CODEWITHSUNDEEP
phpmysqlformspost
user342391
user342391

Reputation: 7827

PHP form will not post

I have just implemented mysql_real_escape_string() and now my script won't write to the DB. Everything worked fine before adding mysql_real_escape_string():

Any ideas??

$name = mysql_real_escape_string($_POST['name']);
$description = mysql_real_escape_string($_POST['description']);
$custid = mysql_real_escape_string($_SESSION['customerid']);

mysql_send("INSERT INTO list 
              SET id = '',  
                  name = '$name', 
                  description = '$description', 
                  custid = '$custid' ");

Upvotes: 0

Views: 152

Answers (5)

KMK
KMK

Reputation: 21

       mysql_connect("localhost", "username", "password") or die(mysql_error());
       mysql_select_db("database") or die(mysql_error());
       $name = mysql_real_escape_string($_POST['name']);
       $description = mysql_real_escape_string($_POST['description']);   
       $custid = mysql_real_escape_string($_SESSION['customerid']);

       //If you doing Update use this code
       mysql_query("UPDATE list SET id = '', name = '$name', description = '$description' WHERE custid = '$custid' ") or die(mysql_error());
       //OR if you doing Insert use this  code.
       mysql_query("INSERT INTO list(name, description, custid) VALUES('$name', '$description', '$custid')") or die(mysql_error());
       //If custid is Integer type user $custid instead of '$custid'.

If you are updating the records in the list table based on the custid use the UPDATE command OR if you are insertinf the records into list table use INSERT command.

Upvotes: 0

Your Common Sense
Your Common Sense

Reputation: 157861

what is that mysql_send function?
what if to change it to mysql_query();

Upvotes: 2

timdev
timdev

Reputation: 62894

It should be easy to figure out what's going on.

Fist, instead of sending the query you're constructing to the database, echo it out (or log it), and see what you're actually sending to the database.

If that doesn't make it obvious, see what mysql_error() has to say.

Upvotes: 1

Lekensteyn
Lekensteyn

Reputation: 66415

A typical failure on understanding how to use certain functions... You're just using mysql_real_escape_string on raw input data. Have you ever heard of santizing / validating input? mysql_real_escape_string does not make sense on numbers. If you've validated a variable to be a number, you don't need to escape it.

mysql_send is an alias for mysql_query right? Use debug code, add echo mysql_error(); after mysql_send(...).

Upvotes: 0

KeatsKelleher
KeatsKelleher

Reputation: 10191

mysql_real_escape_string should have a database connection passed as the second argument since it asks the database what characters need to be escaped.

$connection = mysql_connect(HOST, USERNAME, PASSWORD);
$cleanstring = mysql_real_escape_string("my string", $connection);

Upvotes: 0

Related Questions