infor not going into database after adding mysqli_real_escape_string

Question

janicemurby 7 Posting Whiz in Training

7 Years Ago

hi im attempting to add mysqli_real_escape_string into form to make more secure and after i added it in code below

$event_type        = $_POST['event_type'];
    $event_date        = $_POST['event_date'];
        $event_country     = $_POST['event_country'];
        $event_postcode    = mysqli_real_escape_string($conn, $_POST['event_postcode']);
    $event_title       = mysqli_real_escape_string($conn, $_POST['event_title']);
        $event_description = mysqli_real_escape_string($conn, $_POST['event_description']);
        $event_ltm         = $_POST['event_ltm'];

like so and go to fill in form it isnt recording the information to the database but if i remove it the information goes into database is there anything else i have to do like in the form itself to make this work.

<br class="clear" /> 
<label for="event_postcode">postcode</label><input type="text" name="event_postcode" id="event_postcode" value="<?php if(!empty($event_postcode)) {?><?php echo $_POST['event_postcode']?><?php }?>" />

<br class="clear" /> 
<label for="event_title">title</label><input type="text" name="event_title" id="event_title" value="<?php if(!empty($event_title)) {?><?php echo $_POST['event_title']?><?php }?>" />

<br class="clear" /> 
<label for="event_description">description</label><textarea name="event_description" id="event_description" cols="45" rows="5"><?php if(!empty($event_description)) {?><?php echo $_POST['event_description']?><?php }?></textarea>

many thanks jan

php

2 Contributors
7 Replies
248 Views
1 Day Discussion Span
Latest Post 7 Years Ago Latest Post by janicemurby

All 7 Replies

cereal 1,524 Nearly a Senior Poster

7 Years Ago

Okay,

a part lines from 13 to 19, which are blanking the variables and I suppose it's just an error here in the paste, at line 21 (the $query) you have " or die(mysqli_error($conn)); at the end of the string, so when you run the query at line 22, it will fail, change this:

$query = "INSERT INTO meets (`event_type`,`event_date`,`event_country`,`event_postcode`,`event_title`,`event_description`,`event_ltm`) VALUES ('$event_type','$event_date','$event_country','$event_postcode','$event_title','$event_description','$event_ltm')" or die(mysqli_error($conn));

To:

$query = "INSERT INTO meets (`event_type`,`event_date`,`event_country`,`event_postcode`,`event_title`,`event_description`,`event_ltm`) VALUES ('$event_type','$event_date','$event_country','$event_postcode','$event_title','$event_description','$event_ltm')";

And try:

$result = mysqli_query($conn, $query);

if( ! $result)
    print sprintf('Error (%s) %s', mysqli_errno($conn), mysqli_error($conn));

You could also print the $query statement and try if it works fine through a MySQL client:

print $query;

cereal 1,524 Nearly a Senior Poster

7 Years Ago

Remove or comment lines from 13 to 19, i.e. these:

$event_type = "";   
$event_date = "";   
$event_country = "";   
$event_postcode = "";   
$event_title = "";   
$event_description = "";   
$event_ltm = "";

Because with these you are resetting the values assigned in the previous lines (from 5 to 11) to the same variables.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

cereal 1,524 Nearly a Senior Poster Featured Poster · Answer 1 · 2017-02-28T14:10:30+00:00

Hi,

can you show the insert query? Also if you add error checking do you get any additional information?

janicemurby 7 Posting Whiz in Training · Answer 2 · 2017-02-28T18:09:51+00:00

here's whole php for it hun and ive done a error check and nothing comes up in either error logs or on the file where infor goes to

janicemurby 7 Posting Whiz in Training · Answer 3 · 2017-02-28T18:10:51+00:00

<?php
include ('config/db_connect.php');
if (isset($_POST['submit'])) {

$event_type = $_POST['event_type'];
    $event_date = $_POST['event_date'];
    $event_country = $_POST['event_country'];
    $event_postcode = mysqli_real_escape_string($conn, $_POST['event_postcode']);
    $event_title = mysqli_real_escape_string($conn, $_POST['event_title']);
    $event_description = mysqli_real_escape_string($conn, $_POST['event_description']);
    $event_ltm = $_POST['event_ltm'];

 $event_type = "";   
 $event_date = "";   
 $event_country = "";   
 $event_postcode = "";   
 $event_title = "";   
 $event_description = "";   
 $event_ltm = ""; 

   $query = "INSERT INTO meets (`event_type`,`event_date`,`event_country`,`event_postcode`,`event_title`,`event_description`,`event_ltm`) VALUES ('$event_type','$event_date','$event_country','$event_postcode','$event_title','$event_description','$event_ltm')" or die(mysqli_error($conn));
        $result = mysqli_query($conn,$query);
        if($result){
            echo "<div class='form'>
<h3>You are registered successfully.</h3>
<br/>Click here to <a href='login.php'>Login</a></div>";
        }
    }else{
    mysqli_close($conn);
}
?>

janicemurby 7 Posting Whiz in Training · Answer 4 · 2017-02-28T20:55:33+00:00

Hi hun ive replaced those sections with amended and check each form element name with database and nothing has changed. But the information still isnt going into the database is there anything else ive missed. Here,s php block after editing and no errors are showing up at all.

<?php
include ('config/db_connect.php');
if (isset($_POST['submit'])) {

$event_type = $_POST['event_type'];
    $event_date = $_POST['event_date'];
    $event_country = $_POST['event_country'];
    $event_postcode = mysqli_real_escape_string($conn, $_POST['event_postcode']);
    $event_title = mysqli_real_escape_string($conn, $_POST['event_title']);
    $event_description = mysqli_real_escape_string($conn, $_POST['event_description']);
    $event_ltm = $_POST['event_ltm'];

 $event_type = "";   
 $event_date = "";   
 $event_country = "";   
 $event_postcode = "";   
 $event_title = "";   
 $event_description = "";   
 $event_ltm = ""; 

       $query = "INSERT INTO meets (`event_type`,`event_date`,`event_country`,`event_postcode`,`event_title`,`event_description`,`event_ltm`) VALUES ('$event_type','$event_date','$event_country','$event_postcode','$event_title','$event_description','$event_ltm')";
            $result = mysqli_query($conn, $query);
    if( ! $result)
        print sprintf('Error (%s) %s', mysqli_errno($conn), mysqli_error($conn));{
            echo "<div class='form'>
<h3>You are registered successfully.</h3>
<br/>Click here to <a href='login.php'>Login</a></div>";
        }
    }else{
    mysqli_close($conn);
}
?>

Ive also included the database table

CREATE TABLE IF NOT EXISTS `meets` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `event_type` varchar(50) NOT NULL,
  `event_date` varchar(50) NOT NULL,
  `event_country` varchar(50) NOT NULL,
  `event_postcode` varchar(50) NOT NULL,
  `event_title` varchar(255) NOT NULL,
  `event_description` text NOT NULL,
  `event_ltm` varchar(50) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

many ty thanks jan x

janicemurby 7 Posting Whiz in Training · Answer 5 · 2017-03-01T14:46:23+00:00

sorted now guys ty for that help i also found that once i removed file out of action="" and added a header location the information showed on other file so is a success ty again guys x x x

infor not going into database after adding mysqli_real_escape_string

Recommended Answers Collapse Answers

All 7 Replies

Recommended Answers