www.webdeveloper.com
Results 1 to 6 of 6

Thread: New web host, php form not working

  1. #1
    Join Date
    Aug 2014
    Posts
    1

    New web host, php form not working

    I changed web hosting companies and now a php form that was working is no longer working. I haven't been able to figure out what the problem is. The form is a simple text input form that adds the text to a database. Every time the user inserts text with a comma, an error occurs. Below is the code for the form. Any help is much appreciated.

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title></title>
    <link href="style.css" rel="stylesheet" type="text/css" />
    </head>

    <body>
    <?php require_once('inc/header.html'); ?>
    <?php 
    require_once('../Connections/websitedatabase.php'); ?>

    <?php
    if (isset($_POST['note'])):

      
    $note $_POST['note'];
      
    $name $_POST['name'];
      
    $id $_POST['id'];
      
    $sql "UPDATE presidentnotes SET
              note='
    $note',
              name='
    $name'
              "
    ;
      if (@
    mysql_query($sql)) {
        echo 
    '<p>The note has been updated.</p>';
      } else {
        echo 
    '<p>Error updating note. Details: ' .
            
    mysql_error() . '</p>';
      }
    ?>
    <?php
    else: 
      
    $presidentnotes = @mysql_query(
          
    "SELECT note, name FROM presidentnotes ");
      if (!
    $presidentnotes) {
        exit(
    '<p>Error fetching note details: ' .
            
    mysql_error() . '</p>');
      }
      
    $presidentnotes mysql_fetch_array($presidentnotes);
      
    $note $presidentnotes['note'];
      
    $name $presidentnotes['name'];

      
    $note mysql_real_escape_string($note);
      
    $name mysql_real_escape_string($name);
    ?>

    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <h1>President's Note on hompage - Edit5</h1>

    <label>Note:<br /> 
      <textarea name="note" cols="100" rows="12"><?php echo $note?></textarea>
    </label><br />
    <label>Name:<br /> <input name="name" type="text" value="<?php echo $name?>" size="40" /></label><br />
    <input type="hidden" name="id" value="<?php echo $id?>" />
    <input type="submit" value="SUBMIT" /></p>
    </form>

    <p>
      <?php endif; ?>

    <p>&nbsp;</p>
    </body>
    </html>

  2. #2
    Join Date
    Aug 2014
    Posts
    12
    Wow. There is 100% SQL-injection. Please do not use old-mysql functions. You can use PDO or MySQLi (I like PDO).

    Using PDO you can bind parameters to your query and pdo automatically will remove all insecure symbols.

  3. #3
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    5,854
    I would say that your database connection will likely be the issue... also...

    mysql_query($sql) is missing a parameter, your $link to your database that you get from your connection.

    suggest that you post your database connection file but edid out the username and password details!

    You did take a backup to upload to the new server?

    As stated, mysqli_ over mysql_ functions

    you also may have to look at your php.ini settings to ensure that php is operational and your able to execute PHP scripts.
    --> JavaScript Frameworks like JQuery, Angular, Node <--
    ... and please remember to wrap code with forum BBCode tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    22,326
    Quote Originally Posted by \\.\ View Post
    ...
    mysql_query($sql) is missing a parameter, your $link to your database that you get from your connection.
    ...
    It's optional in the old mysql_*() functions -- it will pick the last(?)/only connection if there is one.


    Anyway, while I would hope you would migrate away from the old and deprecated mysql extension as the others have recommended, if you stay with this code, you should be using mysql_real_escape_string() to sanitize values before using them in mysql_query(), not afterwards for data retrieved from the DB.
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  5. #5
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    1,900
    Your update query updates every record in the table?
    JG
    PS - If you're posting here you should be using:

    error_reporting(E_ALL);
    ini_set('display_errors', '1');


    at the top of ALL php code while you develop it!

  6. #6
    Join Date
    May 2014
    Posts
    77
    Ignoring all the bad code...

    Perhaps in the cpanel (assumption) you added a user, added the database, but didn't give the user permission to access/modify the database?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center

"

"

X vBulletin 4.2.2 Debug Information

  • Page Generation 0.16015 seconds
  • Memory Usage 2,905KB
  • Queries Executed 13 (?)
More Information
Template Usage (34):
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (1)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (6)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (6)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (70):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates