Re: [PHP] Code Not entering the value in the Database
You don't appear to be doing anything with this line of your code. You build
a string variable, but you don't call anything like mysql_query($sql) to
actually execute the INSERT statement.
M is for Murray
On Wed, Jan 21, 2009 at 12:34 AM, Chris Carter wrote:
> $sql = "insert into `userstable` (hiddendata) VALUES ('$hiddendata')";
>
Re: [PHP] Code Not entering the value in the Database
2009/1/20 Chris Carter :
>
> Hi,
>
> My code is not giving error but not doing the desired action.
>
But it can do a lot more than your desired action.
> // insert new entry in the database if entry submitted
>
> $emailAddress = $_POST['emailAddress'];
> $password = $_POST['password'];
> $sql5 = "SELECT * FROM userstable WHERE
> emailAddress='$emailAddress' AND
> password = '$password'";
> $result5=mysql_query($sql5);
Do yourself a favor and read this from A to Z:
http://de3.php.net/manual/en/security.php
Imagine I send the String: x' OR id=1/*
What would the mysql read now?
SELECT * FROM userstable WHERE emailAddress='x' OR id=1/*' AND ...
everything after "/*" is not being parsed.
>header("location:you-need-to-register.php");
correct would be header("location: http://foo/you-need-to-register.php";);
> What exactly am I missing.
http://php.net/docs.php
Byebye
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Code Not entering the value in the Database
Did I miss something, or you really left the execution of the last $sql? After you put the 'INSERT INTO...' string in $sql, you have to mysql_query it, or you won't get any result. SanTa - Original Message - From: "Chris Carter" To: Sent: Tuesday, January 20, 2009 3:34 PM Subject: [PHP] Code Not entering the value in the Database Hi, My code is not giving error but not doing the desired action. I need to append a value in database just when the user logs in after entering the username and password. So I am not presenting the user with a account but just a thank you page. Steps: 1) User enters the user name and password 2) The login form contains a hidden field with a data 3) After hitting the Submit button the username and password is checked. 4) The hidden data is entered in the database. 5) A mail is sent to the user and he gets a Thank You page. 6) If verification fails then he gets a registeration page. Here is the code, I have been struggling with: What exactly am I missing. Thanks in advance, Chris -- View this message in context: http://www.nabble.com/Code-Not-entering-the-value-in-the-Database-tp21564252p21564252.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Code Not entering the value in the Database
Hi, My code is not giving error but not doing the desired action. I need to append a value in database just when the user logs in after entering the username and password. So I am not presenting the user with a account but just a thank you page. Steps: 1) User enters the user name and password 2) The login form contains a hidden field with a data 3) After hitting the Submit button the username and password is checked. 4) The hidden data is entered in the database. 5) A mail is sent to the user and he gets a Thank You page. 6) If verification fails then he gets a registeration page. Here is the code, I have been struggling with: What exactly am I missing. Thanks in advance, Chris -- View this message in context: http://www.nabble.com/Code-Not-entering-the-value-in-the-Database-tp21564252p21564252.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
