开发者

PHP form will not post

问答 作者:

I have just implemented mysql_real_escape_string() and now my script won't write to the DB. Everything worked fine before adding 开发者_JAVA技巧mysql_real_escape_string():

Any ideas??

$name = mysql_real_escape_string($_POST['name']);
$description = mysql_real_escape_string($_POST['description']);
$custid = mysql_real_escape_string($_SESSION['customerid']);

mysql_send("INSERT INTO list 
              SET id = '',  
                  name = '$name', 
                  description = '$description', 
                  custid = '$custid' ");

what is that mysql_send function?
what if to change it to mysql_query();

It should be easy to figure out what's going on.

Fist, instead of sending the query you're constructing to the database, echo it out (or log it), and see what you're actually sending to the database.

If that doesn't make it obvious, see what mysql_error() has to say.

mysql_real_escape_string should have a database connection passed as the second argument since it asks the database what characters need to be escaped.

$connection = mysql_connect(HOST, USERNAME, PASSWORD);
$cleanstring = mysql_real_escape_string("my string", $connection);

A typical failure on understanding how to use certain functions... You're just using mysql_real_escape_string on raw input data. Have you ever heard of santizing / validating input? mysql_real_escape_string does not make sense on numbers. If you've validated a variable to be a number, you don't need to escape it.

mysql_send is an alias for mysql_query right? Use debug code, add echo mysql_error(); after mysql_send(...).

       mysql_connect("localhost", "username", "password") or die(mysql_error());
       mysql_select_db("database") or die(mysql_error());
       $name = mysql_real_escape_string($_POST['name']);
       $description = mysql_real_escape_string($_POST['description']);   
       $custid = mysql_real_escape_string($_SESSION['customerid']);

       //If you doing Update use this code
       mysql_query("UPDATE list SET id = '', name = '$name', description = '$description' WHERE custid = '$custid' ") or die(mysql_error());
       //OR if you doing Insert use this  code.
       mysql_query("INSERT INTO list(name, description, custid) VALUES('$name', '$description', '$custid')") or die(mysql_error());
       //If custid is Integer type user $custid instead of '$custid'.

If you are updating the records in the list table based on the custid use the UPDATE command OR if you are insertinf the records into list table use INSERT command.

继续阅读:formsphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9