sqlite php insert from form, no data
I'm building a webform to submit data to a sqlite database. Building the form in PHP, and its hosted on my local machine using IIS, PHP, and FastCGI.
When i submit the webform, it executes the script, get the Echo back from the script, check the database and.....no data? No errors and no data :-/
Whats a guy to do? Can someone check me and make sure i'm not missing something stupid?
<form action="roadshow.php" method="post">
First Name: <input type="text" name="firstname"><br />
Last Name: <input type="text" name="lastname"><br />
Phone: <input type="text" name="phone"><br />
Address 1: <input type="text" name="address1"><br />
Address 2: <input type="text" name="address2"><br />
City: <input type="text" name="city"><br />
State: <input type="text" name="state"><br />
Zip: <input type="text" name="zip"><br />
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$phone = $_POST['phone'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$dbh = new PDO('sqlite:C:/Inetpub/wwwroot/roadshow.db');
$sql="INSERT INTO participants (firstname, lastname, phone, address1, address2, city, state, zip) VALUES ('$_POST[firstname]', '$_POST[lastname]', '$_POST[phone]', '$_POST[address1]', '$_POST[address2]', '$_POST[city]', '$_POST[state]', '$_POST[zip]')";
echo $affected = $dbh->exec($sql);
/*** close the database connection ***/
$dbh = null;
Your code is very wrong from security point of view. Read about SQL injection
I dont care about security, i just want it to put data in the database
If you don't care about security, you may find you don't have a database to put anything in to...
Originally Posted by 15hoursNow
put names of your fields into this quotes: `....`
You need to check that you have php5.
At first glance I see nothing obviously wrong -- which doesn't mean I didn't miss something. You might try making sure all error messages are displayed for now:
// rest of code...
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
NogDog, it might be because of SQL-error.
the fastCGI install was bugged. Had to remove and reinstall it. working now. The reason I dont care about security is this is and will always be, hosted on a local machine with no internet connection. Thanks for the suggestions
Re the security: I still make sure any apps I write are secure, especially in terms of SQL injection, even if they will not be on the web. The reason is that SQL injection does not always happen maliciously. Wait till Paddy O'Reilly gets added to your database and you'll see what I mean
Aye, no quotes needed....
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)