PHP RSS PHP RSS

please tell me what is wrong with the code?

Reply

Join Date: Feb 2008
Posts: 15
Reputation: niladri.user is an unknown quantity at this point 
Solved Threads: 0
niladri.user niladri.user is offline Offline
Newbie Poster

please tell me what is wrong with the code?

 
0
  #1
Feb 11th, 2008
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
echo"Your posted name is\t".$_POST['name'];
echo"Your posted roll is\t".$_POST['roll'];
?>
<?php
$con=mysql_connect("localhost","root","");
if(!$con)
{
die("could not connect:".mysql_error($con));
}
mysql_select_db("form",$con);
mysql_query("insert into submit values('$_POST['name']','$_POST['roll']')");
echo"1 record added";
mysql_close($con);
?>
</body>
</html>
error is showing on that line..........
Reply With Quote Quick reply to this message  
Join Date: Feb 2008
Posts: 6
Reputation: fenixZ is an unknown quantity at this point 
Solved Threads: 1
fenixZ fenixZ is offline Offline
Newbie Poster

Re: please tell me what is wrong with the code?

 
0
  #2
Feb 11th, 2008
See there are some wrong thing in security with your code but now I am going to tell you syntax errors only (cause security is very deep....)

mysql_query("insert into submit values('$_POST['name']','$_POST['roll']')");

must evaluate into:
mysql_query("insert into submit(name,roll) values('$_POST['name']','$_POST['roll']')");

after name of table you have to put name of column also!
Reply With Quote Quick reply to this message  
Join Date: Jan 2008
Posts: 57
Reputation: Walkere is an unknown quantity at this point 
Solved Threads: 5
Walkere Walkere is offline Offline
Junior Poster in Training

Re: please tell me what is wrong with the code?

 
0
  #3
Feb 11th, 2008
Originally Posted by fenixZ View Post
See there are some wrong thing in security with your code but now I am going to tell you syntax errors only (cause security is very deep....)
What he's trying to say, is you should never insert user input directly into the database. There are a number of ways a malicious user can use that type of insert statement to hack into your database and screw things up.

Instead, you should always validate the input to make sure that it won't harm your database.

The easiest way to clean code for use in a mysql query is to use the "mysql_real_escape_string()" function.

Like so...

php Syntax (Toggle Plain Text) 
  1. $name = mysql_real_escape_string($_POST['name']);
  2. $roll = mysql_real_escape_string($_POST['roll']);
  3.  
  4. //  Create mysql query, using $name and $roll

Incidentally, this may also be causing another error for you. You can't include an array value (like $_POST['name']) directly inside of a string. You need to either wrap the entire array variable in brackets {} or reference the variable outside the quotes using a string concatenation.

For example...

php Syntax (Toggle Plain Text) 
  1. $query = "insert into submit(name,roll) values('{$_POST['name']}','{$_POST['roll']}')";
  2. //  Or...
  3. $query = "insert into submit (name, roll) values ('" . $_POST['name'] . "', '" . $_POST['roll'] . "')";

- Walkere
Thoughts on Education and Technology
PHP Tutorials, Web Design Tips, and More...
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 3,749
Reputation: nav33n is a jewel in the rough nav33n is a jewel in the rough nav33n is a jewel in the rough 
Solved Threads: 331
Moderator
Featured Poster
nav33n's Avatar
nav33n nav33n is offline Offline
Senior Poster

Re: please tell me what is wrong with the code?

 
0
  #4
Feb 11th, 2008
Originally Posted by niladri.user View Post
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
echo"Your posted name is\t".$_POST['name'];
echo"Your posted roll is\t".$_POST['roll'];
?>
<?php
$con=mysql_connect("localhost","root","");
if(!$con)
{
die("could not connect:".mysql_error($con));
}
mysql_select_db("form",$con);
mysql_query("insert into submit values('$_POST['name']','$_POST['roll']')");
echo"1 record added";
mysql_close($con);
?>
</body>
</html>
error is showing on that line..........
The error is with the parsing of quotes. Instead, use
php Syntax (Toggle Plain Text) 
  1. $name=$_POST['name'];
  2. $roll=$_POST['roll'];
  3. mysql_query("insert into submit (col1,col2) values ('$name','$roll')");

Cheers,
Naveen
Ignorance is definitely not bliss!

*PM asking for help will be ignored*
Reply With Quote Quick reply to this message  
Join Date: Feb 2008
Posts: 15
Reputation: niladri.user is an unknown quantity at this point 
Solved Threads: 0
niladri.user niladri.user is offline Offline
Newbie Poster

Thanks!!!!!!!

 
0
  #5
Feb 12th, 2008
Thanks for replying!!!!!!!!!!!
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the PHP Forum
Thread Tools Search this Thread



advanced apache api array beginner binary broken cakephp check checkbox class cms code cookies cron curl database date datepart display dropdownlist dynamic echo email eregi error execution file files folder form forms function functions google head href htaccess html if...loop image include includingmysecondfileinthechain insert ip javascript job joomla jquery key library limit link login mail menu mlm multiple mysql oop password paypal pdf pdfdownload php phpvotingscript problem query radio random recursion remote screen script search server sessions smarty sms sorting source space sql startup stored syntax system table traffic tutorial unicode update upload url validator variable video web youtube zend
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC