|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| ||||||||||||||||||||||||||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
June 30th, 2009, 04:15 PM
|
|||
|
|||
|
Mysql Database not working>?
Hello; I'm a newbie at Mysql and I need your help. I'm creating a database with a table. Inside my table I have 7 fileds. I'm able to see the database when I do SHOW DATABASES; I see the table is there as well.
In PHP i wrote a script to connect to the database as below: [code] </style> <form action="insert.php" method="post"> First Name <input type="text" name="first"><br> Last Name <input type="text" name="last"><br> E-mail <input type="text" name="mail"><br> Fax <input type="text" name="fax"><br> Tel <input type="text" name="tel"><br> Company <input type="text" name="company"><br> <input type="submit" name="Send"><br> </form> <? $user="root"; $password="xxxxxxxxxxxxx"; $database="mydatabasename"; $first=$_POST['first'] $last=$_POST['last'] $mail=$_POST['mail'] $fax=$_POST['fax'] $tel=$_POST['tel'] $company=$_POST['company'] mysql_connect(localhost,$user,$password); @mysql_select_db($database) or die("unable to select database"); $query= 'INSERT INTO contacts VALUES (",'$first','$last','$mail','$fax','$tel','$company')"; mysql_query($query); mysql_close(); ?> I have a "wamp" setup so I go to "localhost/insert.php" to view this file; I fill out the information and press submit and nothing happens... I changed the password to see if I get "unable to connect" error and nothing happens. Can someone please help me. Thanks in advance 
|
|
#2
June 30th, 2009, 06:46 PM
|
||||
|
||||
|
Three things, the first being your INSERT syntax is dependant on he version of mySQL you're running, only the most recent few versions allow your to skip specidying the column names, so long as the number and order are correct. The safest bet is to specify your column names explicitly, ie:
Code:
INSERT INTO contacts (id, first, last, mail, fax, tel, company) VALUES ('','$first','$last','$mail','$fax','$tel','$company')
The second issue is your PHP syntax for specifying the string is way out of whack, with mismatched quotes. Correcting what is written would yeild: Code:
$query= "INSERT INTO contacts VALUES ('','$first','$last','$mail','$fax','$tel','$company')";
Thirdly, a more advanced issue, is your code is terribly insecure. You are not checking any of the form inputs to see if they are correct. For example, if I wanted to be a very mean person I would pull a "Johnny Tables" and fill in my first name as "John';DROP TABLE contacts;--". This essentially truncates your query and runs my code to drop the contacts table from your database, or pretty much anything I wanted. To protect yourself from such shenanigans you should get in the habit of checking the form inputs when you are pulling them from the $_GET, $_POST, and $_REQUEST arrays. Enforce maximum lengths, strip out or replace special characters, check that numbers are numbers, etc. Also, if you find a query is not doing what it is supposed to use the mysql_error() function to retrieve any error info that may have been generated by the last query. http://us3.php.net/manual/en/function.mysql-error.php
__________________
|
|
#3
July 2nd, 2009, 11:33 AM
|
|||
|
|||
|
Thank you for your help; I think I will have to read up some more; I'm still having issues connecting to Mysql using PHP; i'm not sure if there anything else I have to tweak in the wamp settings.
Thanks mamut
|
|
| Viewing: Dev Shed Forums > Programming Languages > PHP Development > Mysql Database not working>? |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
