Query Not Running When Submitting A Form

Im having trouble getting my PHP to work. Basically i have a form with a button linking to a php file. When i click submit it calls this file and is suppost to add the data to a database. Im using a my sql databse and it connects fine. Unfortunately when i click submit all i get is the "Inspection did not add". From this i know i have made a connection with the database and im absolutely 100% sure that all field names are correct on the forms and database.

Any ideas? Heres the script....


PHP Code:

<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Untitled Document</title> </head> <body> </body> <?php $host="localhost"; $username="***"; $password="***"; $db_name="***"; $tbl_name="InspectionRequest"; // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect");  mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row mysql_query("INSERT INTO `InspectionRequest` (JobRef, ContactNam, ContactTel, Location, InspcType, Date, TimePref) VALUES ($JobRef, $ContactNam, $ContactTel, $Location, $InspcType, $Date, $TimePref )"); if($count==1){ session_register("AddInspection"); header("location:/Index.html"); } else { echo "Inspection did not add."; } ?> </html>  

I think it is the MySQL query you run:

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

It literally searches for rows containing $myusername and $mypassword. You should replace it with something like this:

$sql="SELECT * FROM $tbl_name WHERE username='".$myusername."' and password='".$mypassword."'";

Also, nowhere above that point do you actually define those variables, which may also be the problem The same also applies to the second MySQL query near the bottom. See if that helps.

It doesn't have to be defined. But it is a security risk.

 

I am assuming you use the 'post' method on your form. If I am wrong ignore this post.

 

If did this, http://blah.com/blah.php?JobRef=blah&ContactNam=blah... and finished out the rest of the values (in your insert query) I could add what ever I want in it. I don't know if you purposely left them off or what, but, always use $_POST[variable]. If you want you can do this

 

$blah = $_POST["blah"]

Same applies for cookies.

 

I do have to know what the variable names are, but it can be done.

Edited February 14, 2006 by Yarrgh (see edit history)

Summarizing your code,1. check for username & password (get count)2. insert into InspectionRequest3. if count is not 1, print "Did not add" else redirect to index.By the above, it is evident that you are printing wrong message. Check your InspectionRequest table in phpmyadmin and you should see your rows inserted. You need to rewrite your logic to this.1. check for username & password (get count)2. if count is not 1, print "Login failed", exit3. insert into InspectionRequest4. if insertion successful, redirect to index else print "Add to InspectionRequest failed"