Jump to content
smus

MySQL query is not working

Recommended Posts

MySQL queries are not working only inside this block:

...
if (isset($_POST['send'])) {


}
...

The variable itself is set and transferred from the form.

 

What could be the reasons of this and how is better to check?

Share this post


Link to post
Share on other sites

This is like taking a picture of your car to a garage, handing it over to machanic and saying i'm having a problem, can you suggest a way of fixing by just looking at this picture. Note the wheels do go round ok!

Share this post


Link to post
Share on other sites

The code is too long to paste here, but I've already found a place where the error might be, by taking away headers (header: location) and adding echo $_POST['send']. This is the file that process (update query) data from HTML form. The code was not completed and, as I suppose, taken from adding information (insert query) file, because there were these lines of code:

if ($_POST['password'] == $_POST['confirm_password']) 
{
[there is a code with processing information and mysql queries]
} 
else {    echo $_POST['send']."2";
               // header("Location: ".SITE_PATH."&result=3");
                exit;
         }

This testing echo was reflected after I commented header (location)

 

 

I've decided to delete the if clause, the code works, but the queries are still not sending.

 

I will attach the whole file here, if it helps to solve the issue.

Share this post


Link to post
Share on other sites

Unfortunately, you may need to rewrite a lot of your code.

 

You should never mix variables into your queries because, aside from the potential to throw errors, they also provide a mean of breaking into your database.

 

The mysql library is deprecated due to security vulnerabilities and no longer works in recent versions of PHP. If your server gets an upgrade at any point your whole program will stop working. There are two alternatives: mysqli and PDO. Personally, I prefer PDO.

 

Now before you jump into either of these, remember that you must not put variables into your SQL even when using these new libraries. So how do you put values into your query? Use prepared statements: http://www.w3schools.com/php/php_mysql_prepared_statements.asp

 

There's a better description of prepared statements in the PHP manual: http://php.net/manual/en/pdo.prepared-statements.php

 

strip_tags() and htmlspecialchars() are operations you should do when retrieving information from the database, not before storing them.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×