www.webdeveloper.com
Results 1 to 6 of 6

Thread: php code not inserting into phpmyadmin

  1. #1
    Join Date
    Oct 2008
    Posts
    24

    php code not inserting into phpmyadmin

    HI everyone...I had this working at one time but must have changed something. I cant get the php to insert records into phpmyadmin. Can someone check if I have something wrong in my code. Thanks much.

    Here is the code for selecting from the database:

    PHP Code:
    <?php
    mysql_connect
    ("localhost""root""");
    mysql_select_db("mydb");
    ?>
    <html>
    <head>
    <title>Project 3 Blog</title>
    </head>
    <body>

    PHP Code:
    <?php
    $sql 
    "SELECT * FROM posts"
    $query mysql_query($sql);
    $result mysql_fetch_array($query);

    $title $row['title'];
    $description $row['description'];

    ?>
    <table border='1'>
    <tr><td><?php echo $title; ?></td></tr>
    <tr><td><?php echo $description; ?></td></tr>
    </table>

    PHP Code:
    <?php
    }
    ?>
    </body>
    </html>

    Here is the code for inserting into the database:

    PHP Code:
    <?php
    mysql_connect
    ("localhost""root""");
    mysql_select_db("mydb");
    ?>
    <html>
    <head>
    <title>Add new Post</title>
    </head>
    <body>

    PHP Code:
    <?php
    if(isset($_POST['submit'])){
    $title $_POST['title'];
    $description $_POST['description'];


    mysql_query("INSERT INTO posts (title, description) VALUES('$title','$description')");

    }else{

    ?>
    <form action='admin.php' method='post'>
    Title: <input type='text' name='title' /><br>
    Description: <textarea name='description'></textarea><br />
    <input type='submit' name='submit' value='Post' />
    </form>

    PHP Code:
    <?php
    }
    ?>
    </body>
    </html>

  2. #2
    Join Date
    Oct 2008
    Posts
    24
    Nothing is wrong with this. I just realized I can't put special characters in the title and description. How do I keep the users from putting those in the text. I didn't realize that kept the text from being entered in mysql. Is this something that has to be formatted somewhere in the code. Thanks again

  3. #3
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    18,922
    Just be sure to escape all user inputs before using them in a query. Besides avoiding problems like this, it also stops malicious users from injecting SQL into your queries. With the MySQL extension, the function you want to use is mysql_real_escape_string().
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  4. #4
    Join Date
    Jul 2009
    Location
    My house, sitting at the computer. Duh!
    Posts
    118
    I also run most data through htmlspecialchars(). It converts HTML to character codes, so it doesn't effect the page.

  5. #5
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    18,922
    Quote Originally Posted by ScottyBoy View Post
    I also run most data through htmlspecialchars(). It converts HTML to character codes, so it doesn't effect the page.
    Note that the htmlspecialchars() (or htmlentities()) is normally reserved for escaping text being output to the browser; I do not recommend it for escaping inputs into the database. Why? Because then in your database you might end up with something like this:
    Code:
    Some text &amp; &quot;some quoted text&quot;
    This can have two unwanted side effects: (1) It could mean text that would otherwise just fit within a char/varchar column might now be too long, and (2) it makes searches of the data more problematic. But it is definitely a good idea for text being output to the browser, e.g.:
    PHP Code:
    <input type='text' name='foo' value='<?php echo htmlspecialchars($row['text']);?>' />
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  6. #6
    Join Date
    Jul 2009
    Location
    My house, sitting at the computer. Duh!
    Posts
    118
    Quote Originally Posted by NogDog View Post
    Note that the htmlspecialchars() (or htmlentities()) is normally reserved for escaping text being output to the browser; I do not recommend it for escaping inputs into the database. Why? Because then in your database you might end up with something like this:
    Code:
    Some text &amp; &quot;some quoted text&quot;
    This can have two unwanted side effects: (1) It could mean text that would otherwise just fit within a char/varchar column might now be too long, and (2) it makes searches of the data more problematic. But it is definitely a good idea for text being output to the browser, e.g.:
    PHP Code:
    <input type='text' name='foo' value='<?php echo htmlspecialchars($row['text']);?>' />
    Good thinking. I'll definitely keep that in mind for future use.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles