Jump to content
xisto Community
Sign in to follow this  
kvarnerexpress

Query Not Running When Submitting A Form

Recommended Posts

Im having trouble getting my PHP to work. Basically i have a form with a button linking to a php file. When i click submit it calls this file and is suppost to add the data to a database. Im using a my sql databse and it connects fine. Unfortunately when i click submit all i get is the "Inspection did not add". From this i know i have made a connection with the database and im absolutely 100% sure that all field names are correct on the forms and database.

Any ideas? Heres the script....


PHP Code:


<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Untitled Document</title> </head> <body> </body> <?php $host="localhost"; $username="***"; $password="***"; $db_name="***"; $tbl_name="InspectionRequest"; // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect");  mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row mysql_query("INSERT INTO `InspectionRequest` (JobRef, ContactNam, ContactTel, Location, InspcType, Date, TimePref) VALUES ($JobRef, $ContactNam, $ContactTel, $Location, $InspcType, $Date, $TimePref )"); if($count==1){ session_register("AddInspection"); header("location:/Index.html"); } else { echo "Inspection did not add."; } ?> </html>  

Share this post


Link to post
Share on other sites

I think it is the MySQL query you run:

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

It literally searches for rows containing $myusername and $mypassword. You should replace it with something like this:
$sql="SELECT * FROM $tbl_name WHERE username='".$myusername."' and password='".$mypassword."'";

Also, nowhere above that point do you actually define those variables, which may also be the problem :huh: The same also applies to the second MySQL query near the bottom. See if that helps.

Share this post


Link to post
Share on other sites

It doesn't have to be defined. But it is a security risk.

 

I am assuming you use the 'post' method on your form. If I am wrong ignore this post.

 

If did this, http://blah.com/blah.php?JobRef=blah&ContactNam=blah... and finished out the rest of the values (in your insert query) I could add what ever I want in it. I don't know if you purposely left them off or what, but, always use $_POST[variable]. If you want you can do this

 

$blah = $_POST["blah"]

Same applies for cookies.

 

I do have to know what the variable names are, but it can be done.

Edited by Yarrgh (see edit history)

Share this post


Link to post
Share on other sites

Summarizing your code,1. check for username & password (get count)2. insert into InspectionRequest3. if count is not 1, print "Did not add" else redirect to index.By the above, it is evident that you are printing wrong message. Check your InspectionRequest table in phpmyadmin and you should see your rows inserted. You need to rewrite your logic to this.1. check for username & password (get count)2. if count is not 1, print "Login failed", exit3. insert into InspectionRequest4. if insertion successful, redirect to index else print "Add to InspectionRequest failed"

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.