tags:

views:

36

answers:

1
Q: 

php source related question

Hello All

i have some php source it can send form data info to other page under mysql 4.x version.

but after upgraded to mysql 5.x version, this php source can't send form data info to other page.

i was searched many info, but don't have idea what's wrong with my php source.

i just can guess this is related with mysql upgrade and i have to edit my php source,

but lack of knowledge it very tough for me.

if anyone help me or give some hint it really appreciate!

my php source is consist of 3 part.

form sender page ( http://pastebin.com/3Sg7SyWV )

-> submited form data info checking page ( http://pastebin.com/WEx5tEn2 )

-> insert form data to DB ( http://pastebin.com/918iZkgw )

for several day i was search and search but lack of my knowledge about php and mysql

it very hard to resolve.

Thanks in advance

A: 

You're not checking if your insert query succeeds. I can't tell which MySQL library you're using, but generally they all return FALSE if a query fails, so you could change your query line to something like:

$DB->ExecSql($InsertQuery) or die($DB->whatever_returns_error_information());

If something's wrong with the query, then this would abort the script and output any error information produced.

As well, it doesn't look like you're escaping your query data anywhere. That leaves you wide open to SQL injection. And as well, any of the form data which contains even a single quote (') will "break" the query by introducing syntax errors. If you had proper error checking in there, you'd have gotten a syntax error report.

For that matter, where are you extracting the submitted data and building all those variables you paste into the query? There's only one place in your three scripts where $_POST is referred to, and it seems to be in an error output function which simply dumps out each key/value as hidden form fields (and in there you're also not escaping/quoting the data, so your form itself is vulnerable to XSS attacks).

Marc B  2010-09-13 13:23:19
hello im very sorry , it not send form data info ..i have no idea what problem
paul  2010-09-13 23:59:28
Use something like firebug and/or httpfox to see what's going back and forth between the browser and server. If your form's not working properly, then you'd see the effect on the transmitted data. Beyond that, start debugging your scripts. Output status information at each step, dump variable contents with print_r/var_dump, and track down where the problem is. Without any kind of error messages, we can't really help you.
Marc B  2010-09-14 13:38:08

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL