Professional Web Applications Themes

What am I doing wrong? - PHP Development

Hi, I've just started learning php and I'm having a problem. I'm following a tutorial for creating a guestbook with a mysql backend - everything is set up correctly. Here's the relevant code for the page where the user types in their name and location (sign.php) <h2>Sign my guestbook</h2> <form action="create_entry.php"> <b>Name:</b> <input type="text" size=40 name=name> <br> <b>Location:</b> <input type="text" size=40 name=location> What I want is the values stored in name and location to be entered into the database. In create_entry.php I have this code: $query = "INSERT INTO guestbook VALUES ('$name', '$location')" ; Now for some reason the variables ...

  1. #1

    Default What am I doing wrong?

    Hi,

    I've just started learning php and I'm having a problem.
    I'm following a tutorial for creating a guestbook with a mysql backend -
    everything is set up correctly.

    Here's the relevant code for the page where the user types in their name and
    location (sign.php)

    <h2>Sign my guestbook</h2>
    <form action="create_entry.php">
    <b>Name:</b>
    <input type="text" size=40 name=name>
    <br>
    <b>Location:</b>
    <input type="text" size=40 name=location>

    What I want is the values stored in name and location to be entered into the
    database.

    In create_entry.php I have this code:
    $query = "INSERT INTO guestbook VALUES ('$name', '$location')" ;

    Now for some reason the variables name and location are not entered in the
    database, instead blank fields are entered. When I replace the variable
    names with absolute values the database is updated correctly to show those
    values so I know the query works. But somehow the name and location are not
    being sent from sign.php to create_entry.php even though they are there and
    present in the header info
    e.g

    http://localhost/create_entry.php?name=John&location=London&submit= Sign

    Anyone know what I'm doing wrong, any help much appreciated.

    Thanks
    --
    Ant


    Ant Guest

  2. #2

    Default Re: What am I doing wrong?

    Hi,
    Try adding this code before the $query statement

    if you are using 'POST' in the <form ... method="POST">
    $name = $HTTP_POST_VARS["name"] ;
    $location = $HTTP_POST_VARS["location"] ;


    if you are using 'GET' in the <form ... method="GET">
    $name = $HTTP_GET_VARS["name"] ;
    $location = $HTTP_GET_VARS["location"] ;

    For security reasons, your Server Admin may turn off
    the --enable-register-global flag in php.ini. I face this problem too and I
    use the above method to work around.

    Danny Wong


    "Ant" <com> glsD:d91c91$m3$csv.warwick.ac.uk... 


    Danny Guest

  3. #3

    Default Re: What am I doing wrong?

    Ant wrote: 

    Read: http://www.php.net/register_globals


    JW



    Janwillem Guest

  4. #4

    Default Re: What am I doing wrong?

    "Ant" <com> kirjoitti
    viestiss:d91c91$m3$csv.warwick.ac.uk... 


    What ever source you got that example, it is outdated. Submitted form fields
    are no longer available as variables directly, but you need to retrieve them
    from arrays $_GET, $_POST or $_REQUEST. To get form field "name", you fetch
    it from one of the named arrays: $my_name = $_GET['name']; and $my_location
    = $_GET['location'];
    Now this works:
    $query = "INSERT INTO guestbook VALUES ('$my_name', '$my_location')" ;

    You can also use this sort of syntax:
    $query = "INSERT INTO guestbook VALUES ('{$_GET['name']}',
    '{$_GET['location']}')" ;

    Which ever is less confusing.

    If you're intrested about why things were changed such dramatically, you can
    read about it at: http://www.php.net/manual/en/security.globals.php , but in
    short words: it's for your own safety. When you are using variables from a
    restricted array, you absolutely know they are user inputs, and none of your
    other variables aren't. It's a good thing to keep your own variables and
    user data separated.

    --
    "I am pro death penalty. That way people learn
    their lesson for the next time." -- Britney Spears

    com


    Kimmo Guest

  5. #5

    Default Re: What am I doing wrong?

    Thanks!!, that's very helpful. Cheers for taking the time to explain it to
    me.


    Ant Guest

  6. #6

    Default Re: What am I doing wrong?

    thanks

    "Janwillem Borleffs" <com> wrote in message
    news:42b43b50$0$13878$euronet.nl... 
    >
    > Read: http://www.php.net/register_globals
    >
    >
    > JW
    >
    >
    >[/ref]


    Ant Guest

  7. #7

    Default Re: What am I doing wrong?


    Hi.

    One more thing. It's not relevant to your error and/or solution,
    but check if you have "magic quotes" turned on or (if not) use
    escaping functions cause this statement:

    $query = "INSERT INTO guestbook VALUES ('$name', '$location')" ;

    may be prone to SQL injection attacks.

    Try entering:

    a', 'b' ); --

    as a name and check what gets to the "guestbook" table. If it
    is "a" as name and "b" as location, then you'll have to use
    escaping functions.


    Hilarion

    PS.: My English is quite rusty so please excuse me if I ed
    up the text above.
    Hilarion Guest

Similar Threads

  1. What am I doing wrong
    By J in forum ASP.NET General
    Replies: 3
    Last Post: August 14th, 03:55 PM
  2. What did I do wrong
    By Gavin Cato in forum Photography
    Replies: 15
    Last Post: August 13th, 07:57 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139