not writing data to db

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • macdalor
    New Member
    • Jan 2010
    • 27
    #1

    not writing data to db

    I'm trying to add a guestbook to my website and got these scripts from the net (http://www.phpeasystep.com/workshopview.php?id=15) but only 1d and date&time are being recorded in the sql db; name, email and comments aren't.

    any idea anyone please?

    thx

    SQL table creation script:

    Code:
    CREATE TABLE `guestbook` (
`id` int(4) NOT NULL auto_increment,
`name` varchar(65) NOT NULL default '',
`email` varchar(65) NOT NULL default '',
`comment` longtext NOT NULL,
`datetime` varchar(65) NOT NULL default '',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
    guestbook.php:

    Code:
    <table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>Sign Guestbook </strong></td>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form id="form1" name="form1" method="post" action="addguestbook.php">
<td>
<table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><input name="name" type="text" id="name" size="40" /></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="email" type="text" id="email" size="40" /></td>
</tr>
<tr>
<td valign="top">Comment</td>
<td valign="top">:</td>
<td><textarea name="comment" cols="40" rows="3" id="comment"></textarea></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Submit" /> <input type="reset" name="Submit2" value="Reset" /></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong><a href="viewguestbook.php">View Guestbook</a> </strong></td>
</tr>
</table>
    addguestbook.ph p:

    Code:
    <?php
$host="localhost"; // Host name
$username="xxx"; // Mysql username
$password="xxx"; // Mysql password
$db_name="maxalien_davidloran"; // Database name
$tbl_name="guestbook"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server ");
mysql_select_db("$db_name")or die("cannot select DB");

$datetime=date("y-m-d h:i:s"); //date time

$sql="INSERT INTO $tbl_name(name, email, comment, datetime)VALUES('$name', '$email', '$comment', '$datetime')";
$result=mysql_query($sql);

//check if query successful
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='viewguestbook.php'>View guestbook</a>"; // link to view guestbook page
}

else {
echo "ERROR";
}

mysql_close();
?>
    viewguestbook.p hp:

    Code:
    <table width="400" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td><strong>View Guestbook | <a href="guestbook.php">Sign Guestbook</a> </strong></td>
</tr>
</table>
<br>

<?php

$host="localhost"; // Host name
$username="xxx"; // Mysql username
$password="xxx"; // Mysql password
$db_name="maxalien_davidloran"; // Database name
$tbl_name="guestbook"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect server ");
mysql_select_db("$db_name")or die("cannot select DB");

$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);

while($rows=mysql_fetch_array($result)){
?>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td><table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td>ID</td>
<td>:</td>
<td><? echo $rows['id']; ?></td>
</tr>
<tr>
<td width="117">Name</td>
<td width="14">:</td>
<td width="357"><? echo $rows['name']; ?></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><? echo $rows['email']; ?></td>
</tr>
<tr>
<td valign="top">Comment</td>
<td valign="top">:</td>
<td><? echo $rows['comment']; ?></td>
</tr>
<tr>
<td valign="top">Date/Time </td>
<td valign="top">:</td>
<td><? echo $rows['datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>
<BR>
<?
}
mysql_close(); //close database
?>
    Last edited by Markus; Jan 9 '10, 08:29 PM. Reason: Removed sensitive data.
    Tags: None
    • Markus
      Recognized Expert Expert
      • Jun 2007
      • 6092
      #2
      Hey, Macdalor.

      Firstly, I recommend you turn on PHP debugging messages. I suspect if you had these enabled from the get-go, you would've been able to spot the errors yourself.

      Now, on to the problems. The script you're using appears to rely on something called register globals - you'll notice the big red warning, indicating any modern PHP should not rely on this 'feature'. Register globals allows one to register all the super-global arrays as defined variables. That is, instead of having to do $_POST['var_name'] to access a variable in the POST array (submitted via HTML forms, typically), you can instead do $var_name. Obviously this poses many issues, one being multiple definitions of the same variable (var_name in $_SERVER and POST). Thankfully, however, you PHP configuration does not (appear) to have register_global s on. The fix is simple, instead of using $name, $email, etc., you should access them via the POST array.

      Consider the following:

      Code:
      <?php
echo $name;
// would become:
echo $_POST['name'];

echo $email;
// would become:
echo $_POST['email'];
      Have a go at correcting these issues.

      Furthermore, you should take a look at this to protect yourself from SQL injection, which at the moment you are wide-open to.

      Mark.

        Comment

        • macdalor
          New Member
          • Jan 2010
          • 27
          #3
          wooaaa GREAT ANSWER! thank you very much Markus! That is a very detailled and clear reply for newbies like me! well done!

          now I should get to work and consider ll this ;-)

          thx again!

            Comment

            Previous template Next
            Working...