[PHP-DB] I'm completely lost here
This is so simple, done it many times, but something isn't right.. The database gets updated with a record, but all the fields end up being empty in the db. Can anyone see what's out of whack here? I'd appreciate the help. http://pastebin.com/RKw6vtqW David M.
Re: [PHP-DB] I'm completely lost here
On Friday, August 24, 2012 08:13:42 PM David McGlone wrote: > This is so simple, done it many times, but something isn't right.. > > The database gets updated with a record, but all the fields end up being > empty in the db. Can anyone see what's out of whack here? I'd appreciate > the help. > > http://pastebin.com/RKw6vtqW > > David M. I'm sorry this was the wrong paste. here is the correct paste: http://pastebin.com/y8kcymnN
Re: [PHP-DB] I'm completely lost here
David, > The database gets updated with a record, but all the fields end up being > empty in the db. Can anyone see what's out of whack here? I'd appreciate > the help. http://pastebin.com/y8kcymnN There isn't much context to your request and I don't see how your table is defined. How are you assigning the values to the variables that you are trying to insert into the database? Do you have register_globals enabled? -- Gary -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] I'm completely lost here
On Fri, Aug 24, 2012 at 8:34 PM, Gary Chambers wrote: > David, > >> The database gets updated with a record, but all the fields end up being >> empty in the db. Can anyone see what's out of whack here? I'd appreciate >> the help. http://pastebin.com/y8kcymnN > > There isn't much context to your request and I don't see how your table is > defined. How are you assigning the values to the variables that you are > trying to insert into the database? Do you have register_globals enabled? > > -- > Gary > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > I think you might have had register_globals turned on in the past. Current versions of PHP have that disabled as its a huge security hole. If your page is structured like the code you pasted, you would never have access to the values since there is no access to the post array to get the values sent from the form. on your insert page, do you have code like $image = $_POST['image']; $year = $_POST['year']; ... -- Bastien Cat, the other other white meat -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] I'm completely lost here
On Friday, August 24, 2012 08:53:40 PM Bastien Koert wrote:
> On Fri, Aug 24, 2012 at 8:34 PM, Gary Chambers wrote:
> > David,
> >
> >> The database gets updated with a record, but all the fields end up being
> >> empty in the db. Can anyone see what's out of whack here? I'd appreciate
> >> the help. http://pastebin.com/y8kcymnN
> >
> > There isn't much context to your request and I don't see how your table is
> > defined. How are you assigning the values to the variables that you are
> > trying to insert into the database? Do you have register_globals
> > enabled?
> >
> > --
> > Gary
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
>
> I think you might have had register_globals turned on in the past.
> Current versions of PHP have that disabled as its a huge security
> hole.
>
> If your page is structured like the code you pasted, you would never
> have access to the values since there is no access to the post array
> to get the values sent from the form.
>
> on your insert page, do you have code like
>
> $image = $_POST['image'];
> $year = $_POST['year'];
> ...
Just did that like Richard had suggested also and I do get the expected
results. I suspect I need to put the same thing in my query correct? like
this:
mysql_query ("INSERT INTO inventory(image, year, make, model,
milage, price)VALUES($_POST['image'], $_POST['year'], $_POST['make'],
$_POST['model'], $_POST['milage'] , $_POST['price'])");
Re: [PHP-DB] I'm completely lost here
David,
> Just did that like Richard had suggested also and I do get the expected
> results. I suspect I need to put the same thing in my query correct? like
> this:
>
> mysql_query ("INSERT INTO inventory(image, year, make, model,
> milage, price)VALUES($_POST['image'], $_POST['year'], $_POST['make'],
> $_POST['model'], $_POST['milage'] , $_POST['price'])");
I might be stating the obvious here, but you should really validate your input.
If this is just an exercise or a simple test, that will work. If it's an
application that, especially, is accessible on the internet, you definitely
need to validate and ensure that you're receiving sane input.
--
Gary
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] I'm completely lost here
On Friday, August 24, 2012 09:27:31 PM Gary Chambers wrote:
> David,
>
> > Just did that like Richard had suggested also and I do get the expected
> > results. I suspect I need to put the same thing in my query correct? like
> > this:
> >
> > mysql_query ("INSERT INTO inventory(image, year, make, model,
> > milage, price)VALUES($_POST['image'], $_POST['year'], $_POST['make'],
> > $_POST['model'], $_POST['milage'] , $_POST['price'])");
>
> I might be stating the obvious here, but you should really validate your
> input. If this is just an exercise or a simple test, that will work. If
> it's an application that, especially, is accessible on the internet, you
> definitely need to validate and ensure that you're receiving sane input.
Yes this is just pretty much a refresher. Validation and sanatizing is my next
quest :-)
I got it, thanks to everyone pointing me in the right direction. It has been a
while since I've written any PHP code and I started last week just to freshen
up and try and learn more. I guess the last time I had written any forms,
register_globals was on. (Long time!) LOL anyway I changed my code to this:
Cut it down to just 1 row & snipped the other stuff. :-)
mysql_query ("INSERT INTO inventory(image)VALUES('$_POST[image]')");
Thanks for pointing me in the right direction I appreciate it.
David M.
