FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » combobox
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: combobox [message #177315 is a reply to message #177314] Thu, 08 March 2012 13:58 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 3/8/2012 8:27 AM, ecu_jon wrote:
> here is page5
> there is the first 6 lines that set up stuff to connect to db.
> the 4 if isset's get the Post variables from inputpage(above)
> then the mysql insert into db command.
> and it looks like it mangled the longer lines. the sql statement will
> probably come out weird.
> <html>
> <head>
> <link rel="stylesheet" type="text/css" href="mystyle.css" />
> <?php
> $Status = $_POST["Status"];
> $host="localhost"; // Host name
> $username="user"; // Mysql username
> $password="password"; // Mysql password
> $db_name="name"; // Database name
> $tbl_name="name"; // Table name
> mysql_connect("$host", "$username", "$password")or die("cannot
> connect"); //sql connection to db
> mysql_select_db("$db_name")or die("cannot select DB"); //select db sql
> command
> if(isset($_POST['Client'])) $Client = $_POST['Client']; //check if
> value from POST, sev variable to value
> if(isset($_POST["Site"])) $Site = $_POST["Site"];
> if(isset($_POST["Uname"])) $Uname = $_POST["Uname"];
> if(isset($_POST["Uid"])) $Uid = $_POST["Uid"];
> if(isset($_POST["Password"])) $Password = $_POST["Password"];
> mysql_query("INSERT INTO client
> (client, site, user, userid, password, status) VALUES('$Client',
> '$Site', '$Uname', '$Uid', '$Password', '$Status') ")
> or die(mysql_error()); //insert above variables into db
> echo "user added".$Client;
> mysql_close();
> ?>
> <br><br>
> <a href="./login_success.php">Back Home</a>
> </body>
> </html>
>

What a mess.

First of all, as Scott indicated, if you want help, make the effort to
clean up your code. This may mean you actually have to do something
other than cut and paste - that is, you might have to actually put a
little effort into formatting your test.

Also, you never posted the contents of the $_POST superglobal like Scott
asked.

As to your problems. First of all, don't use "or die('message')" in
production code. This will send invalid HTML to the browser (i.e. it
terminates all output in the middle of the page). If the query fails,
handle it gracefully (and perhaps log the error so you can see what
happened later).

Your select box has a name of "option", but you are never referring to
that item on your second page. That's why you're not getting anything.

You're checking to see if $_POST('Client') is set, which is good. But
what happens if it's not set (the same for the rest of your values)?
You're still going to try to insert the data into the database, which
will result in an invalid SQL statement.

Also, try to insert the name "O'Casey". It will fail. ALL strings used
in SQL statements need to be processed by mysql_real_escape_string().

That's a place for you to start, anyway.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: which command to use
Next Topic: Parse error: syntax error, unexpected T_VARIABLE
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 00:55:52 GMT 2024

Total time taken to generate the page: 0.04870 seconds