LinuxQuestions.org - Blank entries in Mysql Database please help

- Programming (https://www.linuxquestions.org/questions/programming-9/)

- - Blank entries in Mysql Database please help (https://www.linuxquestions.org/questions/programming-9/blank-entries-in-mysql-database-please-help-915658/)

Blank entries in Mysql Database please help

Hey there I am in need of some serious help as fast as someone could pretty please. I have a db and I have a form and I am getting blank entires.

Here is the php form the db

Quote:

<?php

require("mysql_connect.php");
require("phpsqlgeo_xml.php");

$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

mysql_select_db($dbname);
if (! $conn)
die(mysql_error());

// set up pur error check and result check array
$error = array();
$results = array();

//First check if a form was submitted
//Since this is a search we will use $_GET
if (isset($_GET['search'])) {
$searchTerms = trim($_GET['search']);

if (strlen($searchTerms) <3) {
$error[] = "Please enter your full address.";
}else {
$searchTermDB = mysql_real_escape_string($searchTerms); //prevent mysql injection
}

//If there are no errors, lets get the search going.
if (count($error)<1) {
$searchSQL = "SELECT address, postalcode, message FROM markers WHERE";

//grab the search types.
$types= array();
$types[] = isset($_GET['address'])?"`address` LIKE '%{$searchTermDB}%'":'';
$types[] = isset($_GET['postalcode'])?"`postalcode` LIKE '%{$searchTermDB}%'":'';
$types[] = isset($_GET['message'])?"`message` LIKE '%{$searchTermDB}%'":'';

$types = array_filter($types, "removeEmpty"); //removes any item that was empty

if (count($types)<4)
$types[] = "`address` LIKE '%{$searchTermDB}%'";
$types[] = "`postalcode` LIKE '%{$searchTermDB}%'";

//use the address as the default search

$andOr = isset($_GET['matchall'])?'AND':'OR';
$searchSQL .= implode(" {$andOr} ", $types) . " ORDER BY `address`,`postalcode`";

// order by title.
$searchResult = mysql_query($searchSQL) or trigger_error("There was an error.<br/>" . mysql_error() . "<br />SQL Was: {$searchSQL}");
if (mysql_num_rows($searchResult) < 1) {
$error[] = "There has been no report at: {$searchTerms} for this location. Please go to the link below if you have an issue to report.";
}else {
$results = array(); // the result array
$i = 1;
while ($row = mysql_fetch_assoc($searchResult)) {
$results[] = "{$i}: {$row['address']}<br/><br />{$row['postalcode']}<br/><br />{$row['message']}<br/><br /><br /><br/>"; $i++;
}
}
}
}
function removeEmpty($var) {
return (!empty($var));
}
// close mysql connection
mysql_close();
?>

Here is the code to send the info to the db. I had an issue before with blank entires and found out in a forum about the special characters entities. So I implemented that and no more blank forms. But I had read on one of your answers to a post that there is a global function and I know I have users globally trying to write to the db. Could this be the error?

Quote:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<html><title>Track bed bugs cockroaches mice rats spiders snakes any pest you can think of</title>
<body>

<?php
/* Change db and connect values if using online */
$name=$_POST['name'];
$address=$_POST['address'];
$lat=$_POST['lat'];
$lng=$_POST['lng'];
$email=$_POST['email'];
$message=$_POST['message'];
$postalcode=$_POST['postalcode'];

?>
<?php
require("mysql_connect.php");

// escape username and password for use in SQL
$name = mysql_real_escape_string($name);
$message = mysql_real_escape_string($message);

$sql = "SELECT * FROM markers WHERE
name='" . $name . "' AND message='" . $message . "'";

$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

mysql_select_db($dbname);
if (! $conn)
die(mysql_error());
mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error());

mysql_query($sql);

$query = sprintf("SELECT * FROM markers WHERE name='%s' AND message='%s'",
mysql_real_escape_string($name),
mysql_real_escape_string($message));

$result=mysql_query("INSERT INTO markers (name, address, lat, lng, email, message, postalcode) VALUES (
'$name',
'$address',
'$lat',
'$lng',
'$email',
'$message',
'$postalcode')") or die("Insert Error: ".mysql_error());
mysql_close($conn);
?>
<h3 align="center">Thank you for your post </h3>

<br>
<div class="echoresult"><table align="center"><table width="600" cellpadding="5" cellspacing="0" border="3" table align="center">
<tr align="center" valign="top">
<td align="left" bgcolor="#CCCC00"><br/>
<div class="echoresult"><table align="center"><table width="300" cellpadding="5" cellspacing="0" border="3" table align="center">
<tr align="center" valign="top">
<td align="left" bgcolor="#FFFFFF"><br/>
<p><h3 align="center">Here is your message: </h3></p>
<p> <p> </p>
<?php
require("mysql_connect.php");

$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

mysql_select_db($dbname);
if (! $conn)
die(mysql_error());
mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error());

$result = mysql_query("SELECT message, address, postalcode FROM markers ORDER BY ID DESC LIMIT 1");

while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
printf("<b>Message:</b><br/><br/> %s <br/><br/><br/><b>Address:</b><br/> <br/>%s<br/><br/><b>Postal Code/Zip Code:</b><br/><b><br/>%s<br/>", $row[0], $row[1], $row[2],$row[3]);
}

mysql_free_result($result);
mysql_close($conn);
?>
</p>
<p> </p>
<p> </p>
</div>
<div id="echoresult">
<p> </p>

</body>
</html>

Thank you for looking at my problem. I appreciate your help so very much as I am desperite to get this site working where the form will not create blank entries and write to the db properly with no errors. This is such a time sensetive issue as I am live now:(

Is the method of the form sending the values set to "post" ?

Use of nested tables for layout purposes is very old-fashioned and rather a no go. Use appropiate html tags and css instead.

Getting blank entries please Help:(

Quote:

Originally Posted by j-ray (Post 4535131)

Is the method of the form sending the values set to "post" ?

Use of nested tables for layout purposes is very old-fashioned and rather a no go. Use appropiate html tags and css instead.

Yes this method is post. Here is the form code

Quote:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy for Linux (vers 6 November 2007), see www.w3.org" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Pest Detective Tracking Record</title>

<style type="text/css">
td {font-family: tahoma, arial, verdana; font-size: 10pt }
</style>
<script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>
<script type="text/javascript">
function MM_validateForm() { //v4.0
if (document.getElementById){
var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
} }
</script>
<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<table width="300" border="2" align="center" cellpadding="5" cellspacing="0">
<tr align="center" valign="top">
<td colspan="1" rowspan="1" align="left" nowrap bgcolor="#CCCC66">

<h3>Pest Detective Record</h3>
<form method="POST" action="addresspost_insert_record.php">
<p align="center">ATTEN: PLEASE READ BEFORE POSTING*</p>
<p align="center"><strong>If your form is submitted and you cannot see your post or get a specific error<br/>
please contact us: <a href="mailto:support@pesttrackers.com">support@pesttrackers.com</a></strong></p>
<p align="center"><strong><dfn>Please let us know as we are counting on you to help get Pest Trackers started</dfn></strong></p>
<p align="center"> </p>
<p align="center"><b>Name Your Pest:</b></p>
<p align="center"><span id="sprytextfield1">
<input name="name" type="text" id="name" onDblClick="MM_validateForm('name','','R','message','','R');return document.MM_returnValue" size="20" maxlength="40">
<span class="textfieldRequiredMsg">A pest is required.</span></span></p>
<p align="center"><br />
<b> Address:</b>(Ex. Street Number Street Name City Province/State)
<span id="sprytextfield4">
<input type="text" size="40
" maxlength="50" name="address" />
<span class="textfieldRequiredMsg">Address is required.</span></span> </p>
<div align="center">If you have seen a pest outside and not at a physical address please post the area: <br />
Park name City Province/State
</div>
<p align="center"><b>Postal Code / Zip Code:</b><span id="sprytextfield3">
<input type="text" size="15" maxlength="10" name="postalcode" />
<span class="textfieldRequiredMsg">A postal code/zip code is required.</span></span></p>
<p align="center"><b>Email:</b> <br/>(will not be shared with anyone, we need it if we have to confirm anything <br/>in your post with you) Be assured Pest Trackers will keep your email secure.<br/><br/>
<span id="sprytextfield2">
<input type="text" size="50" maxlength="50" name="email" />
<span class="textfieldRequiredMsg">A email is required.</span></span></p>
<p align="center"><b>Message:</b> (No offensive language, get more action with just the facts!)<br/>Please include the following in your post: What pest you are having<br/>
issues with and the date you discovered them.</p>
<p align="center"><br/>
<br/>
<textarea name="message" cols="60" rows="30" id="message" onDblClick="MM_validateForm('name','','R','message','','R');return document.MM_returnValue"></textarea>
</p>
<p align="center"> </p>
<p align="center">
<input type="submit" value="Send"/>
</p>
</form>
</td></tr></table>
<script type="text/javascript">
var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1");
var sprytextfield2 = new Spry.Widget.ValidationTextField("sprytextfield2");
var sprytextfield3 = new Spry.Widget.ValidationTextField("sprytextfield3");
var sprytextfield4 = new Spry.Widget.ValidationTextField("sprytextfield4");
</script>
</body>
</html>

Could sme users not be able to post because of the tables? Some users are able to post and some not. I really appreciate all the help I can get:) Thank you so much:)

I don't think table tags are breaking functionalty.

When posting code, please use [code] markups instead of [quote] ones, even better to use [php] here

Did you try to simplify it, like

PHP Code:




require("mysql_connect.php");

$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

mysql_select_db($dbname);

if (! $conn)
    die(mysql_error());

mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error());

$result = mysql_query("SELECT message, address, postalcode 
                         FROM markers ORDER BY ID DESC LIMIT 1");

while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
    printf("<b>Message:</b><br/><br/> %s <br/><br/><br/><b>Address:</b>" .
           "<br/> <br/>%s<br/><br/><b>Postal Code/Zip Code:</b><br/><b>" .
           "<br/>%s<br/>", $row[0], $row[1], $row[2],$row[3]);
}

mysql_free_result($result);
mysql_close($conn);

Basically, the debug approach would be to divide your code in functionnal block and see which block does not work

Something not working?

Quote:

Originally Posted by Mysqlphphelp (Post 4535422)

Yes this method is post. Here is the form code

Could sme users not be able to post because of the tables? Some users are able to post and some not. I really appreciate all the help I can get:) Thank you so much:)

http://www.pesttrackers.com/addresspost_insert_form.phpCan you give me any reasons why it would not be functioning for some and not for others?

Here the is code for inserting the info to the db

Quote:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="google-site-verification" content="mkjty4aSt_VRymPziZ2b-tLabl3EbTPxS8o7l99VH3I" />
<title>Cockroach Bed Bug Mice Rat Pest Registry</title>
</head>
<body>
<?php
/* Change db and connect values if using online */
$name=$_POST['name'];
$address=$_POST['address'];
$lat=$_POST['lat'];
$lng=$_POST['lng'];
$email=$_POST['email'];
$message=$_POST['message'];
$postalcode=$_POST['postalcode'];

?>
<?php
require("mysql_connect.php");

// escape username and password for use in SQL
$name = mysql_real_escape_string($name);
$message = mysql_real_escape_string($message);

$sql = "SELECT * FROM markers WHERE
name='" . $name . "' AND message='" . $message . "'";

$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

mysql_select_db($dbname);
if (! $conn)
die(mysql_error());
mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error());

mysql_query($sql);

$query = sprintf("SELECT * FROM markers WHERE name='%s' AND message='%s'",
mysql_real_escape_string($name),
mysql_real_escape_string($message));

$result=mysql_query("INSERT INTO markers (name, address, lat, lng, email, message, postalcode) VALUES (
'$name',
'$address',
'$lat',
'$lng',
'$email',
'$message',
'$postalcode')") or die("Insert Error: ".mysql_error());
mysql_close($conn);
?>

<br>
<DIV style="width:800px; border-style:double" align="center">
<p align="center">Thank you for your posting</p>

<p><h3 align="center">Here is your message: </h3></p>
<p> <p> </p>
<?php
require("mysql_connect.php");

$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

mysql_select_db($dbname);
if (! $conn)
die(mysql_error());
mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error());

$result = mysql_query("SELECT message, address, postalcode FROM markers ORDER BY ID DESC LIMIT 1");

while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
printf("<b>Message:</b><br/><br/> %s <br/><br/><br/><b>Address:</b><br/> <br/>%s<br/><br/><b>Postal Code/Zip Code:</b><br/><b><br/>%s<br/>", $row[0], $row[1], $row[2],$row[3]);
}

mysql_free_result($result);
mysql_close($conn);
?>
</p>
<p> </p>
<p> </p>
</div>

<p> </p>

</body>
</html>

Here is the form code. Could you please tell me if the syntax and the doctype are making this not work for some but work for others? Could you please give me some insight as to my errors. I appreciate your time and hope I can get some answers as to the errors I may have in the two files, maybe that is why some can use and some cannot? Please help I will do anything to know what is happening:(

Quote:

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="google-site-verification" content="mkjty4aSt_VRymPziZ2b-tLabl3EbTPxS8o7l99VH3I" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Pest Detective Tracking Record</title>

<style type="text/css">
td {
font-family: tahoma, arial, verdana;
font-size: 10pt;
border: thick groove #C93;
}
</style>
<script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>
<script type="text/javascript">
function MM_validateForm() { //v4.0
if (document.getElementById){
var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
} }
</script>
<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css"/>
</head>
<body>

<h3 align="center"> </h3>
<DIV style="width:800px; border-style:double" align="center">
<form method="post" action="addresspost_insert_record.php">
<p align="center"> </p>
<p align="center">Pest Detective Record</p>
<p align="center">ATTEN: PLEASE READ BEFORE POSTING*</p>
<p align="center"><strong>If your form is submitted and you cannot see your post or get a specific error<br/>
please contact us: <a href="mailto:support@pesttrackers.com">support@pesttrackers.com</a></strong></p>
<p align="center"><strong><dfn>Please let us know as we are counting on you to help get Pest Trackers started</dfn></strong></p>
<p align="center"> </p>
<p align="center"><b>Name Your Pest:</b></p>
<p align="center"><span id="sprytextfield1">
<input name="name" type="text" id="name" onDblClick="MM_validateForm('name','','R','message','','R');return document.MM_returnValue" size="20" maxlength="40">
<span class="textfieldRequiredMsg">A pest is required.</span></span></p>
<p align="center"><br />
<b> Address:</b> Ex. Street Number, Street Name, City Province/State <span id="sprytextfield4">
<input name="address" type="text" size="40
" maxlength="50" />
<span class="textfieldRequiredMsg">Address is required.</span></span> </p>
<div align="center">If you have seen a pest outside and not at a physical address please post the area: <br />
Park name City Province/State

</div>
<p align="center"><b>Postal Code / Zip Code:</b><span id="sprytextfield3">
<input type="text" size="15" maxlength="10" name="postalcode" />
<span class="textfieldRequiredMsg">A postal code/zip code is required.</span></span></p>
<p align="center"><b>Email:</b> <br/>(will not be shared with anyone, we need it if we have to confirm anything <br/>in your post with you) Be assured Pest Trackers will keep your email secure.<br/><br/>
<span id="sprytextfield2">
<input type="text" size="50" maxlength="50" name="email" />
<span class="textfieldRequiredMsg">A email is required.</span><span class="textfieldInvalidFormatMsg">Invalid Email Address.</span></span></p>
<p align="center"><b>Message:</b> (No offensive language, get more action with just the facts!)<br/>Please include the following in your post: What pest you are having<br/>
issues with and the date you discovered them.</p>
<p align="center"><br/>
<br/>
<textarea name="message" cols="60" rows="30" id="message" onDblClick="MM_validateForm('name','','R','message','','R');return document.MM_returnValue">Please use no offensive language, get more action with just the facts!
Please include the following in your post:

What pest you are having issues with and the date you discovered them.</textarea>

<p align="center"> </p>
<p>
<input type="submit" value="Send"/>
</p>
<p> If you do not see your post one or more fields or missing </p>
</form>

<div align="center">
<script type="text/javascript">
var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1");
var sprytextfield2 = new Spry.Widget.ValidationTextField("sprytextfield2", "email");
var sprytextfield3 = new Spry.Widget.ValidationTextField("sprytextfield3", "none", {validateOn:["change"]});
var sprytextfield4 = new Spry.Widget.ValidationTextField("sprytextfield4");
</script>
</div>
</div>
</body>
</html>

First of all you should really try and seperate css, js, php and html into seperate files. It makes it so much easier to seperate the design from the functionality. To remove html from php source code I often use the following:

PHP Code:




ob_start();
include("my_html.php");
return ob_get_clean();

Secondly I am not even going to attempt to MM_validateForm() in its current state. It could well be affecting the form in some way but its difficult to tell.

One Error I have noticed is this:

PHP Code:




$lat=$_POST['lat'];
$lng=$_POST['lng'];

But there is no fields for them in the form so where do you get these values from?

Thank you thank you thank you

Quote:

Originally Posted by pgpython (Post 4536399)

PHP Code:




ob_start(); 
include("my_html.php"); 
return ob_get_clean();

Secondly I am not even going to attempt to MM_validateForm() in its current state. It could well be affecting the form in some way but its difficult to tell.

One Error I have noticed is this:

PHP Code:




$lat=$_POST['lat']; 
$lng=$_POST['lng'];

But there is no fields for them in the form so where do you get these values from?

Thank so much I am working on it now and I will let you know how it goes you have given me some answers and I appreciate this so much!

You

Code:

"SELECT * FROM markers WHERE

twice and neither time do you use the result before doing an insert.

Also, note that code tags are different from quote tags, code ones will preserve the indentation for us here.

Blank Entries into db from from

Quote:

Originally Posted by Proud (Post 4536686)

You

Code:

"SELECT * FROM markers WHERE

twice and neither time do you use the result before doing an insert.

Also, note that code tags are different from quote tags, code ones will preserve the indentation for us here.

I canot say how much I appreciate your help and time. It is invaluable. Would you be able to elaborate as I am not too good with mysql. What do you mean about using the result before the insert? How can I make this valid and work. I am sorry for the many questions. I apologize for the quote tags.

Why don't you tell us the purpose of the "SELECT * FROM markers WHERE lines as you understand it? That is

Code:

$sql = "SELECT * FROM markers WHERE

name='" . $name . "' AND message='" . $message . "'";



...



mysql_query($sql);

No Result is handled.
and

Code:

$query = sprintf("SELECT * FROM markers WHERE name='%s' AND message='%s'",

mysql_real_escape_string($name),

mysql_real_escape_string($message));

This String isn't even used in a query unless I'm missing something.

Also, rather than apologise for the tags, edit your previous posts so we can finally see the indentation correctly.

Also, in the form script why connect 2 times to mysql

PHP Code:




$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

And I think you have to be connected to mysql server before using mysql_escape_string

php doc says:

Quote:

The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If no connection is found or established, an E_WARNING level error is generated.

http://php.net/manual/en/function.my...ape-string.php

Blank Form Entries

Quote:

Originally Posted by Cedrik (Post 4537158)

Also, in the form script why connect 2 times to mysql

PHP Code:




$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

And I think you have to be connected to mysql server before using mysql_escape_string

php doc says:

http://php.net/manual/en/function.my...ape-string.php

Hey there I cant tell you how much I appreiate this help. I have to use the escape string before the connection?

PHP Code:




<?php 
require("mysql_connect.php"); 
 
$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname); 
     
    mysql_select_db($dbname); 
if (! $conn) 
die(mysql_error()); 
mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error()); 
 
 // escape username and password for use in SQL 
 $name = mysql_real_escape_string($name); 
 $message = mysql_real_escape_string($message); 
  
$sql = "SELECT * FROM markers WHERE 
 name='" . $name . "' AND message='" . $message . "'"; 
  
 
  
 
 
 
 
  
mysql_query($sql); 
 
$query = sprintf("SELECT * FROM markers WHERE name='%s' AND message='%s'", 
            mysql_real_escape_string($name), 
            mysql_real_escape_string($message)); 
 
$result=mysql_query("INSERT INTO markers (name, address, email, message, postalcode) VALUES ( 
'$name', 
'$address',  
'$email', 
'$message', 
'$postalcode')") or die("Insert Error: ".mysql_error()); 
mysql_close($conn); 
?>

So this is not correct? Thankyou for your time

QUOTE=Cedrik;4537158]Also, in the form script why connect 2 times to mysql

PHP Code:




$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

And I think you have to be connected to mysql server before using mysql_escape_string

php doc says:

http://php.net/manual/en/function.my...ape-string.php[/QUOTE]

PHP Code:




<?php 
/* Change db and connect values if using online */ 
$name=$_POST['name']; 
$address=$_POST['address']; 
$email=$_POST['email']; 
$message=$_POST['message']; 
$postalcode=$_POST['postalcode']; 
 
?> 
<?php 
require("mysql_connect.php"); 
 
$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname); 
     
    mysql_select_db($dbname); 
if (! $conn) 
die(mysql_error()); 
mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error()); 
 
 // escape username and password for use in SQL 
 $name = mysql_real_escape_string($name); 
 $message = mysql_real_escape_string($message); 
  
$sql = "SELECT * FROM markers WHERE 
 name='" . $name . "' AND message='" . $message . "'"; 
  
 
  
 
 
 
 
  
mysql_query($sql); 
 
$query = sprintf("SELECT * FROM markers WHERE name='%s' AND message='%s'", 
            mysql_real_escape_string($name), 
            mysql_real_escape_string($message)); 
 
$result=mysql_query("INSERT INTO markers (name, address, email, message, postalcode) VALUES ( 
'$name', 
'$address',  
'$email', 
'$message', 
'$postalcode')") or die("Insert Error: ".mysql_error()); 
mysql_close($conn); 
?> 
 
 
 
<br> 
<DIV style="width:800px; border-style:double" align="center"> 
<p align="center">Thank you for your posting</p> 
  
<p><h3 align="center">Here is your message: </h3></p> 
<p> <p>&nbsp;</p> 
    <?php 
require("mysql_connect.php"); 
 
 
$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname); 
     
    mysql_select_db($dbname); 
if (! $conn) 
die(mysql_error()); 
mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error()); 
 
  
 
 
$result = mysql_query("SELECT message, address, postalcode FROM markers ORDER BY ID DESC LIMIT 1"); 
 
 
while ($row = mysql_fetch_array($result, MYSQL_NUM)) { 
    printf("<b>Message:</b><br/><br/>  %s <br/><br/><br/><b>Address:</b><br/> <br/>%s<br/><br/><b>Postal Code/Zip Code:</b><br/><b><br/>%s<br/>", $row[0], $row[1], $row[2],$row[3]);   
} 
 
mysql_free_result($result); 
mysql_close($conn); 
?>

There are two connections, is this bad? Do you have any suggestions as to how to fix this script? I am going to be going to school in Jan for this hopefully and I just dont get it right now but I have this great site to help people and some of it works fine and some of it doesnt for others. Is the top portion of the php code right there? Should there be a connect at the top of the page and that is it with it closing at the bottom?

Thank you again for everyone's help. I will never forget who helped in the process of this thank you thank you thank you!

It looks good, but you don't get any data from your sql queries....

You have to use mysql_fetch_array
http://php.net/manual/en/function.mysql-fetch-array.php

or
mysql_fetch_assoc
http://www.php.net/manual/en/functio...etch-assoc.php

... after the mysql_query(..) calls

... and you don't need to connect 2 times for the same database, with the same mysql login names, pass...