| Re: combobox [message #177315 is a reply to message #177314] |
Thu, 08 March 2012 13:58   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 3/8/2012 8:27 AM, ecu_jon wrote:
> here is page5
> there is the first 6 lines that set up stuff to connect to db.
> the 4 if isset's get the Post variables from inputpage(above)
> then the mysql insert into db command.
> and it looks like it mangled the longer lines. the sql statement will
> probably come out weird.
> <html>
> <head>
> <link rel="stylesheet" type="text/css" href="mystyle.css" />
> <?php
> $Status = $_POST["Status"];
> $host="localhost"; // Host name
> $username="user"; // Mysql username
> $password="password"; // Mysql password
> $db_name="name"; // Database name
> $tbl_name="name"; // Table name
> mysql_connect("$host", "$username", "$password")or die("cannot
> connect"); //sql connection to db
> mysql_select_db("$db_name")or die("cannot select DB"); //select db sql
> command
> if(isset($_POST['Client'])) $Client = $_POST['Client']; //check if
> value from POST, sev variable to value
> if(isset($_POST["Site"])) $Site = $_POST["Site"];
> if(isset($_POST["Uname"])) $Uname = $_POST["Uname"];
> if(isset($_POST["Uid"])) $Uid = $_POST["Uid"];
> if(isset($_POST["Password"])) $Password = $_POST["Password"];
> mysql_query("INSERT INTO client
> (client, site, user, userid, password, status) VALUES('$Client',
> '$Site', '$Uname', '$Uid', '$Password', '$Status') ")
> or die(mysql_error()); //insert above variables into db
> echo "user added".$Client;
> mysql_close();
> ?>
> <br><br>
> <a href="./login_success.php">Back Home</a>
> </body>
> </html>
>
What a mess.
First of all, as Scott indicated, if you want help, make the effort to
clean up your code. This may mean you actually have to do something
other than cut and paste - that is, you might have to actually put a
little effort into formatting your test.
Also, you never posted the contents of the $_POST superglobal like Scott
asked.
As to your problems. First of all, don't use "or die('message')" in
production code. This will send invalid HTML to the browser (i.e. it
terminates all output in the middle of the page). If the query fails,
handle it gracefully (and perhaps log the error so you can see what
happened later).
Your select box has a name of "option", but you are never referring to
that item on your second page. That's why you're not getting anything.
You're checking to see if $_POST('Client') is set, which is good. But
what happens if it's not set (the same for the rest of your values)?
You're still going to try to insert the data into the database, which
will result in an invalid SQL statement.
Also, try to insert the name "O'Casey". It will fail. ALL strings used
in SQL statements need to be processed by mysql_real_escape_string().
That's a place for you to start, anyway.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]