#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2009
    Posts
    2
    Rep Power
    0

    New web host, php form not working


    I changed web hosting companies and now a php form that was working is no longer working. I haven't been able to figure out what the problem is. The form is a simple text input form that adds the text to a database. Every time the user inserts text with a comma, an error occurs. Below is the code for the form. Any help is much appreciated.

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title></title>
    <link href="style.css" rel="stylesheet" type="text/css" />
    </head>

    <body>
    <?php require_once('inc/header.html'); ?>
    <?php 
    require_once('../Connections/websitedatabase.php'); ?>

    <?php
    if (isset($_POST['note'])):

      
    $note $_POST['note'];
      
    $name $_POST['name'];
      
    $id $_POST['id'];
      
    $sql "UPDATE presidentnotes SET
              note='
    $note',
              name='
    $name'
              "
    ;
      if (@
    mysql_query($sql)) {
        echo 
    '<p>The note has been updated.</p>';
      } else {
        echo 
    '<p>Error updating note. Details: ' .
            
    mysql_error() . '</p>';
      }
    ?>
    <?php
    else: 
      
    $presidentnotes = @mysql_query(
          
    "SELECT note, name FROM presidentnotes ");
      if (!
    $presidentnotes) {
        exit(
    '<p>Error fetching note details: ' .
            
    mysql_error() . '</p>');
      }
      
    $presidentnotes mysql_fetch_array($presidentnotes);
      
    $note $presidentnotes['note'];
      
    $name $presidentnotes['name'];

      
    $note mysql_real_escape_string($note);
      
    $name mysql_real_escape_string($name);
    ?>

    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <h1>President's Note on hompage - Edit5</h1>

    <label>Note:<br /> 
      <textarea name="note" cols="100" rows="12"><?php echo $note?></textarea>
    </label><br />
    <label>Name:<br /> <input name="name" type="text" value="<?php echo $name?>" size="40" /></label><br />
    <input type="hidden" name="id" value="<?php echo $id?>" />
    <input type="submit" value="SUBMIT" /></p>
    </form>

    <p>
      <?php endif; ?>

    <p>&nbsp;</p>
    </body>
    </html>
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2003
    Posts
    3,600
    Rep Power
    595
    The first thing you need to do is stop in using the deprecated (for more than a decade) MySQL extensions and switch to PDO and prepared statements. Your web site is open to injection attack so you should consider taking that page down until you get that fixed. In any case your code will break with the next release of PHP.

    The second thing you need to do is post the error. Without knowing what the error is, there is little chance of helping you. Although unlikely, perhaps the obsolete 'mysql_real_escape_string' call is doing something different on the new server. When you use prepared statements you eliminate most issues with query strings that contain MySQL separator characters and key words.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Dec 2004
    Posts
    3,026
    Rep Power
    377
    you can do two things:

    1. do:
    $result = mysql_query($sql) or die (mysqlerror(), mysql_errno()); // google how the mysql errors are given to you

    2. echo out the query on screen and then try it out yourself in MYSQL and see what happens.

    i suspect it may be a ' in your comment and not a ,..

IMN logo majestic logo threadwatch logo seochat tools logo