•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 422,672 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 4,718 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 285 | Replies: 4
 |
•
•
Join Date: Feb 2008
Posts: 14
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
please tell me what is wrong with the code? <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
echo"Your posted name is\t".$_POST['name'];
echo"Your posted roll is\t".$_POST['roll'];
?>
<?php
$con=mysql_connect("localhost","root","");
if(!$con)
{
die("could not connect:".mysql_error($con));
}
mysql_select_db("form",$con);
mysql_query("insert into submit values('$_POST['name']','$_POST['roll']')");
echo"1 record added";
mysql_close($con);
?>
</body>
</html>
error is showing on that line..........
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
echo"Your posted name is\t".$_POST['name'];
echo"Your posted roll is\t".$_POST['roll'];
?>
<?php
$con=mysql_connect("localhost","root","");
if(!$con)
{
die("could not connect:".mysql_error($con));
}
mysql_select_db("form",$con);
mysql_query("insert into submit values('$_POST['name']','$_POST['roll']')");
echo"1 record added";
mysql_close($con);
?>
</body>
</html>
error is showing on that line..........
•
•
Join Date: Feb 2008
Posts: 6
Reputation:
Rep Power: 0
Solved Threads: 1
Newbie Poster
See there are some wrong thing in security with your code but now I am going to tell you syntax errors only (cause security is very deep....)
mysql_query("insert into submit values('$_POST['name']','$_POST['roll']')");
must evaluate into:
mysql_query("insert into submit(name,roll) values('$_POST['name']','$_POST['roll']')");
after name of table you have to put name of column also!
mysql_query("insert into submit values('$_POST['name']','$_POST['roll']')");
must evaluate into:
mysql_query("insert into submit(name,roll) values('$_POST['name']','$_POST['roll']')");
after name of table you have to put name of column also!
•
•
Join Date: Jan 2008
Posts: 55
Reputation:
Rep Power: 1
Solved Threads: 5
Junior Poster in Training
•
•
•
•
Originally Posted by fenixZ 
See there are some wrong thing in security with your code but now I am going to tell you syntax errors only (cause security is very deep....)
What he's trying to say, is you should never insert user input directly into the database. There are a number of ways a malicious user can use that type of insert statement to hack into your database and screw things up.
Instead, you should always validate the input to make sure that it won't harm your database.
The easiest way to clean code for use in a mysql query is to use the "mysql_real_escape_string()" function.
Like so...
php Syntax (Toggle Plain Text)
Incidentally, this may also be causing another error for you. You can't include an array value (like $_POST['name']) directly inside of a string. You need to either wrap the entire array variable in brackets {} or reference the variable outside the quotes using a string concatenation.
For example...
php Syntax (Toggle Plain Text)
- Walkere
•
•
Join Date: Nov 2007
Location: Bangalore, India
Posts: 3,098
Reputation:
Rep Power: 8
Solved Threads: 239
•
•
•
•
Originally Posted by niladri.user
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
echo"Your posted name is\t".$_POST['name'];
echo"Your posted roll is\t".$_POST['roll'];
?>
<?php
$con=mysql_connect("localhost","root","");
if(!$con)
{
die("could not connect:".mysql_error($con));
}
mysql_select_db("form",$con);
mysql_query("insert into submit values('$_POST['name']','$_POST['roll']')");
echo"1 record added";
mysql_close($con);
?>
</body>
</html>
error is showing on that line..........
The error is with the parsing of quotes. Instead, use
php Syntax (Toggle Plain Text)
Cheers,
Naveen
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
*PM asking for help will be ignored*
*PM asking for help will be ignored*
|
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
•
•
•
•
access activation api blog blogger blogging blogs code combo competition cross-browser javascript menu with few lines of code dani daniweb data debugging development dreamweaver dropdownlist gdata gentoo google gpl html innovation key linux microsoft module net news openbsd php product programming reuse rss security serial source spam tags vista web wysiwyg xml
- what's wrong in this code? (PHP)
- What's wrong with this code? (C#)
- Why won't this code work? (VB.NET)
- What is wrong with this code? (C++)
- What is wrong with this code??? (Visual Basic 4 / 5 / 6)
- Whats wrong with this code (PHP)
- Something wrong with my code, why Junk character appears? (C)
- beans bound property: getNewValue() doesn't work out. Code attached (Java)
Other Threads in the PHP Forum
- Previous Thread: How to Omit the COMMENT text box...??
- Next Thread: problem with my file upload
