Whats wrong with this simple code

Boffy · 10-28-2004, 03:10 PM

Why isnt this working?

Code:

<?php
 $dbh=mysql_connect ("localhost", "firstli_michael", "****") or die ('I cannot connect to the database because:' . mysql_error());
mysql_select_db ("firstli_rock",$dbh);
#$sql = 'INSERT INTO messenger (Username,Password,IP,Online) VALUES ('.$_GET['Username'].', '.$_GET['Password'].', '.$_GET['IP'].', '.$_GET['Online'].')';
$sql = 'INSERT INTO messenger (Username,Password,IP,Online) VALUES ('.$_GET['Username'].','.$_GET['Password'].','.$_GET['IP'].','.$_GET['Online'].')';
$result = mysql_query($sql,$dbh);
mysql_close($dbh);
echo $sql.$result
?>

Boffy

david_ross · 10-28-2004, 03:35 PM

Are you getting any errors or output at all?

If not then try adding die or print statements to check if the mysql_select_db and mysql_query statements fail. I quite often use this type of statement:
$query=mysql_query($sql) or mysql_failed(__FILE__, __LINE__);

Then have a function called mysql_failed:

Code:

function mysql_failed($file,$line){
Global $qstring, $sql, $sqlerror;

print "<hr>MySQL error on <b>line $line</b> of <b>$file</b>.<br>
Query was: <i>$sql</i><br>
Error was: <i>".mysql_error()."</i><hr>\n\n";
}

You can also add a mail section to the function if you want to

Boffy · 10-29-2004, 05:08 PM

Its an"ERROR 1054" and i get

Query was: INSERT INTO messenger (Username,Password,IP,Online) VALUES (Michael,hello,25,no)
Error was: Unknown column 'Michael' in 'field list'

Boffy

Boffy · 10-29-2004, 05:30 PM

I thnk its the $_GET part thats causeing the trouble but i dont know how to overcome it. Other sites reccomend things and they look link mine but it still wont work

cbe · 10-30-2004, 03:43 AM

I believe this is what you are after:

This should solve your $_GET issues.

config.php

Code:

<?   
        // database server
        $DB_SERVER = "localhost";
        // database name
        $DB_NAME = "name";   
        // database user
        $DB_USER = "user";  
        // database password
        $DB_PASSWD = "password";  

?>

lq.php

Code:

<?   
/*
If you call the page as such: 
yourwebserver.com/lq.php?Username=Mike&Password=1234&IP=123.12.12.1&Online=no
*/

include("config.php");

 $dbh=mysql_connect ("$DB_SERVER", "$DB_USER", "$DB_PASSWD");                                                                       
mysql_select_db ($DB_NAME,$dbh);                        
$sql = "INSERT INTO messenger VALUES ('" . $_GET['Username'] . "','" . $_GET['Password'] . "','" . $_GET['IP'] . "','" . $_GET['Online'] . "')";

$result = mysql_query($sql,$dbh) OR DIE ("Bad query INSERT_1: " .mysql_error());;
mysql_close($dbh);
echo $sql.$result
?>

Hope I answered your question,
Take care

david_ross · 10-30-2004, 09:54 AM

che's sugestion should fix it. I missed it in your first post but you need to have quotes around each string you try to insert. It is also worth escaping these strings with addslashes to help protect agains sql injection attacks.

Boffy · 10-31-2004, 01:16 PM

Success, thanks a lot.

Boffy