Php - Sql Help - Dev Shed

Dev Shed Forums Sponsor:

November 28th, 2012, 04:07 AM

Aty01

Registered User

Join Date: Nov 2012

Posts: 1

Time spent in forums: 9 m 20 sec
Reputation Power: 0

PHP-General - Php - Sql Help

HI guys

i really need some help can anyone tell me whats wrong with the code below, it can connect to the database but not insert customer

================================

<html>
<head>
<title>Scotia Cruises registration</title>
</head>
<body>
<h1>Member Registration</h1>

<?php
/* example line below should be
$FirstName = $_POST['customer_forename'];
*/
$Title = $_POST['customer_title'];
$FirstName = $_POST['customer_forename'];
$SecondName = $_POST['customer_surname'];
$AddressLine1 = $_POST['customer_address_1'];
$AddressLine2 = $_POST['customer_address_2'];
$Town = $_POST['customer_town'];
$Postcode = $_POST['customer_postcode'];
$Age = $_POST['customer_age'];
$Country = $_POST['customer_country'];
$TelephoneNumber = $_POST['customer_telephone_number'];
$Email = $_POST['customer_email'];
$Password = $_POST['customer_password'];

@ $db = mysql_connect('sql.comp-degree.uhi.ac.uk', '*********', '*********');
if (!$db)
{
echo 'Error: Could not connect to database. Please try again later.';
exit;
}
else
{
mysql_select_db('Siddique');
/* query values should be $title, $FirstName, $SecondName etc
so for example:
insert into 'customer'('customer_title','customer_forename') values ($title,$FirstName)
*/
$query = "insert into customer('customer_title','customer_forename','customer_surname','customer_address_1','customer_addr ess_2','customer_town','customer_postcode','customer_age','customer_country','customer_telephone_num ber','customer_email','customer_password','userlevel') values ($customer_title,$customer_forename,$customer_surname,$customer_address_1,$customer_address_2,$custo mer_town,$customer_postcode,$customer_age,$customer_country,$customer_telephone_number,$customer_ema il,$customer_password,user)";
$result = mysql_query($query);
if ($result)
echo 'Member inserted';
else
echo 'Did not work';
}
?>
<p>Click <a href="Manage_account.html">here</a> to return to the login page</font></p>
</body>
</html>

November 28th, 2012, 04:51 AM

Jacques1

pollyanna

Join Date: Jul 2012

Location: Germany

Posts: 1,875

Time spent in forums: 1 Month 2 Weeks 2 Days 4 h 4 m 58 sec
Reputation Power: 813

Hi,

for the next time, please do some basic debugging yourself: output the query, execute it in phpmyadmin and see what error message you get. If you can't figure it out yourself, post all this data here in the forum.

Your query is not valid SQL, because you cannot wrap identifiers (table names, column names etc.) in single quotes. You can and must do that with values. So it's exactly the other way round in your INSERT query.

Apart from that, your code is wide open to SQL injections, because you simply dump the POST values into the query string. Anybody could manipulate the query in any way.

Viewing: Dev Shed Forums > Programming Languages > PHP Development > PHP-General - Php - Sql Help

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump