Re: [PHP-DB] Mysql not receiving the data
Some of the reason to have "register_global" on is to easly use variables sent by post, get, cookie method of a form. Ex. in your code at the page "anypage.php" you will have available the variables: $get_var==1 and $text_post=="Hello World" if "register_global=TRUE " in php.ini file - in this case u still have available $_POST;GET ecc... $_GET['get_var']==1 and $_POST['text_post']=="Hello World" if "register_global=FALSE " in php.ini file - in this case you don't have the $get_var e $text_post available, so code is safer I would suggest to leave register global=FALSE as to have safer code unless u have to rewrite the whole code. Think about having hacked variables value send by GET, COOKIE method. Bye "Hans Lellelid" <[EMAIL PROTECTED]> ha scritto nel messaggio news:[EMAIL PROTECTED] > Hi Andrew, > > Andrew Rothwell wrote: > > Thank you everybody that responded so quickly - > > I used the suggestion of Franciccio - and the data is now gow into the db > > Thank you very much - I really appreciate the help. > > > > Another question - with this fix in place - do I still need the > > register_globals = On ? > > Or can I now turn it off? > > > > It seems like you should have kept your old php.ini file, as this other > error you encountered was probably due to your old php.ini file having > this setting: > > magic_quotes_gpc = 1 > > That INI var instructs PHP to automatically addslashes() to any > GET/POST/COOKIE data. I would suggest turning this back on, unless > you've thoroughly redesigned your code to not need it. > > This is unrelated to register_globals, which you will need to leave on > unless you redesign your application. > > Hans -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Mysql not receiving the data
Hi Andrew, Andrew Rothwell wrote: Thank you everybody that responded so quickly - I used the suggestion of Franciccio - and the data is now gow into the db Thank you very much - I really appreciate the help. Another question - with this fix in place - do I still need the register_globals = On ? Or can I now turn it off? It seems like you should have kept your old php.ini file, as this other error you encountered was probably due to your old php.ini file having this setting: magic_quotes_gpc = 1 That INI var instructs PHP to automatically addslashes() to any GET/POST/COOKIE data. I would suggest turning this back on, unless you've thoroughly redesigned your code to not need it. This is unrelated to register_globals, which you will need to leave on unless you redesign your application. Hans -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Mysql not receiving the data
Thank you everybody that responded so quickly - I used the suggestion of Franciccio - and the data is now gow into the db Thank you very much - I really appreciate the help. Another question - with this fix in place - do I still need the register_globals = On ? Or can I now turn it off? Thank you all again Andrew -Original Message- From: franciccio [mailto:[EMAIL PROTECTED] Sent: Sunday, June 13, 2004 12:26 PM To: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Mysql not receiving the data I agree, the slashes are killing the query. I would suggets doing this: $add = "INSERT INTO movies SET > movie_name=\"$movie_name\", > genre=\"$genre\", > director=\"$director\", > star1=\"$star1\", > star2=\"$star2\", > star3=\"$star3\", > brief_synopsis=\"$brief_synopsis\", > imdb_link=\"$imdb_link\""; -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Mysql not receiving the data
I agree, the slashes are killing the query. I would suggets doing this: $add = "INSERT INTO movies SET > movie_name=\"$movie_name\", > genre=\"$genre\", > director=\"$director\", > star1=\"$star1\", > star2=\"$star2\", > star3=\"$star3\", > brief_synopsis=\"$brief_synopsis\", > imdb_link=\"$imdb_link\""; "Rich Hutchins" <[EMAIL PROTECTED]> ha scritto nel messaggio news:[EMAIL PROTECTED] > The apostrophe (') in your data is, most likely, killing the SQL statement > when it is sent to the server. Use addslashes() around all of your form data > to prevent this and also to help guard against SQL injection attacks. > > Ex: > > $add = "INSERT INTO movies SET > movie_name='".addslashes($movie_name)."', > genre='".addslashes($genre)."', > director='".addslashes($director)."', > star1='".addslashes($star1)."', > star2='".addslashes($star2)."', > star3='".addslashes($star3)."', > brief_synopsis='".addslashes($brief_synopsis)."', > imdb_link='$imdb_link'"; > > Hope this helped. > Rich > -Original Message- > From: Andrew Rothwell [mailto:[EMAIL PROTECTED] > Sent: Sunday, June 13, 2004 1:48 PM > To: [EMAIL PROTECTED] > Subject: RE: [PHP-DB] Mysql not receiving the data > > > Hi Larry, Thank you very much for the very quick response, I set my php.ini > file (located /etc/php.ini ) for the register_globals = On (it was off by > default) > > Now however I get an error > Error adding entry: You have an error in your SQL syntax near 's spanish > driver is found shot dead, Inspector Jacques Clouseau is the first off' at > line 8 > > My Database is a movie database of my dvd's that I own (for insurance > reasons) > > My addmovie.php is this >mysql_connect("localhost","username","password"); > mysql_select_db("movies"); > $add = "INSERT INTO movies SET > movie_name='$movie_name', > genre='$genre', > director='$director', > star1='$star1', > star2='$star2', > star3='$star3', > brief_synopsis='$brief_synopsis', > imdb_link='$imdb_link'"; > if (@mysql_query($add)) > { > echo("Your entry has been added. > $movie_name"); > } > else > { > echo("Error adding entry: " . > mysql_error() . ""); >} > ?> > > > And the addmovie.htm page (atleast the form action is this) > > > >bordercolordark="#FF0033" bordercolorlight="#66"> > > Movie Name > > > > > > > Andrew > > -Original Message- > From: Larry E. Ullman [mailto:[EMAIL PROTECTED] > Sent: Sunday, June 13, 2004 11:22 AM > To: Andrew Rothwell > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP-DB] Mysql not receiving the data > > > Online I could see everything, and the pages gave the appearance of > > working, however when I went into the DB using PHPMYADMIN to check the > > status of the new data entered, all I found was blank rows ( for the > > new data since the rebuild, all the old data was there) There were the > > correct number of new rows for the amount of records that I had > > entered, which tells me (unless I am nistaken) that the PHP is talking > > to the DB, and is atleast sending a insert command, but the rest of > > the data is not getting in. - > > Without seeing any code whatsoever and since this worked before but no > longer works on a new install, I can only assume that your code was written > with the assumption that register_globals was turned on and it's not on in > your current configuration. > > If that is the case, see the PHP manual or search the Web for the solution > ($_POST, $_GET, etc.). > > Larry > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Mysql not receiving the data
The apostrophe (') in your data is, most likely, killing the SQL statement when it is sent to the server. Use addslashes() around all of your form data to prevent this and also to help guard against SQL injection attacks. Ex: $add = "INSERT INTO movies SET movie_name='".addslashes($movie_name)."', genre='".addslashes($genre)."', director='".addslashes($director)."', star1='".addslashes($star1)."', star2='".addslashes($star2)."', star3='".addslashes($star3)."', brief_synopsis='".addslashes($brief_synopsis)."', imdb_link='$imdb_link'"; Hope this helped. Rich -Original Message- From: Andrew Rothwell [mailto:[EMAIL PROTECTED] Sent: Sunday, June 13, 2004 1:48 PM To: [EMAIL PROTECTED] Subject: RE: [PHP-DB] Mysql not receiving the data Hi Larry, Thank you very much for the very quick response, I set my php.ini file (located /etc/php.ini ) for the register_globals = On (it was off by default) Now however I get an error Error adding entry: You have an error in your SQL syntax near 's spanish driver is found shot dead, Inspector Jacques Clouseau is the first off' at line 8 My Database is a movie database of my dvd's that I own (for insurance reasons) My addmovie.php is this Your entry has been added. $movie_name"); } else { echo("Error adding entry: " . mysql_error() . ""); } ?> And the addmovie.htm page (atleast the form action is this) Movie Name Andrew -Original Message- From: Larry E. Ullman [mailto:[EMAIL PROTECTED] Sent: Sunday, June 13, 2004 11:22 AM To: Andrew Rothwell Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Mysql not receiving the data > Online I could see everything, and the pages gave the appearance of > working, however when I went into the DB using PHPMYADMIN to check the > status of the new data entered, all I found was blank rows ( for the > new data since the rebuild, all the old data was there) There were the > correct number of new rows for the amount of records that I had > entered, which tells me (unless I am nistaken) that the PHP is talking > to the DB, and is atleast sending a insert command, but the rest of > the data is not getting in. - Without seeing any code whatsoever and since this worked before but no longer works on a new install, I can only assume that your code was written with the assumption that register_globals was turned on and it's not on in your current configuration. If that is the case, see the PHP manual or search the Web for the solution ($_POST, $_GET, etc.). Larry -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Mysql not receiving the data
Andrew Rothwell wrote: Hi Larry, Thank you very much for the very quick response, I set my php.ini file (located /etc/php.ini ) for the register_globals = On (it was off by default) Now however I get an error Error adding entry: You have an error in your SQL syntax near 's spanish driver is found shot dead, Inspector Jacques Clouseau is the first off' at line 8 I would think it fairly obvious that the extra "'" in the text you are loading is causing a problem, use an "`" instead, or "escape" the single "'" Not sure if MySQL uses "''" or "\'" :) -- Lester Caine - L.S.Caine Electronic Services -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Mysql not receiving the data
Hi Larry, Thank you very much for the very quick response, I set my php.ini file (located /etc/php.ini ) for the register_globals = On (it was off by default) Now however I get an error Error adding entry: You have an error in your SQL syntax near 's spanish driver is found shot dead, Inspector Jacques Clouseau is the first off' at line 8 My Database is a movie database of my dvd's that I own (for insurance reasons) My addmovie.php is this Your entry has been added. $movie_name"); } else { echo("Error adding entry: " . mysql_error() . ""); } ?> And the addmovie.htm page (atleast the form action is this) Movie Name Andrew -Original Message- From: Larry E. Ullman [mailto:[EMAIL PROTECTED] Sent: Sunday, June 13, 2004 11:22 AM To: Andrew Rothwell Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] Mysql not receiving the data > Online I could see everything, and the pages gave the appearance of > working, however when I went into the DB using PHPMYADMIN to check the > status of the new data entered, all I found was blank rows ( for the > new data since the rebuild, all the old data was there) There were the > correct number of new rows for the amount of records that I had > entered, which tells me (unless I am nistaken) that the PHP is talking > to the DB, and is atleast sending a insert command, but the rest of > the data is not getting in. - Without seeing any code whatsoever and since this worked before but no longer works on a new install, I can only assume that your code was written with the assumption that register_globals was turned on and it's not on in your current configuration. If that is the case, see the PHP manual or search the Web for the solution ($_POST, $_GET, etc.). Larry -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Mysql not receiving the data
Online I could see everything, and the pages gave the appearance of working, however when I went into the DB using PHPMYADMIN to check the status of the new data entered, all I found was blank rows ( for the new data since the rebuild, all the old data was there) There were the correct number of new rows for the amount of records that I had entered, which tells me (unless I am nistaken) that the PHP is talking to the DB, and is atleast sending a insert command, but the rest of the data is not getting in. - Without seeing any code whatsoever and since this worked before but no longer works on a new install, I can only assume that your code was written with the assumption that register_globals was turned on and it's not on in your current configuration. If that is the case, see the PHP manual or search the Web for the solution ($_POST, $_GET, etc.). Larry -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php