#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2009
    Posts
    204
    Rep Power
    6

    MySql Error localhost


    Howdy. I'm very frustrated with this simple efing problem I've fought for almost 2 hours and I just don't get it. I need another pair of eyes if you don't mind.

    Created a database with one table to store youtube embed code. Was just a passing thought for fun.
    Please don't pick on the getto html code as It's no production worthy. There is something in the connection string that I'm not seeing.
    Here is the connect string and the form.
    PHP Code:
    <?php 
    $name 
    'youtube_collection';     $user 'root';     $pw '';     $host 'localhost';          $link mysql_connect($name$user$pw,  $host);     if (!$link) {         die("Cannot connect: " mysql_error());     } else {         echo "Connected to MySql successfull<br />";     }     ?>
    PHP Code:
    <?php include 'conn.php';  if(isset($_POST['title'])) {     $video_title mysql_real_escape_string($_POST['title']);     $ytDB $_POST['youtube_collection'];         $secureYT htmlentities($ytDB);         if(!$video_title || $ytDB) {             echo "Please enter a title";         }else{             $sql mysql_query("INSERT INTO youtube_collection(yt_user_name, embed_code, publish_date, title) VALUES('$secureYT', '$video_title')" or die(mysql_error()));                 echo "Video collected";          }     }     echo '<form action="" method="post">   <fieldset>   <legend>Subscription info</legend>     <label for="name">Username:</label>     <input type="text" name="name" id="name" />     <br />     <label for="title">Title:</label>     <input type="text" name="title" id="mail" />     <br />     <label for="embed_code">Paste code here:</label>     <input type="text" name="code" />     <br />     <label for="address">Published Date:</label>     <input name="published_date" />     <input type="submit" value="submit">   </fieldset> </form>' ?>
    thanks for your help
    From the Movie Phenomenon

    George Malley: Specifics, Bob
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    this mysql_* stuff is obsolete since 10 years. If you had an up-to-date PHP version, you'd be getting warnings all over the place.

    How to properly access a MySQL database with PHP [this is a link]

    Apart from that, I have no idea what you're doing there:

    • The way you call mysql_connect() does not and has never existed. You've somehow made this up in your mind instead of checking the manual for the real parameters.
    • Using htmlentities() for the SQL values (what?) gets you a nice SQL injection vulnerability.
    • You declare 4 values to be inserted, and then you only insert 2 values. Again: What?

    Instead of writing down random stuff and then spending 2 hours trying to fix it, why don't you take 15 minutes of your time to get the code right from the beginning?

    Read up on PDO (the link above) and then carefully write your code statement by statement. Test each statement before you move on. Use the PHP manual to find out how a particular method works.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2009
    Posts
    204
    Rep Power
    6
    Originally Posted by Jacques1
    Hi,

    this mysql_* stuff is obsolete since 10 years. If you had an up-to-date PHP version, you'd be getting warnings all over the place.

    How to properly access a MySQL database with PHP [this is a link]

    Apart from that, I have no idea what you're doing there:

    • The way you call mysql_connect() does not and has never existed. You've somehow made this up in your mind instead of checking the manual for the real parameters.
    • Using htmlentities() for the SQL values (what?) gets you a nice SQL injection vulnerability.
    • You declare 4 values to be inserted, and then you only insert 2 values. Again: What?

    Instead of writing down random stuff and then spending 2 hours trying to fix it, why don't you take 15 minutes of your time to get the code right from the beginning?

    Read up on PDO (the link above) and then carefully write your code statement by statement. Test each statement before you move on. Use the PHP manual to find out how a particular method works.
    Thank you for the link and the chastisement! Your absolutely correct. I'm just learning and was using code from a youtube vidio. I'll get to the manual, the link and the MySql site and do it right. Cheers!
    From the Movie Phenomenon

    George Malley: Specifics, Bob
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Cool.

    Note that a lot of the PHP "tutorials" out there are just terrible. They're written by people who don't have the slightest clue about PHP. All they do is copy the copy of the copy of the copy ... of some crap code from the 90s.

    If you're lucky, the code will simply crash. If you have less luck, you'll end up with a bunch of security holes waiting to be exploited by the next best script kiddie.

    So don't run arbitrary PHP code you found somewhere on the Internet -- just like you wouldn't execute an arbitrary .exe file (I hope). If you use secondary sources, always check them with primary sources like the manual and make sure the code is secure and up-to-date.

    For example, the manual has a big red warning sign on all mysql_* function pages. So you would have found out very quickly that this is wrong.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo