www.webdeveloper.com
Results 1 to 6 of 6

Thread: New web host, php form not working

  1. #1
    Join Date
    Aug 2014
    Posts
    1

    New web host, php form not working

    I changed web hosting companies and now a php form that was working is no longer working. I haven't been able to figure out what the problem is. The form is a simple text input form that adds the text to a database. Every time the user inserts text with a comma, an error occurs. Below is the code for the form. Any help is much appreciated.

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title></title>
    <link href="style.css" rel="stylesheet" type="text/css" />
    </head>

    <body>
    <?php require_once('inc/header.html'); ?>
    <?php 
    require_once('../Connections/websitedatabase.php'); ?>

    <?php
    if (isset($_POST['note'])):

      
    $note $_POST['note'];
      
    $name $_POST['name'];
      
    $id $_POST['id'];
      
    $sql "UPDATE presidentnotes SET
              note='
    $note',
              name='
    $name'
              "
    ;
      if (@
    mysql_query($sql)) {
        echo 
    '<p>The note has been updated.</p>';
      } else {
        echo 
    '<p>Error updating note. Details: ' .
            
    mysql_error() . '</p>';
      }
    ?>
    <?php
    else: 
      
    $presidentnotes = @mysql_query(
          
    "SELECT note, name FROM presidentnotes ");
      if (!
    $presidentnotes) {
        exit(
    '<p>Error fetching note details: ' .
            
    mysql_error() . '</p>');
      }
      
    $presidentnotes mysql_fetch_array($presidentnotes);
      
    $note $presidentnotes['note'];
      
    $name $presidentnotes['name'];

      
    $note mysql_real_escape_string($note);
      
    $name mysql_real_escape_string($name);
    ?>

    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <h1>President's Note on hompage - Edit5</h1>

    <label>Note:<br /> 
      <textarea name="note" cols="100" rows="12"><?php echo $note?></textarea>
    </label><br />
    <label>Name:<br /> <input name="name" type="text" value="<?php echo $name?>" size="40" /></label><br />
    <input type="hidden" name="id" value="<?php echo $id?>" />
    <input type="submit" value="SUBMIT" /></p>
    </form>

    <p>
      <?php endif; ?>

    <p>&nbsp;</p>
    </body>
    </html>

  2. #2
    Join Date
    Aug 2014
    Posts
    12
    Wow. There is 100% SQL-injection. Please do not use old-mysql functions. You can use PDO or MySQLi (I like PDO).

    Using PDO you can bind parameters to your query and pdo automatically will remove all insecure symbols.

  3. #3
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,519
    I would say that your database connection will likely be the issue... also...

    mysql_query($sql) is missing a parameter, your $link to your database that you get from your connection.

    suggest that you post your database connection file but edid out the username and password details!

    You did take a backup to upload to the new server?

    As stated, mysqli_ over mysql_ functions

    you also may have to look at your php.ini settings to ensure that php is operational and your able to execute PHP scripts.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,637
    Quote Originally Posted by \\.\ View Post
    ...
    mysql_query($sql) is missing a parameter, your $link to your database that you get from your connection.
    ...
    It's optional in the old mysql_*() functions -- it will pick the last(?)/only connection if there is one.


    Anyway, while I would hope you would migrate away from the old and deprecated mysql extension as the others have recommended, if you stay with this code, you should be using mysql_real_escape_string() to sanitize values before using them in mysql_query(), not afterwards for data retrieved from the DB.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  5. #5
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    898
    Your update query updates every record in the table?

  6. #6
    Join Date
    May 2014
    Posts
    77
    Ignoring all the bad code...

    Perhaps in the cpanel (assumption) you added a user, added the database, but didn't give the user permission to access/modify the database?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles