1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2009
    Rep Power

    New web host, php form not working

    I changed web hosting companies and now a php form that was working is no longer working. I haven't been able to figure out what the problem is. The form is a simple text input form that adds the text to a database. Every time the user inserts text with a comma, an error occurs. Below is the code for the form. Any help is much appreciated.

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link href="style.css" rel="stylesheet" type="text/css" />

    <?php require_once('inc/header.html'); ?>
    require_once('../Connections/websitedatabase.php'); ?>

    if (isset($_POST['note'])):

    $note $_POST['note'];
    $name $_POST['name'];
    $id $_POST['id'];
    $sql "UPDATE presidentnotes SET
      if (@
    mysql_query($sql)) {
    '<p>The note has been updated.</p>';
      } else {
    '<p>Error updating note. Details: ' .
    mysql_error() . '</p>';
    $presidentnotes = @mysql_query(
    "SELECT note, name FROM presidentnotes ");
      if (!
    $presidentnotes) {
    '<p>Error fetching note details: ' .
    mysql_error() . '</p>');
    $presidentnotes mysql_fetch_array($presidentnotes);
    $note $presidentnotes['note'];
    $name $presidentnotes['name'];

    $note mysql_real_escape_string($note);
    $name mysql_real_escape_string($name);

    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <h1>President's Note on hompage - Edit5</h1>

    <label>Note:<br /> 
      <textarea name="note" cols="100" rows="12"><?php echo $note?></textarea>
    </label><br />
    <label>Name:<br /> <input name="name" type="text" value="<?php echo $name?>" size="40" /></label><br />
    <input type="hidden" name="id" value="<?php echo $id?>" />
    <input type="submit" value="SUBMIT" /></p>

      <?php endif; ?>

  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Rep Power
    The first thing you need to do is stop in using the deprecated (for more than a decade) MySQL extensions and switch to PDO and prepared statements. Your web site is open to injection attack so you should consider taking that page down until you get that fixed. In any case your code will break with the next release of PHP.

    The second thing you need to do is post the error. Without knowing what the error is, there is little chance of helping you. Although unlikely, perhaps the obsolete 'mysql_real_escape_string' call is doing something different on the new server. When you use prepared statements you eliminate most issues with query strings that contain MySQL separator characters and key words.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Dec 2004
    Rep Power
    you can do two things:

    1. do:
    $result = mysql_query($sql) or die (mysqlerror(), mysql_errno()); // google how the mysql errors are given to you

    2. echo out the query on screen and then try it out yourself in MYSQL and see what happens.

    i suspect it may be a ' in your comment and not a ,..

IMN logo majestic logo threadwatch logo seochat tools logo