sqlite php insert from form, no data

**15hoursNow** · 01-14-2010 04:59 PM

I'm building a webform to submit data to a sqlite database. Building the form in PHP, and its hosted on my local machine using IIS, PHP, and FastCGI.

When i submit the webform, it executes the script, get the Echo back from the script, check the database and.....no data? No errors and no data :-/

Whats a guy to do? Can someone check me and make sure i'm not missing something stupid?

Code:

<html>
<head>
<title>DB Test</title>
</head>
<body style="font-size:12;font-family:verdana">

<form action="roadshow.php" method="post">

<p>
First Name: <input type="text" name="firstname"><br />
Last Name: <input type="text" name="lastname"><br />
Phone: <input type="text" name="phone"><br />
Address 1: <input type="text" name="address1"><br />
Address 2: <input type="text" name="address2"><br />
City: <input type="text" name="city"><br />
State: <input type="text" name="state"><br />
Zip: <input type="text" name="zip"><br />
</p>

<p>
<input type="submit">
</p>

</form>
</body>
</html>

Code:

<?php

$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$phone = $_POST['phone'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];

 
try  
{ 
    $dbh = new PDO('sqlite:C:/Inetpub/wwwroot/roadshow.db'); 
    $sql="INSERT INTO participants (firstname, lastname, phone, address1, address2, city, state, zip) VALUES ('$_POST[firstname]', '$_POST[lastname]', '$_POST[phone]', '$_POST[address1]', '$_POST[address2]', '$_POST[city]', '$_POST[state]', '$_POST[zip]')"; 
    echo $affected = $dbh->exec($sql); 

} 
catch(PDOException $e) 
{ 
	    echo $e->getMessage(); 
} 
/*** close the database connection ***/ 
$dbh = null;

?>

**15hoursNow** · 01-15-2010 08:10 AM

bump

**HeeL** · 01-15-2010 08:41 AM

Your code is very wrong from security point of view. Read about SQL injection

**15hoursNow** · 01-15-2010 08:52 AM

I dont care about security, i just want it to put data in the database

**Mindzai** · 01-15-2010 09:03 AM

Originally Posted by 15hoursNow

I dont care about security, i just want it to put data in the database

If you don't care about security, you may find you don't have a database to put anything in to...

**HeeL** · 01-15-2010 09:17 AM

put names of your fields into this quotes: `....`

**JunkMale** · 01-15-2010 01:36 PM

You need to check that you have php5.

**NogDog** · 01-15-2010 02:46 PM

At first glance I see nothing obviously wrong -- which doesn't mean I didn't miss something. You might try making sure all error messages are displayed for now:

PHP Code:


<?php

ini_set('display_errors', 1);

error_reporting(E_ALL);

// rest of code...

?>

**HeeL** · 01-18-2010 08:06 AM

NogDog, it might be because of SQL-error.

**15hoursNow** · 01-18-2010 09:49 AM

the fastCGI install was bugged. Had to remove and reinstall it. working now. The reason I dont care about security is this is and will always be, hosted on a local machine with no internet connection. Thanks for the suggestions

**Mindzai** · 01-18-2010 10:38 AM

^^^
Re the security: I still make sure any apps I write are secure, especially in terms of SQL injection, even if they will not be on the web. The reason is that SQL injection does not always happen maliciously. Wait till Paddy O'Reilly gets added to your database and you'll see what I mean

**JunkMale** · 01-27-2010 08:51 AM

Aye, no quotes needed....

Thread: sqlite php insert from form, no data

Thread Tools

Display

sqlite php insert from form, no data

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions