www.webdeveloper.com
Results 1 to 12 of 12

Thread: sqlite php insert from form, no data

  1. #1
    Join Date
    Nov 2004
    Posts
    160

    sqlite php insert from form, no data



    I'm building a webform to submit data to a sqlite database. Building the form in PHP, and its hosted on my local machine using IIS, PHP, and FastCGI.

    When i submit the webform, it executes the script, get the Echo back from the script, check the database and.....no data? No errors and no data :-/

    Whats a guy to do? Can someone check me and make sure i'm not missing something stupid?

    Code:
    <html>
    <head>
    <title>DB Test</title>
    </head>
    <body style="font-size:12;font-family:verdana">
    
    <form action="roadshow.php" method="post">
    
    <p>
    First Name: <input type="text" name="firstname"><br />
    Last Name: <input type="text" name="lastname"><br />
    Phone: <input type="text" name="phone"><br />
    Address 1: <input type="text" name="address1"><br />
    Address 2: <input type="text" name="address2"><br />
    City: <input type="text" name="city"><br />
    State: <input type="text" name="state"><br />
    Zip: <input type="text" name="zip"><br />
    </p>
    
    <p>
    <input type="submit">
    </p>
    
    </form>
    </body>
    </html>


    Code:
    <?php
    
    $firstname = $_POST['firstname'];
    $lastname = $_POST['lastname'];
    $phone = $_POST['phone'];
    $address1 = $_POST['address1'];
    $address2 = $_POST['address2'];
    $city = $_POST['city'];
    $state = $_POST['state'];
    $zip = $_POST['zip'];
    
     
    try  
    { 
        $dbh = new PDO('sqlite:C:/Inetpub/wwwroot/roadshow.db'); 
        $sql="INSERT INTO participants (firstname, lastname, phone, address1, address2, city, state, zip) VALUES ('$_POST[firstname]', '$_POST[lastname]', '$_POST[phone]', '$_POST[address1]', '$_POST[address2]', '$_POST[city]', '$_POST[state]', '$_POST[zip]')"; 
        echo $affected = $dbh->exec($sql); 
    
    } 
    catch(PDOException $e) 
    { 
    	    echo $e->getMessage(); 
    } 
    /*** close the database connection ***/ 
    $dbh = null;
    
    ?>

  2. #2
    Join Date
    Nov 2004
    Posts
    160
    bump

  3. #3
    Join Date
    Jan 2010
    Location
    Kyiv, Ukraine
    Posts
    23
    Your code is very wrong from security point of view. Read about SQL injection

  4. #4
    Join Date
    Nov 2004
    Posts
    160
    I dont care about security, i just want it to put data in the database

  5. #5
    Join Date
    Nov 2008
    Posts
    2,477
    Quote Originally Posted by 15hoursNow View Post
    I dont care about security, i just want it to put data in the database
    If you don't care about security, you may find you don't have a database to put anything in to...

  6. #6
    Join Date
    Jan 2010
    Location
    Kyiv, Ukraine
    Posts
    23
    put names of your fields into this quotes: `....`

  7. #7
    Join Date
    Jan 2009
    Location
    Insanity
    Posts
    1,131
    You need to check that you have php5.

  8. #8
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,634
    At first glance I see nothing obviously wrong -- which doesn't mean I didn't miss something. You might try making sure all error messages are displayed for now:
    PHP Code:
    <?php
    ini_set
    ('display_errors'1);
    error_reporting(E_ALL);
    // rest of code...
    ?>
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  9. #9
    Join Date
    Jan 2010
    Location
    Kyiv, Ukraine
    Posts
    23
    NogDog, it might be because of SQL-error.

  10. #10
    Join Date
    Nov 2004
    Posts
    160
    the fastCGI install was bugged. Had to remove and reinstall it. working now. The reason I dont care about security is this is and will always be, hosted on a local machine with no internet connection. Thanks for the suggestions

  11. #11
    Join Date
    Nov 2008
    Posts
    2,477
    ^^^
    Re the security: I still make sure any apps I write are secure, especially in terms of SQL injection, even if they will not be on the web. The reason is that SQL injection does not always happen maliciously. Wait till Paddy O'Reilly gets added to your database and you'll see what I mean

  12. #12
    Join Date
    Jan 2009
    Location
    Insanity
    Posts
    1,131
    Aye, no quotes needed....

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles