0

hi im attempting to add mysqli_real_escape_string into form to make more secure and after i added it in code below

$event_type        = $_POST['event_type'];
    $event_date        = $_POST['event_date'];
        $event_country     = $_POST['event_country'];
        $event_postcode    = mysqli_real_escape_string($conn, $_POST['event_postcode']);
    $event_title       = mysqli_real_escape_string($conn, $_POST['event_title']);
        $event_description = mysqli_real_escape_string($conn, $_POST['event_description']);
        $event_ltm         = $_POST['event_ltm'];

like so and go to fill in form it isnt recording the information to the database but if i remove it the information goes into database is there anything else i have to do like in the form itself to make this work.

<br class="clear" /> 
<label for="event_postcode">postcode</label><input type="text" name="event_postcode" id="event_postcode" value="<?php if(!empty($event_postcode)) {?><?php echo $_POST['event_postcode']?><?php }?>" />

<br class="clear" /> 
<label for="event_title">title</label><input type="text" name="event_title" id="event_title" value="<?php if(!empty($event_title)) {?><?php echo $_POST['event_title']?><?php }?>" />

<br class="clear" /> 
<label for="event_description">description</label><textarea name="event_description" id="event_description" cols="45" rows="5"><?php if(!empty($event_description)) {?><?php echo $_POST['event_description']?><?php }?></textarea>

many thanks jan

2
Contributors
7
Replies
47
Views
5 Months
Discussion Span
Last Post by janicemurby
0

Hi,

can you show the insert query? Also if you add error checking do you get any additional information?

0

here's whole php for it hun and ive done a error check and nothing comes up in either error logs or on the file where infor goes to

0
<?php
include ('config/db_connect.php');
if (isset($_POST['submit'])) {

$event_type = $_POST['event_type'];
    $event_date = $_POST['event_date'];
    $event_country = $_POST['event_country'];
    $event_postcode = mysqli_real_escape_string($conn, $_POST['event_postcode']);
    $event_title = mysqli_real_escape_string($conn, $_POST['event_title']);
    $event_description = mysqli_real_escape_string($conn, $_POST['event_description']);
    $event_ltm = $_POST['event_ltm'];

 $event_type = "";   
 $event_date = "";   
 $event_country = "";   
 $event_postcode = "";   
 $event_title = "";   
 $event_description = "";   
 $event_ltm = ""; 

   $query = "INSERT INTO meets (`event_type`,`event_date`,`event_country`,`event_postcode`,`event_title`,`event_description`,`event_ltm`) VALUES ('$event_type','$event_date','$event_country','$event_postcode','$event_title','$event_description','$event_ltm')" or die(mysqli_error($conn));
        $result = mysqli_query($conn,$query);
        if($result){
            echo "<div class='form'>
<h3>You are registered successfully.</h3>
<br/>Click here to <a href='login.php'>Login</a></div>";
        }
    }else{
    mysqli_close($conn);
}
?>
1

Okay,

a part lines from 13 to 19, which are blanking the variables and I suppose it's just an error here in the paste, at line 21 (the $query) you have " or die(mysqli_error($conn)); at the end of the string, so when you run the query at line 22, it will fail, change this:

$query = "INSERT INTO meets (`event_type`,`event_date`,`event_country`,`event_postcode`,`event_title`,`event_description`,`event_ltm`) VALUES ('$event_type','$event_date','$event_country','$event_postcode','$event_title','$event_description','$event_ltm')" or die(mysqli_error($conn));

To:

$query = "INSERT INTO meets (`event_type`,`event_date`,`event_country`,`event_postcode`,`event_title`,`event_description`,`event_ltm`) VALUES ('$event_type','$event_date','$event_country','$event_postcode','$event_title','$event_description','$event_ltm')";

And try:

$result = mysqli_query($conn, $query);

if( ! $result)
    print sprintf('Error (%s) %s', mysqli_errno($conn), mysqli_error($conn));

You could also print the $query statement and try if it works fine through a MySQL client:

print $query;
0

Hi hun ive replaced those sections with amended and check each form element name with database and nothing has changed. But the information still isnt going into the database is there anything else ive missed. Here,s php block after editing and no errors are showing up at all.

<?php
include ('config/db_connect.php');
if (isset($_POST['submit'])) {

$event_type = $_POST['event_type'];
    $event_date = $_POST['event_date'];
    $event_country = $_POST['event_country'];
    $event_postcode = mysqli_real_escape_string($conn, $_POST['event_postcode']);
    $event_title = mysqli_real_escape_string($conn, $_POST['event_title']);
    $event_description = mysqli_real_escape_string($conn, $_POST['event_description']);
    $event_ltm = $_POST['event_ltm'];

 $event_type = "";   
 $event_date = "";   
 $event_country = "";   
 $event_postcode = "";   
 $event_title = "";   
 $event_description = "";   
 $event_ltm = ""; 

       $query = "INSERT INTO meets (`event_type`,`event_date`,`event_country`,`event_postcode`,`event_title`,`event_description`,`event_ltm`) VALUES ('$event_type','$event_date','$event_country','$event_postcode','$event_title','$event_description','$event_ltm')";
            $result = mysqli_query($conn, $query);
    if( ! $result)
        print sprintf('Error (%s) %s', mysqli_errno($conn), mysqli_error($conn));{
            echo "<div class='form'>
<h3>You are registered successfully.</h3>
<br/>Click here to <a href='login.php'>Login</a></div>";
        }
    }else{
    mysqli_close($conn);
}
?>

Ive also included the database table

CREATE TABLE IF NOT EXISTS `meets` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `event_type` varchar(50) NOT NULL,
  `event_date` varchar(50) NOT NULL,
  `event_country` varchar(50) NOT NULL,
  `event_postcode` varchar(50) NOT NULL,
  `event_title` varchar(255) NOT NULL,
  `event_description` text NOT NULL,
  `event_ltm` varchar(50) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

many ty thanks jan x

1

Remove or comment lines from 13 to 19, i.e. these:

$event_type = "";   
$event_date = "";   
$event_country = "";   
$event_postcode = "";   
$event_title = "";   
$event_description = "";   
$event_ltm = ""; 

Because with these you are resetting the values assigned in the previous lines (from 5 to 11) to the same variables.

1

sorted now guys ty for that help i also found that once i removed file out of action="" and added a header location the information showed on other file so is a success ty again guys x x x

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.