PHP / MySql Insert on GoDaddy

Question

I'm using heredocs for a php/mysql insert statement on godaddy. When the function is called the page refreshes correctly, however, the data is not being inserted into the database and no errors are appearing. I've tested locally using MAMP and when the file is uploaded to the server it does not work. Has anyone had this issue before on godaddy? Below is my insert statement and form.

=================================

if ( $ax == "new" ) {

 $sql=<<<SQL

   INSERT INTO college (member_id, name, date_entered, date_completed, degree, professor, method, friends, memory_1)
   VALUES    (
      '{$_SESSION['SESS_MEMBER_ID']}',  
      '{$_GET['name']}', 
      '{$_GET['date_entered']}', 
      '{$_GET['date_completed']}',
      '{$_GET['degree']}',
      '{$_GET['professor']}',
      '{$_GET['method']}',
      '{$_GET['friends']}',
      '{$_GET['memory_1']}'
      )

SQL;

 echo $sql; exit;

 if(mysql_query( $sql ) or die ( "Insert failed." . mysql_error()) );

 header( "Location: education.php");
}

=====================

<form action="<?= $_SERVER["PHP_SELF"];?>" method="post">
  <input type="hidden" name="ax" value="new">
 Institution<br><input type="text" name="name" /><br>
 Date Entered<br><input id="entered" type='text' name="date_entered" /><br>


 Date Completed<br><input id="completed" type='text' name="date_completed" /><br>
 Degree(s) Earned<br><input type="text" name="degree" /><br>
 Favorite Professor <br><input type="text" name="professor" /><br>
 Method of Study<br><select name="method" WIDTH="155" STYLE="width: 155px">
 <option value="Classroom">Classroom</option>
 <option value="Online">Online</option>
 </select><br>
 Friends<br><input type="text" name="friends" /><br>
 <br><br>
 Favorite Memory
 <br>
 <textarea cols="50" rows="4" name="memory_1"></textarea>
 <br>
 <input type="submit" name="submit" value="submit" class="ui-button ui-state-default ui-corner-all"/>
 </form>

===================

Thanks for any help!

Answer 1

Your form is sent as POST :

<form action="<?= $_SERVER["PHP_SELF"];?>" method="post">

Which means you'll receive data, on the PHP side, in the $_POST super-global variable.

But your code is using $_GET. (Which should be populated only if you where usgin action="get" in your form)

So, in your PHP script, you should probably use $_POST instead of $_GET.

Also, as a sidenote : your script screams SQL Injection : you must escape data before injecting them in an SQL query ! About that, you can take a look at mysql_real_escape_string.

Answer 2

I also performed a test by using echo to see the resulting SQL on localhost. I then remotely connected to the database directly using the same login credentials as my script.

The echoed SQL worked perfectly when ran.

This made sure no permission issues were causing the problem.

Answer 3

This turned out to be a register globals issue from the php.ini file. For it to work w/ register globals off the ax flag looking like

if ( $ax == "new" )

It should be

if ( $post['ax'] = "new")