-service attacks or whatever.

    Long story short: Make sure you know the security basics and then write your own code.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2009
    Posts
    45
    Rep Power
    47
    Originally Posted by Jacques1
    Who said that you shouldn't look at other code? I didn't.

    You should definitely read code from other programmers and see how they do it. If the code is good, you'll learn a lot from it. But what you should never is do take code you found somewhere on the Internet and upload it to your server.

    The Internet is brimful of bad PHP code. You'll find stuff that hasn't been updated since the 90s. You'll find bad practices and huge security holes. If you upload this code to your server, you have a problem, because now every problem caused by the code will happen on your server. You may not even notice it. Criminals often capture servers in order to use them as "zombies" in a botnet. Your website will still be online, but at the same time the servers is abused for sending spam or doing denial-of-service attacks or whatever.

    Long story short: Make sure you know the security basics and then write your own code.
    OK. See, I don't think that way because I am running Apache, MySQL and PHP off my computer and don't have it online, so I'm not worried about bad code doing bad things just yet.

    And the reason I run other people's code is to see what it does. What I am NOT doing is finding bits and pieces of code to write a website and then charging a customer for it.

    As for richpri, thanks for agreeing and seeing my point of view. So much of what I've learned so far is similar to ASP but there are other aspects which are just blowing my mind right now. At 59 I hope I still have enough brain synapses left to store all this stuff!

IMN logo majestic logo threadwatch logo seochat tools logo