www.webdeveloper.com
Results 1 to 8 of 8

Thread: please help php query error.??

  1. #1
    Join Date
    Jan 2014
    Location
    Pakistan
    Posts
    45

    please help php query error.??

    hello everybody...i have an error when i submit data into database..please check it out..
    phph code is
    PHP Code:
    <?php
    $con
    mysql_connect('abc.com''colg''Colg@1'); 
    if (!
    $con) { 
        die(
    'Could not connect: ' mysql_error()); 

    mysql_select_db(colg);

    $sql="INSERT INTO fsc_med(reg_id,f_name,l_name,roll_num,t_eng,o_eng,t_urdu,o_urdu,t_phy,o_phy,t_che,o_che,t_bio,o_bio,t_isl_sstd,o_isl_sstd,total_marks,obtain_marks,attendance)
    VALUES
    ('
    $_POST[reg_num]','$_POST[firstname]','$_POST[lastname]','$_POST[rollnum]','$_POST[t_english]','$_POST[o_english]','$_POST[t_urdu]','$_POST[o_urdu]','$_POST[t_physics]','$_POST[o_physics]','$_POST[t_chemistry]','$_POST[o_chemistry]','$_POST[t_biology]','$_POST[o_biology]','$_POST[t_isl_sst]','$_POST[o_isl_sst]','$_POST[t_marks]','$_POST[o_t_marks]','$_POST[attdnce]')";

    if (!
    mysqli_query($con,$sql))
      {
      die(
    'Error: ' mysqli_error($con));
      }
    echo 
    "1 record added";

    mysqli_close($con);
    ?>
    data entry form is here http://igoc.com.pk/student_results/r...c_med_123.html
    Last edited by NogDog; 03-04-2014 at 01:46 PM. Reason: added [php] tags around code

  2. #2
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    894
    This code will not run and SHOULD not run. The data you are taking from the user's input and posting to your db without any validation could be loaded with malicious code. Please learn how to check input, ensure that it is what you expect and that it is safe to use before continuing.

    That said, there are still plain old syntax errors here as well. Assuming that you mis-typed these into your post, tell us what the error message was so that you can at least get that answer.
    Last edited by ginerjm; 03-02-2014 at 09:49 AM.

  3. #3
    Join Date
    Jan 2014
    Location
    Pakistan
    Posts
    45
    i fixed it.....how can i put validation on user inputs??

  4. #4
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    894
    You need to read up on security and how to accept input from the user to protect your site from hackers and other malicious users. They can do things to break your database, destroy your tables with improper input. To validate input you need to check each one to see if it is what you expect. For example, if you have a field that should have a number entered in it, then check that the POST var for that field does in fact have a number value when you get it. If a field should have a yes/no value in it, be sure that it does. And so on. For string entries you must be sure to escape the input value to get rid of any harmful characters before posting it to your database.

    There are many articles on data security. Read some of them. There's probably one in these forums.

  5. #5
    Join Date
    Feb 2014
    Location
    Canada
    Posts
    155
    There's several problems with your code. First, mysql will quickly be removed in the future, so you shouldn't be using it. Instead, use either PDO or mysqli.
    Second, you're mixing mysql with mysqli and that alone will generate errors.
    Third, as already mentioned, you're not checking user input, so they can freely enter code and have it wreck your database. Alternatively,
    they could enter nothing for all of the fields and your code would allow that. When you go to read from your database, the output will seem bizarre, assuming
    it hasn't already been trashed.

    Here's a very quick example code just for checking the firstname, however, it's not complete and requires you to do a bit of work on it for it to execute.

    PHP Code:
    <?php
        $firstname 
    "";
        
        if(isset(
    $_POST['firstname'])) {
            
    $firstname trim($_POST['firstname']);
            
    $illegalChars = array(); // enter any specific characters you would like to check for
            
    if(ctype_alpha($firstname)) { 
                
    $parts str_split($firstname);
                foreach(
    $parts as $part) {
                    if(
    in_array($part$illegalChars)) {
                        
    // do something since it contains an illegal character
                    
    }
                }
            }
        } else {
            
    // do something
        
    }
    ?>
    Before tackling this though, you want to get your code to be able to run.

  6. #6
    Join Date
    Feb 2014
    Location
    Dubai, UAE
    Posts
    154
    I would advise you should use mysqli extension instead of using mysql. Read important information about mysqli and use it in your program, i found it for you here

    http://wistech.biz/2014/03/03/php-5-...qli-extension/

  7. #7
    Join Date
    Jan 2014
    Location
    Pakistan
    Posts
    45
    Quote Originally Posted by kiwistech View Post
    I would advise you should use mysqli extension instead of using mysql. Read important information about mysqli and use it in your program, i found it for you here

    http://wistech.biz/2014/03/03/php-5-...qli-extension/
    thank you so much

  8. #8
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,637
    If you migrate to either the PDO or MySQLi database extensions in PHP, you can use prepared statements and bound parameters to take care of sanitizing inputs. I prefer the PDO extension, myself, but it's no big deal unless you want the additional database portability that it provides.

    An example of using bound parameters can be seen at http://us2.php.net/manual/en/pdostatement.bindparam.php .
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles