|
PHP - Post Variables In Mysql_query Failing
This works:
$result = mysql_query("SELECT * FROM mydatabase WHERE username = 'billybob'"); This does not: $user = "billybob" $result = mysql_query("SELECT * FROM mydatabase WHERE username = $user"); Shouldn't these be identical? If I echo $user, I get, of course, "billybob", so does anyone know why the variable isn't working in the query itself? Similar TutorialsHello dear friends, say i've form with 2 variables which i want to post to another file file 1 Code: [Select] <script type="text/javascript"> // <![CDATA[ $(document).ready(function(){ $('#loader').hide(); $('#inner').children().click(function(){ var a = $(this).attr("name"); $.post("rating.php?value="+a,{}, function(response){ $('#inner').fadeOut(); $('#inner').html(unescape(response)); $('#inner').fadeIn(); setTimeout("hideMesg();", 2000); }); }); }); function hideMesg(){ $('.rating_message').fadeOut(); $.post("rating.php?show=1", {}, function(response){ $('#inner').html(unescape(response)); $('#inner').fadeIn('slow'); }); } // ]]> </script> this will post the following ( the value of name ) Code: [Select] <div class="rating_dis" name="<?php echo $k?>" id="<?=$id?>"> </div> but i want it also to post the value of the (id) here is the second file which should get the name Code: [Select] if($_REQUEST['value']){ $name = $_REQUEST['value']; $query = "insert into rating (rated, channelid) values ('$name', '$idz')"; mysql_query( $query); } so the problem is how to send from file 1 to file 2 both the (name) and (id) how to double this ? Code: [Select] var a = $(this).attr("name"); $.post("rating.php?value="+a,{}, to be also Code: [Select] var a = $(this).attr("id"); $.post("rating.php?any="+a,{}, then i can get it from file 2 easily get both. thank you I have a form that is producing the following : Array ( [formID] => 3154008308 [q1_applicationDate] => Array ( [month] => 11 [day] => 15 [year] => 2010 ) [q4_fullName4] => Array ( [first] => TOM [last] => STONE ) [q5_email] => TSTONE@YAHOO.COM [q6_address6] => Array ( [addr_line1] => 325 E LINCOLN [addr_line2] => [city] => GENESEE [state] => NY [postal] => 33256 [country] => United States ) [q38_selectProvider38] => Sprint [q39_selectPlan] => Individual [website] => [simple_spc] => 3154008308-3154008308 ) HOW do I automatically get each item above into it's own PHP variable? The page that receives this Array is the second page of a 3 or 4 page form. I need to send the above information on through the remainder of the form?? Would appreciate any help! Thanks! I have sort of an odd request. I wish make a POST to roblox.com with the Xsrf token, let me give you what code might help then ill explain more.
So, I need to parse the page http://www.roblox.co...spx?gid=1039951 to get
the token, which is between the (' ') below (this is taken from the site, as an example and the token changes each time the page refreshes/changes.
<script type="text/javascript">Roblox.XsrfToken.setToken('IVzHt8XOUJpy');</script>
After you get the token, I need to make a post with that token to http://www.roblox.co...nge-member-rank with the variables:
groupId=
newRoleSetId= ,
targetUserId= ,
X-CSRF-TOKEN: IVzHt8XOUJpy,
X-Requested-With: XMLHttpRequest
I also might need to log in?
which I think is done like so:
POST https://m.roblox.com/Login HTTP/1.1
Host: m.roblox.com
Content-Length: 29
Content-Type: application/json
{"username":"","password":""}
but I am not sure, that is just something I found during my research. I know this is possible, I have seen it done multiple times in the past, and I think I have something going... Just not sure how to put it all together...
All of my form POST data (from multiple forms) is managed through a file called formdata.php. Formdata.php and check_input() performs trim/stripslashes/htmlspecialchars etc on the posted variables. (it also indirectly calls relevant database functions such as insert or select). What is the correct way to add all of the variables to an array so that I can so that I can pass the array(ofvariables) to a function. ie the checked variables (only a few of them): Code: [Select] $subject = check_input($_POST['subject']); $repphone = check_input($_POST['repphone']); $repfirstname = check_input($_POST['repfirstname']); $replastname = check_input($_POST['replastname']); $streetnum = check_input($_POST['streetnum']); $streetname = check_input($_POST['streetname']); $suburb = check_input($_POST['suburb']); $postcode = check_input($_POST['postcode']); there will be many subjects and many more variables so instead of listing the variables such as: Code: [Select] function post_to_table(){ // variables global $subject;, $streetnum, $streetname, $suburb, $postcode; global $repphone, $repfirstname, $replastname; if ($subject === "specifiedsubject"){ post_to_appropriate_table($streetnum, $streetname, $suburb, $postcode, $repphone, $repfirstname, $replastname); } I would rather use an array instead of passing each variable individually: Code: [Select] function post_to_appropriate_table ($streetnum, $streetname, $suburb, $postcode $repphone, $repfirstname, $replastname) { global $database; $sql = "INSERT INTO incident ("; $sql .= "streetnum, "; $sql .= "streetname, "; $sql .= "suburb, "; $sql .= "postcode, "; $sql .= "repphone, "; $sql .= "repfirstname, "; $sql .= "replastname"; $sql .= ") "; $sql .= "VALUES ("; $sql .= "'{$streetnum}', "; $sql .= "'{$streetname}', "; $sql .= "'{$suburb}', "; $sql .= "'{$postcode}', "; $sql .= "'{$repfirstname}', "; $sql .= "'{$replastname}'"; $sql .= ") "; // echo $sql; //for debugging if required; return $database->query($sql); } how can I ditch the ever growing list of variables and use an array? Thanks. Code: [Select] <?php if(isset($_POST['submit'])) { $drop = mysql_real_escape_string($_POST['drop_1']); $tier_two = mysql_real_escape_string($_POST['Subtype']); $Name = mysql_real_escape_string($_POST["Name"]); $Phone = mysql_real_escape_string($_POST["Phone"]); $Email = mysql_real_escape_string($_POST["Email"]); $Postcode = mysql_real_escape_string($_POST["Postcode"]); $Website = mysql_real_escape_string($_POST["Website"]); if($Name == '') { ....... ?> Could I remove this code and use the below code and still have the same effect? Code: [Select] <?php if(isset($_POST['submit'])) { foreach ($_POST as $key => $value) { $_POST[$key] = mysql_real_escape_string($value); } ?> what I am trying to accomplish is for the user to select the state they wish, hit submit. At this point another form should show asking which county based on the state they picked, then hit search. At this point, I'm having an issue having the state variable being passed to the 2nd form also having the state they selected stay selected. <?php $default = "Step 1. Pick Your State"; $select = "<option name='statebox'>$default</option>"; echo "<br/><form method='POST' action=".$_SERVER['PHP_SELF']." >"; echo "<select name='search'>"; echo "$select"; /////////////////////////////////////////////////////////////// //Connect to the database include_once 'phpforms/connect.php'; $sql = mysql_query("SELECT * FROM states"); while($row = mysql_fetch_array($sql)){ $state = $row['states']; echo "<option name='statebox'>$state</option>"; }//End While /////////////////////////////////////////////////////////////// echo "</select>"; echo "<input align='left' type='submit' name='stateboxbutton' value='Ok'> "; echo "</form>"; echo "</td>"; echo "<td>"; if(isset($_POST['stateboxbutton'])){ $statesearch = $_POST['statebox']; $selected = $_POST['statebox']; $select = "<option name='statebox'>$selected</option>"; echo "<br/><form action='../search-results.php' method='POST'>"; echo "<select name='search'>"; echo "<option name='default'>Step 2. Pick Your County</option>"; /////////////////////////////////////////////////////////////// //Connect to the database include_once 'phpforms/connect.php'; $sql = mysql_query("SELECT * FROM counties WHERE state LIKE '$statesearch'"); while($row = mysql_fetch_array($sql)){ $co = $row['counties']; echo "<option name='county'>$co</option>"; }//End While /////////////////////////////////////////////////////////////// echo "</select>"; echo "<input align='left' type='submit' name='button' value='Search'> "; echo "</form>"; }else{ }//End Else ?> Hello, I need to do the following: I have 2 forms on two different pages: Form 1: Name, Email, Phone Form 2: Name, Email, Phone, Address, etc. 1. User fills out Form 1, presses submit 2. Form 1 gets processed and I receive an email with the visitors Name, Email, Phone 3. After the Form has been processed I need to redirect the visitor to a new page (Form 2) 4. When Form 2 loads, fill in the form with the posted variables (Name, Email, Phone) from the previous process Here is my code: Form 1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> </head> <body> <form method="post" action="process_form.php"> <input type="text" name="name" /> <input type="text" name="email" /> <input type="text" name="phone" /> <input type="submit" name="submit" value="submit" /> </form> </div> </body> </html> process_form.php <?php $name = $_POST['name']; $email = $_POST['email']; $phone = $_POST['phone']; $to = 'email@provider.com'; $subject = "Contact Form"; $message = "Contact Information\r\n" ."$name\r\n" ."$email\r\n" ."$phone\r\n\"; $headers = "From: $email\r\n"; mail($to, $subject, $message, $headers); // Redirect header("Location: http://www.domain.com/form2/"); ?> Form 2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> </head> <body> <form method="post" action="process_form_2.php"> <input type="text" name="name" /> <input type="text" name="email" /> <input type="text" name="phone" /> <input type="text" name="address" /> <input type="text" name="city" /> <input type="text" name="state" /> . . . <input type="submit" name="submit" value="submit" /> </form> </div> </body> </html> The form does get processed and I do get an email with the visitor's info. But I'm not able to pass on the variables from From1 to Form2. Thank you in advance. Hi all, Thanks for reading. I'm developing my first website with user registration, login, and account settings, and I was wondering what the best way would be to prevent the site from security flaws, SQL injection, etc. I've read up on it, but, as an example, would the following be suitable? Code: [Select] $username = trim(stripslashes(mysql_real_escape_string($_POST['username']))); I guess what I'm asking is, is the above normal? Is there a simpler way to make input from the user secure? Thank you. I'm stuck at trying to figure out out to complete the 3 Step scripts to accomplish passing $variables between 2 different servers. Since there will actually be 12 Non-POST $variables involved in the SERVER #1 to SERVER #2 transfer , it doesn't appear that trying to put these all in a URL string and going the 'GET' route is practical.
I'm just using 3 short test variables in the examples. My eyeballs started rolling within I ran across something about 'CURL' that might be a necessary part of the solution?
The code I have been able to hammer out so far is below as STEP 1, STEP 2 and STEP 3.
STEP 1
<?php // submit.php // STEP 1 // On (LOCAL) SERVER #1 TO relay $variables to 'process.php' on (REMOTE) SERVER #2 // To submit $variables to directly another destination server script // NOTE: The $variable are NOT the result of Form Input !!! // For login Authenticaion ALL 3 must match db entries on SERVER #2 // NOTE: (Again) The $variables are NOT the result of Form Input !!! $userid = "adam"; $passwd = "eve"; $pscode = "peterpan"; // NOTE: (Again) The $variable are NOT the result of Form Input !!! // These $variables are needed for MySQL db INSERT on the destination URL server // For testing simplicity (actual data will be 12 $variables) $a = "apple"; $b = "banana"; $u = "1234567; // // Not sure if something called 'CURL' is needed here ??? // $submit_to_url = http://www.blahblah.com/process.php"; ?>STEP 2
<?php
// processor.php
// STEP 2
// ON SERVER #2 TO RECEIVE DATA DIRECTLY FROM SERVER #1 'submit.php'
// To receive and process the $variables into a MySQL db on SERVER #2
// NOTE: The $variables are NOT the result of Form Input !!!
// First validate $userid, $passwd & $pscode against `verify` table MySQL records
require '/SERVER_2_securelocation_for_database_connection/secret_mysqli.php';
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//
// Not sure if something called 'CURL' is needed here ???
//
// These login $variables are from submit.php on SERVER #1
$userid
$passwd
$pscode
$sql="SELECT `userid`, `passwd`, `pscode` FROM `verify`
WHERE `userid` = '$userid'" AND `passwd` = '$passwd` AND `pscode` = '$pscode';
$result = mysqli_query($con,$sql);
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
//
// Then some Authentication code if ALL 3 components match
//
// If Authentication = true then $passed = "YES" must sent
// be sent back to the 'finalstep.php' script on SERVER #1
// If Authentication (or connection) = false ... $passed = "NO"
$return_to_url = http://www.blahblah.com/finalstep.php";
// These $variables are from submit.php on SERVER #1
$a = "apple";
$b = "banana";
$u = "1234567";
$sql="INSERT INTO `data` (`a`, `b`, `u`)
VALUES ('$a', '$b', '$u')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
// If $SQL INSERT into `data` on SERVER #2 works ...
// $status = "Pending" must be sent back to the 'finalstep.php'
// script on SERVER #1 for MySQL db Table insertion
// If $SQL INSERT into `data` = false, then $status = "Error"
// NOTE: The '$u' $variable also needs send back to finalstep.php !!!
$return_to_url = http://www.blahblah.com/finalstep.php";
mysqli_close($con);
?>
STEP 3
<?php
// finalstep.php
// STEP 3
// ON SERVER #1 TO RECEIVE DATA DIRECTLY BACK FROM SERVER #2 process.php
// To receive the $passed, $status and $u $variables for final step action
// NOTE: The $variable are NOT the result of Form Input !!!
require '/SERVER_1_securelocation_for_database_connection/secret_mysqli.php';
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// These $variables are from process.php on SERVER #2
$passed
$status
$u
$sql="UPDATE `tracking`
SET `passed` = '$passed',
`status` = '$status'
WHERE `uniqueid` = '$u' ";
$result = mysqli_query($con,$sql);
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
mysqli_close($con);
?>
Thanks very much for any assistance and guidance.
-freakingOUT
This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=315683.0 This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=347360.0 Hi, why won't this work, there is no error messages so it gets to this point, but won't redirect??? (Obviously a lot is missed out here) $query = mysql_query("SELECT * FROM `users` WHERE `username`='$username'"); if ($username==$dbusername&&$password==$dbpassword) { $_SESSION['user'] = $username; while($row = mysql_fetch_array($query)){ $type = $row['Type']; if ($type=="0") { header("Location: chefpanel.php"); }else{ header("Location: restpanel.php"); } } } else $errors[] = 'Password Incorrect'; } else $errors[] = 'Username Incorrect'; OK So I have a quick question... how would I go about making a query like: mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND key='$key' "); You see, theres an error: Quote You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' key='1234' LIMIT 1' at line 1 I know this is a simple issue, and I know you cant keep creating AND's inside the query, but how would I do it? I've never attempted to use more than one AND before, so its new to me even though I'm a experienced PHP Developer. Thanks in advance! Hey guys, I've been playing around with this open source php game, I'm having problems with the registration system. For some reason the script is echoing back that there is no password in the password fields. When in fact there is: Add_player.php: Code: [Select] <?php session_start(); session_register("pid"); include("common.inc"); include("date.inc"); include("header.inc"); dbConnect(); $res = mysql_query("select id from $dbName.pdm_players where name=\"$name\"") or die(mysql_error()); if ($name == "" || $password1 == "") { echo "<center><div class=\"sheader\">Oh dear me!</div> You have to actually enter a name and password!"; $name = ""; include("character_form.inc"); echo "</center>"; include("footer.inc"); return 0; } if ($name == $password1) { echo "<center><div class=\"sheader\">Oh dear me!</div> You can't make the password the same as the name. People will guess your password!"; include("character_form.inc"); echo "</center>"; include("footer.inc"); return 0; } if (strlen($password1) < 6) { echo "<center><div class=\"sheader\">Oh dear me!</div> Passwords must be at least 6 characters, otherwise they are easy to guess!"; include("character_form.inc"); echo "</center>"; include("footer.inc"); return 0; } if (mysql_fetch_row($res)) { echo "<center><div class=\"sheader\">Oh dear me!</div> Player $name already exists, try a different name."; $name = ""; include("character_form.inc"); echo "</center>"; include("footer.inc"); return 0; } if ($password1 != $password2) { echo "<center><div class=\"sheader\">Oh dear me!</div>"; echo "The two passwords didn't match - type carefully now!."; include("character_form.inc"); echo "</center>"; include("footer.inc"); return 0; } echo "<div class=\"sheader\">Registration for $name successful</div>"; $cp = crypt($password1); $dateArray = getdate(time()); $likeNowScoob = $dateArray["year"] . "-" . $dateArray["mon"] . "-" . $dateArray["mday"]; if ($character < 1 || $character > 9) { die("you are an idiot"); } pdm_characters(); $res = mysql_query("select type from $dbName.pdm_characters where cid = $character") or die(mysql_error()); $t = mysql_fetch_row($res); pdm_stuff(); $specRes = mysql_query("select sid from $dbName.pdm_stuff where sid >= 28 and sid <= 33 and type like \"%$t[0]%\"") or die(mysql_error()); $res = mysql_query("BEGIN") or die(mysql_error()); $res = mysql_query("insert into $dbName.pdm_players (name, used, dob, cpass, char_id, roundswon, evo, aWeapon, dWeapon) VALUES (\"$name\", 1, \"$likeNowScoob\", \"$cp\", $character, 0,0,0,0)") or die(mysql_error()); $res = mysql_query("select id from $dbName.pdm_players where name=\"$name\" for update") or die(mysql_error()); $row = mysql_fetch_row($res); $pid = $row[0]; $res = mysql_query("insert into $dbName.pdm_league (id, highest, days_no_1, yesterday, longPoints) VALUES ($pid, 16777215, 0, 16777215, 0)") or die(mysql_error()); $res = mysql_query("insert into $dbName.pdm_stats (id, level, attack, defence, health, speed, exp, ko, healthpercent, fights) VALUES ($pid, 1, 100, 100, 100, 100, 0, 0, 10, 0)") or die(mysql_error()); $res = mysql_query("insert into $dbName.pdm_clanmembers2 (id, clanTag, applyTag, utype) VALUES ($pid, NULL, NULL, '')") or die(mysql_error()); $res = mysql_query("insert into $dbName.pdm_money (id, bank, wallet, bankdate) VALUES ($pid, 0,0, '0000-00-00')") or die(mysql_error()); while ($row = mysql_fetch_row($specRes)) { $res = mysql_query("insert into $dbName.pdm_specials (id, sid, qty, switch) values ($pid, $row[0], 0, 1)") or die(mysql_error()); } $res = mysql_query("COMMIT") or die(mysql_error()); session_register("playerName"); $playerName = stripper($name); echo "<P><diV>Welcome $playerName, click the Fight link down the left to fight your first opponent.</div>"; include("main_screen.inc"); include("footer.inc"); ?> Character_form.inc: Code: [Select] <center> <form method="post" action="add_player.php"> <P> <table cellpadding="0" cellspacing="0"><tr><td align="center"> <?php dbConnect(); pdm_characters();#check HEAP table exists $res = mysql_query("select cid, name, type from $dbName.pdm_characters order by type") or die(mysql_error()); $marker = "X"; $firstOne = 1; $cTypes["A"] = "Alien"; $cTypes["M"] = "Magic"; $cTypes["S"] = "Spirit"; while ($row = mysql_fetch_row($res)) { if ($marker != $row[2]) #new type (alien/magic etc) { if ($marker != "X") { echo "</table>\n"; } $cn = $cTypes[$row[2]]; echo "\n<table cellpadding=\"0\" cellspacing=\"0\" border=1> <tr><td colspan=\"3\" align=\"center\"><div class=\"sheader\"> $cn characters</div></td></tr><tr bgcolor=\"#efefef\">"; $marker = $row[2]; } echo "\n<td><table><tr><td align=center>$row[1]</td></tr><tr><td align=center> <img alt=\"Pick me!\" src=\"images/$row[0]0.gif\"></td></tr><tr> <td align=center><input type=\"radio\" name=\"character\" value=\"$row[0]\""; if ($firstOne and $character == "") { $firstOne = 0; echo " CHECKED "; } if ($character == $row[0]) { echo " CHECKED "; } echo "></td></tr></table></td>"; } echo "</tr></table> <table width=\"551\" cellpadding=0 cellspacing=0><tr><td colspan=\"3\"><div class=\"sheader\">character details</div></td></tr> <tr><td align=\"center\">Name<br><input size=20 maxlength=20 type=text name=\"name\" value = \"$name\"></td>"; ?> <td align="center">Password<br><input type="password" name="password1" size=20 maxlength=20></td> <td align="center">Password again<br><input type="password" name="password2" size=20 maxlength=20></td></tr> <tr><td colspan="3" align="center"><input type="submit" value="Register my character"></td></tr></table> </td></tr></table> <hr> </form> </centER> Anyone able to offer up any advice or where its going wrong, If I remove the validation stuff, it still doesn't insert the user into the database. Cheers I am getting a "mysqli_query() expects parameter 1 to be mysqli, null given" error. the code I am using is below but simplified. connect() does connect to the database without throwing any errors but when I get down to query() I get the above error. public function connect() { mysqli_connect(self::DBHOST, self::DBUSER, self::DBPASS, self::DBNAME); } public function query($query) { mysqli_query(self::connect(), $query); } below is what I am using to call the function. I am not sure if I have to pass the $link in the query function too. I have tried but it didn't seem to do any better. $link = db::connect(); $query = "SELECT name FROM plugins"; db::query($query); I am sure this is something simple that I have overlooked but I am new to this and still learning. Thank you for any help you can provide. Hey Guys, Im having problems with my code. What im trying to do is run a mysql query and show the results, but if the query returns no data, echo out "No incoming requests!" Here is my code: <? $check = "SELECT * FROM requests WHERE club='" . $_SESSION['club'] . "' AND team='" . $_SESSION['team'] . "' AND accepted='0'"; $result=mysql_query($check); if (mysql_num_rows($result) == 0) { while ($getinfo = mysql_fetch_array($result)) { $time = $getinfo["time"]; $who = $getinfo["player_name"]; $whofor = $getinfo["toplayfor"]; $from = $getinfo["team"]; $idp = $getinfo["player_id"]; echo "<a href='profile.php?id=".$idp."&team=".$from."'>".$who." </a><div style='float:right;'>(".$from.")</div><br />"; echo "<div style='margin-top: 2px;'></div>"; echo date('l, F jS, g:ia',$time); echo "<br /><div style='margin-top: 2px;'></div><a href='accept.php?playerid=".$idp."&toplayfor=".$whofor."'>Accept</a> | Decline"; echo "<div id='newsline'></div>"; } } else { echo 'No incoming requests'; } ?> Could someone help me out here? Thanks Heaps! I've got a very simple script that records IP address of every page view. Here is the script: $ip = $_SERVER['REMOTE_ADDR']; $query = "INSERT INTO tracking VALUES ('', '1', '$ip')"; echo $query; echo ("<hr>"); if (mysql_query($query)) { echo ("INSERT OK"); } else { echo ("INSERT failed"); } FYI: the 1st value is "auto_increment" in the DB, therefore blank ('') in the query string, and the 2nd value "1" is just for the page number 1, as this script will be on other pages, with different numbers. Now, when I go to this page, it outputs the query, and hr, and then "INSERT failed" and sure enough, no record gets added to the DB. The strangest thing is, is that when I copy the query that the page shows, and paste it into mysqlPHPadmin's "SQL" section and run it, it executes fine, and a record gets added to the DB, however the page is unable to do that. Any ideas? PS: the connection (which I didn't paste in here) is fine, that's definitely not the problem. I'm hoping someone can help me cos my hair's going white with this one. I'm trying to put together a script that acts as web-based interface to an SQL server. There are actually two parts, admin.htm and admin.php. The first part is just a form that passes login credentials to the PHP file. That part seems to work fine, but I'll post the source anyway: - Code: [Select] <!DOCTYPE HTML> <html lang="en"> <head> <title>SQL admin login</title> <meta charset="iso-8859-1" /> </head> <body> <form action="admin.php" method="post"> <label for="username">Username: -</label> <br /> <input type="text" name="username" id="username" /> <br /> <br /> <label for="password">Password: -</label> <br /> <input type="password" name="password" id="password" /> <br /> <br /> <label for="server">Server: -</label> <br /> <input type="text" name="server" id="server" /> <br /> <br /> <label for="database">Database: -</label> <br /> <input type="text" name="database" id="database" /> <br /> <br /> <input type="submit" value="Login" /> <input type="reset" value="Reset" /> </form> </body> </html> Following is the content of admin.php. By this point I can see the connection in MySQL Workbench, and when I submit the query 'SELECT * FROM subscribers' it's being stored in '$_POST['query']', but 'mysql_query($_POST['query'],$_SESSION['con']);' is returning nothing. There is definitely a record in that table, and the user I'm logging on with has permission to run the 'SELECT' command against this database, so I can't figure out why mysql_query(); is returning nothing: - Code: [Select] <!DOCTYPE HTML> <?php session_start(); if(!$_SESSION['con']) { if(!($_POST['username'] || $_POST['password'])) { if(!($_SESSION['username'] || $_SESSION['password'])) { $error="Username and password variables empty."; } } else { $_SESSION['username']=mysql_real_escape_string($_POST['username']); $_SESSION['password']=mysql_real_escape_string($_POST['password']); $_SESSION['server']=mysql_real_escape_string($_POST['server']); $_SESSION['database']=mysql_real_escape_string($_POST['database']); $_SESSION['con']=mysql_pconnect($_SESSION['server'],$_SESSION['username'],$_SESSION['password']); if(!$_SESSION['con']) { $error="Failed to connect to server."; } else { $database=mysql_select_db($_SESSION['database'],$_SESSION['con']); if(!$database) { $error="Failed to connect to database."; } } } } if(!$_POST['query']) { $error="No query submitted."; } else { $result=mysql_query($_POST['query'],$_SESSION['con']); if(!$result) { $error="Query returned nothing."; } } ?> <html lang="en"> <head> <title>SQL admin interface</title> <meta charset="iso-8859-1" /> </head> <body> <form action="admin.php" method="post"> <textarea name="query" rows="10" cols="50">SELECT * FROM subscribers</textarea> <br /> <br /> <input type="submit" value="Submit query" /> </form> <?php if($error) { echo $_POST['query']."<br /><br />".$result."<br /><br />".$error; die(); } else { while($row=mysql_fetch_assoc($result)) { echo $row['name']." ".$row['email']; echo "<br />"; } } ?> </body> </html> Can anyone help? MOD EDIT: [code] . . . [/code] tags added. hey I am still little new in php can you help me in this one func.php function confirm_query($result_set){ if(!$result_set){ die(mysql_error()); } function get_subjects_all() { global $connection ; $sub_query = "SELECT * FROM subjects ORDER BY position ASC"; $subject_query = mysql_query($sub_query,$connection); confirm_query($subject_query) ; return $subject_query; } function get_pages_all($subject_id) { global $connection; $query = "SELECT * FROM pages WHERE subject_id = '$subject_id' ORDER BY position ASC"; $page_set = mysql_query($query, $connection); confirm_query($page_set); return $page_set; } test.php require_once("config.php"); require_once("func.php"); $subject_query = get_subjects_all(); while($subject = mysql_fetch_array($subject_query)) { echo "<a href= \"test.php?subj=" . urlencode($subject["id"]) . "\">{$subject['menu_name']} <br />"; } $an = $subject["id"] ; $page_set = get_pages_all($an); while($page = mysql_fetch_array($page_set)) { echo "<a href = \"test.php?page=" . urldecode($page["id"]) . "\">{$page['menu_name']} </a><br />" ; // echo "<b> <a href= '1.php?page={$page['id']}' >{$page['menu_name']} </a></b> <br />"; } in this line WHERE subject_id = '$subject_id' the query don't work and gives me sql error i tried with this one ' ".$subject_id." ' but not worked but if i changed $subject_id to a number it work and read the data from the table thanks in advanced . Is there something wrong this? If so, I'm not seeing it...I keep getting this error: Quote ( ! ) Parse error: syntax error, unexpected T_STRING in C:\Program Files\wamp\www\register.php on line 1059 Here's my code for registering a member: Code: [Select] <?php mysql_query (INSERT INTO fans (id, username, email, password, country, region, gender, status, account, subscription, time_registered, date_registered, birthdate, name, website, age, activation_key) VALUES ('', '{$_SESSION["user"]["username"]}', '{$_SESSION["user"]["email"]}', '{$_SESSION["user"]["password"]}', '{$_SESSION["user"]["country"]}', '{$_SESSION["user"]["region"]}', '{$_SESSION["user"]["gender"]}', 'Offline', 'Inactive', 'Unsubscribed', '{$_SESSION["user"]["time"]}', '{$_SESSION["user"]["date"]}', '{$_SESSION["user"]["birthdate"]}', '{$_SESSION["user"]["name"]}', '{$_SESSION["user"]["website"]}', '{$_SESSION["user"]["age"]}', '{$_SESSION["user"]["activation_key"]}')) or die ("Could not register member"); ?> Help, please and thank you! |
|||||||