 Query Not Running When Submitting A Form |
|
|
|
|
  |
 Feb 14 2006, 12:37 PM
Post
#1
|
|
|
Super Member  Group: Members Posts: 407 Joined: 13-December 04 Member No.: 2,696  |
Im having trouble getting my PHP to work. Basically i have a form with a button linking to a php file. When i click submit it calls this file and is suppost to add the data to a database. Im using a my sql databse and it connects fine. Unfortunately when i click submit all i get is the "Inspection did not add". From this i know i have made a connection with the database and im absolutely 100% sure that all field names are correct on the forms and database.
Any ideas? Heres the script.... PHP Code: CODE <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Untitled Document</title> </head> <body> </body> <?php $host="localhost"; $username="***"; $password="***"; $db_name="***"; $tbl_name="InspectionRequest"; // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row mysql_query("INSERT INTO `InspectionRequest` (JobRef, ContactNam, ContactTel, Location, InspcType, Date, TimePref) VALUES (‘$JobRef’, ‘$ContactNam’, ‘$ContactTel’, ‘$Location’, ‘$InspcType’, ‘$Date’, ‘$TimePref’ )"); if($count==1){ session_register("AddInspection"); header("location:/Index.html"); } else { echo "Inspection did not add."; } ?> </html> |
 |
 
|
|
Feb 14 2006, 01:55 PM
Post
#2
|
|
|
apt-get moo  Group: [MODERATOR] Posts: 2,061 Joined: 28-May 05 From: Hertfordshire, England Member No.: 7,593  |
I think it is the MySQL query you run:
CODE $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; It literally searches for rows containing $myusername and $mypassword. You should replace it with something like this: CODE $sql="SELECT * FROM $tbl_name WHERE username='".$myusername."' and password='".$mypassword."'"; Also, nowhere above that point do you actually define those variables, which may also be the problem  The same also applies to the second MySQL query near the bottom. See if that helps. |
|
|
|
|
Feb 14 2006, 04:50 PM
Post
#3
|
|
|
Newbie [Level 1] Group: Members Posts: 21 Joined: 6-February 06 Member No.: 18,277 |
It doesn't have to be defined. But it is a security risk.
I am assuming you use the 'post' method on your form. If I am wrong ignore this post. If did this, http://blah.com/blah.php?JobRef=blah&ContactNam=blah... and finished out the rest of the values (in your insert query) I could add what ever I want in it. I don't know if you purposely left them off or what, but, always use $_POST[variable]. If you want you can do this CODE $blah = $_POST["blah"] Same applies for cookies. I do have to know what the variable names are, but it can be done. This post has been edited by Yarrgh: Feb 14 2006, 04:55 PM |
|
|
|
|
Feb 15 2006, 07:41 PM
Post
#4
|
|
|
Newbie [Level 3] Group: Members Posts: 40 Joined: 29-January 06 Member No.: 17,841 |
Summarizing your code,
1. check for username & password (get count) 2. insert into InspectionRequest 3. if count is not 1, print "Did not add" else redirect to index. By the above, it is evident that you are printing wrong message. Check your InspectionRequest table in phpmyadmin and you should see your rows inserted. You need to rewrite your logic to this. 1. check for username & password (get count) 2. if count is not 1, print "Login failed", exit 3. insert into InspectionRequest 4. if insertion successful, redirect to index else print "Add to InspectionRequest failed" |
|
|
|
|
Similar Topics
|
Lo-Fi Version | Time is now: 8th August 2008 - 12:10 AM |