Results 1 to 6 of 6

Thread: New web host, php form not working

  1. #1
    Join Date
    Aug 2014

    New web host, php form not working

    I changed web hosting companies and now a php form that was working is no longer working. I haven't been able to figure out what the problem is. The form is a simple text input form that adds the text to a database. Every time the user inserts text with a comma, an error occurs. Below is the code for the form. Any help is much appreciated.

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link href="style.css" rel="stylesheet" type="text/css" />

    <?php require_once('inc/header.html'); ?>
    require_once('../Connections/websitedatabase.php'); ?>

    if (isset($_POST['note'])):

    $note $_POST['note'];
    $name $_POST['name'];
    $id $_POST['id'];
    $sql "UPDATE presidentnotes SET
      if (@
    mysql_query($sql)) {
    '<p>The note has been updated.</p>';
      } else {
    '<p>Error updating note. Details: ' .
    mysql_error() . '</p>';
    $presidentnotes = @mysql_query(
    "SELECT note, name FROM presidentnotes ");
      if (!
    $presidentnotes) {
    '<p>Error fetching note details: ' .
    mysql_error() . '</p>');
    $presidentnotes mysql_fetch_array($presidentnotes);
    $note $presidentnotes['note'];
    $name $presidentnotes['name'];

    $note mysql_real_escape_string($note);
    $name mysql_real_escape_string($name);

    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <h1>President's Note on hompage - Edit5</h1>

    <label>Note:<br /> 
      <textarea name="note" cols="100" rows="12"><?php echo $note?></textarea>
    </label><br />
    <label>Name:<br /> <input name="name" type="text" value="<?php echo $name?>" size="40" /></label><br />
    <input type="hidden" name="id" value="<?php echo $id?>" />
    <input type="submit" value="SUBMIT" /></p>

      <?php endif; ?>


  2. #2
    Join Date
    Aug 2014
    Wow. There is 100% SQL-injection. Please do not use old-mysql functions. You can use PDO or MySQLi (I like PDO).

    Using PDO you can bind parameters to your query and pdo automatically will remove all insecure symbols.

  3. #3
    Join Date
    Mar 2007
    I would say that your database connection will likely be the issue... also...

    mysql_query($sql) is missing a parameter, your $link to your database that you get from your connection.

    suggest that you post your database connection file but edid out the username and password details!

    You did take a backup to upload to the new server?

    As stated, mysqli_ over mysql_ functions

    you also may have to look at your php.ini settings to ensure that php is operational and your able to execute PHP scripts.
    STOP using $ prefix on JavaScript variable names...
    Please remember to wrap any code you have in forum tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

  4. #4
    Join Date
    Aug 2004
    Quote Originally Posted by \\.\ View Post
    mysql_query($sql) is missing a parameter, your $link to your database that you get from your connection.
    It's optional in the old mysql_*() functions -- it will pick the last(?)/only connection if there is one.

    Anyway, while I would hope you would migrate away from the old and deprecated mysql extension as the others have recommended, if you stay with this code, you should be using mysql_real_escape_string() to sanitize values before using them in mysql_query(), not afterwards for data retrieved from the DB.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

  5. #5
    Join Date
    Jul 2013
    Voorheesville NY USA
    Your update query updates every record in the table?
    PS - If you're posting here you should be using:

    error_reporting(E_ALL | E_NOTICE);
    ini_set('display_errors', '1');

    at the top of ALL php code while you develop it!

  6. #6
    Join Date
    May 2014
    Ignoring all the bad code...

    Perhaps in the cpanel (assumption) you added a user, added the database, but didn't give the user permission to access/modify the database?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center

Recent Articles