Go Back   Forum Care Forums > Development Reference Area > Php Development
Reload this Page Re: [PHP] Cant set info in DB...HELP

Reply
 
LinkBack Thread Tools Display Modes
Re: [PHP] Cant set info in DB...HELP
Old
  (#1)
Stut
Guest
 
Posts: n/a
Default Re: [PHP] Cant set info in DB...HELP - 06-04-2007, 01:37 AM
Please include the list on all replies.

K.Hayes wrote:
> I don't know if I'm escaping the 'vars correctly'. If I'm wrong can you
> give me an example?
<snip>
> $sql_query = "INSERT INTO contestants (conName, conAddress, conCity,
> conState, conZip, conPhone, schName, schAddress, schCity, schState, schZip,
> strName, strCity, strState) VALUES('$regName', '$regAddress', '$regCity',
> '$regState', '$regZip', '$regPhone', '$sclName', '$sclName', '$sclCity',
> 'sclState', '$sclZip', '$stoName', '$stoCity', '$stoState')";
>
> $insert_query = mysqli_real_escape_string($connection, $sql_query);
>
> mysqli_query($connection,$insert_query); ?>

No, this is not the right way. I suggest you read the manual page on
mysqli_real_escape_string (http://php.net/mysqli_real_escape_string).
You need to run it on every variable you are using *in* the SQL query,
not on the SQL query itself.

Google for a php mysqli tutorial - all this stuff is very basic and
should be covered by most tutorials you'll find.

-Stut
   
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote

Re: [PHP] Cant set info in DB...HELP
Old
  (#2)
K. Hayes
Guest
 
Posts: n/a
Default Re: [PHP] Cant set info in DB...HELP - 06-04-2007, 01:37 AM
What "lists" are you referring to? Also this is how the examples show I've
seen.

I know this is basic general stuff but I try many times before posting, and
I have followed all directions given.

So this is what I did, and nothing is set DB still :-(

===========================NEW CODE=========================================
$regName = trim(strip_tags($_POST['conName'])); $regAddress =
trim(strip_tags($_POST['conAddress']));
$regCity = trim(strip_tags($_POST['conCity'])); $regState =
trim(strip_tags($_POST['conState']));
$regZip = trim(strip_tags($_POST['conZip'])); $regPhone =
trim(strip_tags($_POST['conPhone']));

$sclName = trim(strip_tags($_POST['schName'])); $sclAddress =
trim(strip_tags($_POST['schAddress']));
$sclCity = trim(strip_tags($_POST['schCity'])); $sclState =
trim(strip_tags($_POST['schState']));
$sclZip = trim(strip_tags($_POST['schZip']));

$stoName = trim(strip_tags($_POST['strName'])); $stoCity =
trim(strip_tags($_POST['strCity']));
$stoState = trim(strip_tags($_POST['strState']));
//==============================Begin dbPopulation of Form
info============================================== =

$dbserver = "localhost"; // This will be where server name goes
$dbuser = "root"; // This will be where username goes
$dbp***word = ""; // This will be where p***word goes
$dbname = "theDB"; // This will be where database name goes
$connection = mysqli_connect($dbserver, $dbuser, $dbp***word, $dbname) or
die (mysqli_error($connection));

$regName = mysqli_real_escape_string($connection, $regName);
$regAddress = mysqli_real_escape_string($connection, $regAddress);
$regCity = mysqli_real_escape_string($connection, $regCity);
$regState = mysqli_real_escape_string($connection, $regState);
$regZip = mysqli_real_escape_string($connection, $regZip);
$regPhone = mysqli_real_escape_string($connection, $regPhone);
$sclName = mysqli_real_escape_string($connection, $sclName);
$sclAddress = mysqli_real_escape_string($connection, $sclAddress);
$sclCity = mysqli_real_escape_string($connection, $sclCity);
$sclState = mysqli_real_escape_string($connection, $sclState);
$sclZip = mysqli_real_escape_string($connection, $sclZip);
$stoName = mysqli_real_escape_string($connection, $stoName);
$stoCity = mysqli_real_escape_string($connection, $stoCity);
$stoState = mysqli_real_escape_string($connection, $stoState);

$sql_query = "INSERT INTO contestants (conName, conAddress, conCity,
conState, conZip, conPhone, schName, schAddress, schCity, schState, schZip,
strName, strCity, strState) VALUES('$regName', '$regAddress', '$regCity',
'$regState', '$regZip', '$regPhone', '$sclName', '$sclAddress', '$sclCity',
'$sclState', '$sclZip', '$stoName', '$stoCity', '$stoState')";

mysqli_query($connection,$sql_query); ?>
===========================END NEW CODE=====================================


----- Original Message -----
From: "Stut" <EMAIL REMOVED>
To: "K.Hayes" <EMAIL REMOVED>
Cc: "php-general" <php-EMAIL REMOVED>
Sent: Saturday, June 02, 2007 9:52 PM
Subject: Re: [php] Cant set info in DB...HELP


> Please include the list on all replies.
>
> K.Hayes wrote:
>> I don't know if I'm escaping the 'vars correctly'. If I'm wrong can you
>> give me an example?
> <snip>
>> $sql_query = "INSERT INTO contestants (conName, conAddress, conCity,
>> conState, conZip, conPhone, schName, schAddress, schCity, schState,
>> schZip,
>> strName, strCity, strState) VALUES('$regName', '$regAddress', '$regCity',
>> '$regState', '$regZip', '$regPhone', '$sclName', '$sclName', '$sclCity',
>> 'sclState', '$sclZip', '$stoName', '$stoCity', '$stoState')";
>> $insert_query = mysqli_real_escape_string($connection, $sql_query);
>>
>> mysqli_query($connection,$insert_query); ?>
>
> No, this is not the right way. I suggest you read the manual page on
> mysqli_real_escape_string (http://php.net/mysqli_real_escape_string). You
> need to run it on every variable you are using *in* the SQL query, not on
> the SQL query itself.
>
> Google for a php mysqli tutorial - all this stuff is very basic and should
> be covered by most tutorials you'll find.
>
> -Stut
   
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Re: [PHP] Cant set info in DB...HELP
Old
  (#3)
Stut
Guest
 
Posts: n/a
Default Re: [PHP] Cant set info in DB...HELP - 06-04-2007, 01:37 AM
K. Hayes wrote:
> What "lists" are you referring to? Also this is how the examples show
> I've seen.

I mean hit "Reply to all" in your mail client. That way you include the
email address of the PHP General mailing list so everyone, including the
archives, can see your reply.

> I know this is basic general stuff but I try many times before posting,
> and I have followed all directions given.

Change the following line...

> mysqli_query($connection,$sql_query); ?>

to...

mysqli_query($connection,$sql_query)
or die("Query failed: ".mysqli_error($connection);

If you still get no output, check error_reporting and display_errors in
your php.ini file to make sure you are seeing at least errors and warnings.

-Stut

> ===========================END NEW
> CODE=====================================
>
>
> ----- Original Message ----- From: "Stut" <EMAIL REMOVED>
> To: "K.Hayes" <EMAIL REMOVED>
> Cc: "php-general" <php-EMAIL REMOVED>
> Sent: Saturday, June 02, 2007 9:52 PM
> Subject: Re: [php] Cant set info in DB...HELP
>
>
>> Please include the list on all replies.
>>
>> K.Hayes wrote:
>>> I don't know if I'm escaping the 'vars correctly'. If I'm wrong can you
>>> give me an example?
>> <snip>
>>> $sql_query = "INSERT INTO contestants (conName, conAddress, conCity,
>>> conState, conZip, conPhone, schName, schAddress, schCity, schState,
>>> schZip,
>>> strName, strCity, strState) VALUES('$regName', '$regAddress',
>>> '$regCity',
>>> '$regState', '$regZip', '$regPhone', '$sclName', '$sclName', '$sclCity',
>>> 'sclState', '$sclZip', '$stoName', '$stoCity', '$stoState')";
>>> $insert_query = mysqli_real_escape_string($connection, $sql_query);
>>>
>>> mysqli_query($connection,$insert_query); ?>
>>
>> No, this is not the right way. I suggest you read the manual page on
>> mysqli_real_escape_string (http://php.net/mysqli_real_escape_string).
>> You need to run it on every variable you are using *in* the SQL query,
>> not on the SQL query itself.
>>
>> Google for a php mysqli tutorial - all this stuff is very basic and
>> should be covered by most tutorials you'll find.
>>
>> -Stut
   
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Re: [PHP] Cant set info in DB...HELP
Old
  (#4)
Tijnema
Guest
 
Posts: n/a
Default Re: [PHP] Cant set info in DB...HELP - 06-04-2007, 01:37 AM
On 6/3/07, Stut <EMAIL REMOVED> wrote:
> K. Hayes wrote:
> > What "lists" are you referring to? Also this is how the examples show
> > I've seen.
>
> I mean hit "Reply to all" in your mail client. That way you include the
> email address of the PHP General mailing list so everyone, including the
> archives, can see your reply.
>
> > I know this is basic general stuff but I try many times before posting,
> > and I have followed all directions given.
>
> Change the following line...
>
> > mysqli_query($connection,$sql_query); ?>
>
> to...
>
> mysqli_query($connection,$sql_query)
> or die("Query failed: ".mysqli_error($connection);

you're missing a ) here, it should be:
mysqli_query($connection,$sql_query)
or die("Query failed: ".mysqli_error($connection))

Tijnema
>
> If you still get no output, check error_reporting and display_errors in
> your php.ini file to make sure you are seeing at least errors and warnings.
>
> -Stut
>
> > ===========================END NEW
> > CODE=====================================
> >
> >
> > ----- Original Message ----- From: "Stut" <EMAIL REMOVED>
> > To: "K.Hayes" <EMAIL REMOVED>
> > Cc: "php-general" <php-EMAIL REMOVED>
> > Sent: Saturday, June 02, 2007 9:52 PM
> > Subject: Re: [php] Cant set info in DB...HELP
> >
> >
> >> Please include the list on all replies.
> >>
> >> K.Hayes wrote:
> >>> I don't know if I'm escaping the 'vars correctly'. If I'm wrong can you
> >>> give me an example?
> >> <snip>
> >>> $sql_query = "INSERT INTO contestants (conName, conAddress, conCity,
> >>> conState, conZip, conPhone, schName, schAddress, schCity, schState,
> >>> schZip,
> >>> strName, strCity, strState) VALUES('$regName', '$regAddress',
> >>> '$regCity',
> >>> '$regState', '$regZip', '$regPhone', '$sclName', '$sclName', '$sclCity',
> >>> 'sclState', '$sclZip', '$stoName', '$stoCity', '$stoState')";
> >>> $insert_query = mysqli_real_escape_string($connection, $sql_query);
> >>>
> >>> mysqli_query($connection,$insert_query); ?>
> >>
> >> No, this is not the right way. I suggest you read the manual page on
> >> mysqli_real_escape_string (http://php.net/mysqli_real_escape_string).
> >> You need to run it on every variable you are using *in* the SQL query,
> >> not on the SQL query itself.
> >>
> >> Google for a php mysqli tutorial - all this stuff is very basic and
> >> should be covered by most tutorials you'll find.
> >>
> >> -Stut

>
   
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Re: [PHP] Cant set info in DB...HELP
Old
  (#5)
kvigor
Guest
 
Posts: n/a
Default Re: [PHP] Cant set info in DB...HELP - 06-04-2007, 01:37 AM
Thanks All.

Made the changes and just like Ambien it worked like a Dream.

I found out that I had a typo in my DB and missing ")" I corrected it. All
is well.


"Tijnema" < wrote in message
news:d8269d910706030336i56fa2d23pe024e58b867bbcd6@ mail.gmail.com...
> On 6/3/07, Stut <EMAIL REMOVED> wrote:
>> K. Hayes wrote:
>> > What "lists" are you referring to? Also this is how the examples show
>> > I've seen.
>>
>> I mean hit "Reply to all" in your mail client. That way you include the
>> email address of the PHP General mailing list so everyone, including the
>> archives, can see your reply.
>>
>> > I know this is basic general stuff but I try many times before posting,
>> > and I have followed all directions given.
>>
>> Change the following line...
>>
>> > mysqli_query($connection,$sql_query); ?>
>>
>> to...
>>
>> mysqli_query($connection,$sql_query)
>> or die("Query failed: ".mysqli_error($connection);
>
> you're missing a ) here, it should be:
> mysqli_query($connection,$sql_query)
> or die("Query failed: ".mysqli_error($connection))
>
> Tijnema
>>
>> If you still get no output, check error_reporting and display_errors in
>> your php.ini file to make sure you are seeing at least errors and
>> warnings.
>>
>> -Stut
>>
>> > ===========================END NEW
>> > CODE=====================================
>> >
>> >
>> > ----- Original Message ----- From: "Stut" <EMAIL REMOVED>
>> > To: "K.Hayes" <EMAIL REMOVED>
>> > Cc: "php-general" <php-EMAIL REMOVED>
>> > Sent: Saturday, June 02, 2007 9:52 PM
>> > Subject: Re: [php] Cant set info in DB...HELP
>> >
>> >
>> >> Please include the list on all replies.
>> >>
>> >> K.Hayes wrote:
>> >>> I don't know if I'm escaping the 'vars correctly'. If I'm wrong can
>> >>> you
>> >>> give me an example?
>> >> <snip>
>> >>> $sql_query = "INSERT INTO contestants (conName, conAddress, conCity,
>> >>> conState, conZip, conPhone, schName, schAddress, schCity, schState,
>> >>> schZip,
>> >>> strName, strCity, strState) VALUES('$regName', '$regAddress',
>> >>> '$regCity',
>> >>> '$regState', '$regZip', '$regPhone', '$sclName', '$sclName',
>> >>> '$sclCity',
>> >>> 'sclState', '$sclZip', '$stoName', '$stoCity', '$stoState')";
>> >>> $insert_query = mysqli_real_escape_string($connection, $sql_query);
>> >>>
>> >>> mysqli_query($connection,$insert_query); ?>
>> >>
>> >> No, this is not the right way. I suggest you read the manual page on
>> >> mysqli_real_escape_string (http://php.net/mysqli_real_escape_string).
>> >> You need to run it on every variable you are using *in* the SQL query,
>> >> not on the SQL query itself.
>> >>
>> >> Google for a php mysqli tutorial - all this stuff is very basic and
>> >> should be covered by most tutorials you'll find.
>> >>
>> >> -Stut
>
>>
   
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




Contact Us - Forum Care Forums - Archive - Top
All Content Copyright © 2008 forumcare.com | Powered by: vBulletin © 2000 - 2009, Jelsoft Enterprises Ltd. | SEO by vBSEO ©2008, Crawlability, Inc.