开发者

post to database

问答 作者:

So i have so code that takes a message/post users insert and its meant to post it to a database and this then displays and a seperate page. Ive got the displaying park working fine its just trying to insert to database which is the problem

This code...

<?php  
mysql_connect("localhost", "root", "");  
mysql_select_db("test");     
$time = time();  
mysql_query "INSERT INTO threads (title, message, author, dated);" 
VALUES (NULL,'$_POST[title]','$_POST[message]','$_POST[author]','0','$time');      
echo "Thread Posted.<br><a href='Untitled9.php'>Return</a>";  
?>

wont post the infomation into the database!

Why is this and how can it be resolved?

  id      int(11)                          No None AUTO_INCREMENT               
  title   varchar(255)  latin1_swedish_ci  No None                
  message text     开发者_StackOverflow      latin1_swedish_ci  No None                
  author  varchar(255)   latin1_swedish_ci  No None                
  replies int(11)                           No None                
  posted  varchar(255)   latin1_swedish_ci  No None                
  votes_up int(11)                          No 0                
  votes_down int(11)                        No 0

Update:

Should be posted not dated.

Heres your problem:

mysql_query "INSERT INTO threads (title, message, author, posted);" 
VALUES (NULL,'$_POST[title]','$_POST[message]','$_POST[author]','0','$time');

Change it to: 

mysql_query("INSERT INTO threads (title, message, author, posted) VALUES ('$_POST[title]','$_POST[message]','$_POST[author]','$time');");

I see you have null values also, this makes me believe your using an ID with an auto increment, if this is the case, you need to supply this also. Example:

Edit: Here

mysql_query("INSERT INTO threads (id,title, message, author, posted) VALUES (NULL,'$_POST[title]','$_POST[message]','$_POST[author]','$time');");

Note inserting values straight from post data is unsafe and leaves you open to various attacks.

The values you are trying to add to the new row are more that the assigned values . 

mysql_query "INSERT INTO threads (title, message, author, dated);"

that are 4 values you want to set 

VALUES (NULL,'$_POST[title]','$_POST[message]','$_POST[author]','0','$time');

and you are assigning 6 values.

which is not possible

Also validate $_POST data = read this Never trust user input.

And read the manual PHP & MYSQL

The semicolon was ending your sql statment. Your query wasn't finished. You still needed to specify the values you wanted to insert.

mysql_query "INSERT INTO threads (title, message, author, dated);" 
VALUES ('$_POST[title]','$_POST[message]','$_POST[author]','$time');

You ended the String to early. Should be:

mysql_query("INSERT INTO threads (title, message, author, dated)
  VALUES ('$_POST[title]','$_POST[message]','$_POST[author]','$time')");

Also, your code is very likely to become a target of SQL-Injections. You should use the MySQLi-class and a PreparedStatement to insert your posts.

Number of issues :

  1. if you put $_POST[] inside a string you need to put it in braces {$_POST[]} or PHP will not decipher the variable
  2. next the names of the variables in the $_POST[] need to be quoted so that PHP does not think they are CONSTANTS, so they need to be like $_POST['title'] or $_POST["title"]
  3. As others have said you need to protect against SQL injection by filtering the posted vars. Safest way to do this is to use PDO and I have included an example below. You can improve on this.
  4. turn on error reporting so you can see errors while debugging

Here's tested code:

ini_set('error_reporting', E_ALL | E_STRICT);
ini_set('display_errors', 'On');
$user='root';
$pass='';
$dsn = 'mysql:dbname=test;host=localhost'; //for PDO later

mysql_connect("localhost",$user , $pass);  
mysql_select_db("test");     
$time = time();  
if (isset($_POST) && !empty($_POST))
{
// using braces {}
$sql=<<<SQL
INSERT INTO threads (title, message, author, posted) 
VALUES ('{$_POST['title']}','{$_POST['message']}','{$_POST['author']}','$time')

SQL;

echo "$_POST[title]"."Thread Posted.<br><a href='Untitled9.php'>Return</a>";

// now a PDO version of the same
try {
    $pdo = new PDO($dsn, $user, $pass);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();die;
}

$sth = $pdo->prepare("INSERT ino threads (title, message, author, posted)
                  VALUES (:title,:message,:author,:posted)");
$sth->execute(array(':title' => $_POST['title'],':message' => $_POST['message'], ':author' => $_POST['author'] ,':posted' => $time));
echo "Affected rows=".$sth->rowCount().",we are on line=".__LINE__."<br />";
echo $_POST['title']." Thread Posted.<br><a href='Untitled9.php'>Return</a>";

} // close if $_POST

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9