Re: [PHP] Code Not entering the value in the Database
You don't appear to be doing anything with this line of your code. You build a string variable, but you don't call anything like mysql_query($sql) to actually execute the INSERT statement. M is for Murray On Wed, Jan 21, 2009 at 12:34 AM, Chris Carter wrote: > $sql = "insert into `userstable` (hiddendata) VALUES ('$hiddendata')"; >
Re: [PHP] Code Not entering the value in the Database
2009/1/20 Chris Carter : > > Hi, > > My code is not giving error but not doing the desired action. > But it can do a lot more than your desired action. > // insert new entry in the database if entry submitted > > $emailAddress = $_POST['emailAddress']; > $password = $_POST['password']; > $sql5 = "SELECT * FROM userstable WHERE > emailAddress='$emailAddress' AND > password = '$password'"; > $result5=mysql_query($sql5); Do yourself a favor and read this from A to Z: http://de3.php.net/manual/en/security.php Imagine I send the String: x' OR id=1/* What would the mysql read now? SELECT * FROM userstable WHERE emailAddress='x' OR id=1/*' AND ... everything after "/*" is not being parsed. >header("location:you-need-to-register.php"); correct would be header("location: http://foo/you-need-to-register.php";); > What exactly am I missing. http://php.net/docs.php Byebye -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Code Not entering the value in the Database
Did I miss something, or you really left the execution of the last $sql? After you put the 'INSERT INTO...' string in $sql, you have to mysql_query it, or you won't get any result. SanTa - Original Message - From: "Chris Carter" To: Sent: Tuesday, January 20, 2009 3:34 PM Subject: [PHP] Code Not entering the value in the Database Hi, My code is not giving error but not doing the desired action. I need to append a value in database just when the user logs in after entering the username and password. So I am not presenting the user with a account but just a thank you page. Steps: 1) User enters the user name and password 2) The login form contains a hidden field with a data 3) After hitting the Submit button the username and password is checked. 4) The hidden data is entered in the database. 5) A mail is sent to the user and he gets a Thank You page. 6) If verification fails then he gets a registeration page. Here is the code, I have been struggling with: What exactly am I missing. Thanks in advance, Chris -- View this message in context: http://www.nabble.com/Code-Not-entering-the-value-in-the-Database-tp21564252p21564252.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Code Not entering the value in the Database
Hi, My code is not giving error but not doing the desired action. I need to append a value in database just when the user logs in after entering the username and password. So I am not presenting the user with a account but just a thank you page. Steps: 1) User enters the user name and password 2) The login form contains a hidden field with a data 3) After hitting the Submit button the username and password is checked. 4) The hidden data is entered in the database. 5) A mail is sent to the user and he gets a Thank You page. 6) If verification fails then he gets a registeration page. Here is the code, I have been struggling with: What exactly am I missing. Thanks in advance, Chris -- View this message in context: http://www.nabble.com/Code-Not-entering-the-value-in-the-Database-tp21564252p21564252.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php