smus Posted February 3, 2017 Share Posted February 3, 2017 MySQL queries are not working only inside this block: ... if (isset($_POST['send'])) { } ... The variable itself is set and transferred from the form. What could be the reasons of this and how is better to check? Link to comment Share on other sites More sharing options...
dsonesuk Posted February 3, 2017 Share Posted February 3, 2017 This is like taking a picture of your car to a garage, handing it over to machanic and saying i'm having a problem, can you suggest a way of fixing by just looking at this picture. Note the wheels do go round ok! Link to comment Share on other sites More sharing options...
smus Posted February 3, 2017 Author Share Posted February 3, 2017 The code is too long to paste here, but I've already found a place where the error might be, by taking away headers (header: location) and adding echo $_POST['send']. This is the file that process (update query) data from HTML form. The code was not completed and, as I suppose, taken from adding information (insert query) file, because there were these lines of code: if ($_POST['password'] == $_POST['confirm_password']) { [there is a code with processing information and mysql queries] } else { echo $_POST['send']."2"; // header("Location: ".SITE_PATH."&result=3"); exit; } This testing echo was reflected after I commented header (location) I've decided to delete the if clause, the code works, but the queries are still not sending. I will attach the whole file here, if it helps to solve the issue. Link to comment Share on other sites More sharing options...
smus Posted February 3, 2017 Author Share Posted February 3, 2017 Here's the file run.php Link to comment Share on other sites More sharing options...
Ingolme Posted February 3, 2017 Share Posted February 3, 2017 Unfortunately, you may need to rewrite a lot of your code. You should never mix variables into your queries because, aside from the potential to throw errors, they also provide a mean of breaking into your database. The mysql library is deprecated due to security vulnerabilities and no longer works in recent versions of PHP. If your server gets an upgrade at any point your whole program will stop working. There are two alternatives: mysqli and PDO. Personally, I prefer PDO. Now before you jump into either of these, remember that you must not put variables into your SQL even when using these new libraries. So how do you put values into your query? Use prepared statements: http://www.w3schools.com/php/php_mysql_prepared_statements.asp There's a better description of prepared statements in the PHP manual: http://php.net/manual/en/pdo.prepared-statements.php strip_tags() and htmlspecialchars() are operations you should do when retrieving information from the database, not before storing them. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now