smicki Posted January 1, 2011 Share Posted January 1, 2011 Hello to everyone, i need help. I have mySQL table:contentID int NOT NULL AUTO_INCREMENT, PRIMARY KEY(contentID),name varchar(15),content TEXTand now I have little html form and when I submit contents mySQL table list empty rowLike this:contentID name content1 test 318 test318 content2 3 test 320 test320content 4 test401 test401 sadrzaj 5 6 test 406 test0406 sadrzaj 7 8 test408 test408sadrzaj 9 10 test407 test407sadrzaj Can you help me. My insert.php look like this:<?//Addingmysql_select_db("dino", $con);$sql="INSERT INTO contentdb (name, content)VALUES('$_POST[name]','$_POST[content]')";if (!mysql_query($sql,$con)){die('Error: ' . mysql_error());}echo "1 Add";mysql_close($con)?>Thanks Link to comment Share on other sites More sharing options...
Starfall Posted January 1, 2011 Share Posted January 1, 2011 $sql="INSERT INTO contentdb (name, content)VALUES('$_POST[name]','$_POST[content]')"; NOT VALID QUERY.Valid one is: $sql="INSERT INTO contentdb (name, content)VALUES('" . $_POST['name'] . "','" . $_POST['content'] . "')"; Or you can use sprintf() and mysql_real_escape_string(), to ensure security againist hackers: $username=mysql_real_escape_string($_POST['name']);$content=mysql_real_escape_string($_POST['content']);$sql=sprintf("INSERT INTO contentdb (name, content) VALUES ('%s', '%s')", $username, $content); And a full script, which should work perfect: <?php// Connect to database$con=mysql_connect(yourserver,yourid,yourpass);mysql_select_db('dino', $con);// Define query variables$user=mysql_real_escape_string($_POST['name']);$content=mysql_real_escape_string($_POST['content']);$query1=sprintf("INSERT INTO contentdb (name, content) VALUES ('%s', '%s')", $user, $content);// Execute the query or die and echo an error messagemysql_query($query1) or die("Unable to execute query: " . mysql_error());echo "Added 1 row.";?> Link to comment Share on other sites More sharing options...
birbal Posted January 1, 2011 Share Posted January 1, 2011 Hello to everyone, i need help. I have mySQL table:contentID int NOT NULL AUTO_INCREMENT, PRIMARY KEY(contentID),name varchar(15),content TEXTand now I have little html form and when I submit contents mySQL table list empty rowLike this:contentID name content1 test 318 test318 content2 3 test 320 test320content 4 test401 test401 sadrzaj 5 6 test 406 test0406 sadrzaj 7 8 test408 test408sadrzaj 9 10 test407 test407sadrzaj Can you help me. My insert.php look like this:<?//Addingmysql_select_db("dino", $con);$sql="INSERT INTO contentdb (name, content)VALUES('$_POST[name]','$_POST[content]')";if (!mysql_query($sql,$con)){die('Error: ' . mysql_error());}echo "1 Add";mysql_close($con)?>Thanks as it seems you are not validating your input..i guess in some submit your input fields coming blank. so blank query are being inserted. Link to comment Share on other sites More sharing options...
smicki Posted January 2, 2011 Author Share Posted January 2, 2011 I do everything like this: <?php// Connect to database$con=mysql_connect(yourserver,yourid,yourpass);mysql_select_db('dino', $con);// Define query variables$user=mysql_real_escape_string($_POST['name']);$content=mysql_real_escape_string($_POST['content']);$query1=sprintf("INSERT INTO contentdb (name, content) VALUES ('%s', '%s')", $user, $content);// Execute the query or die and echo an error messagemysql_query($query1) or die("Unable to execute query: " . mysql_error());echo "Added 1 row.";?> And all works, but mysql steel adding empty row.Help please. Link to comment Share on other sites More sharing options...
Starfall Posted January 2, 2011 Share Posted January 2, 2011 Do something like this: print $_POST['name'] . " " . $_POST['content']; And post the result here.Edit: If you can post your form code, I would take a look at it. Link to comment Share on other sites More sharing options...
smicki Posted January 2, 2011 Author Share Posted January 2, 2011 Do something like this:<html> <head> <title>content</title> <script type="text/javascript" src="scripts/wysiwyg.js"></script> <script type="text/javascript" src="scripts/wysiwyg-settings.js"></script> <script type="text/javascript"> // Use it to attach the editor directly to a defined textarea WYSIWYG.attach('content', full); // full featured setup </script><form action="insert.php" method="post">Name:<input type="text" name="name" />Content:<textarea cols="40" name="content" id="content" rows="10"></textarea><input type="submit" /></form></head></html> Thanks Link to comment Share on other sites More sharing options...
Starfall Posted January 2, 2011 Share Posted January 2, 2011 I tested this script and it works fine: <?phpif (isset($_POST["name"]) or isset($_POST["content"])){// Connect to database$con=mysql_connect(server,id,pass);mysql_select_db('dino', $con);// Define query variables$user=mysql_real_escape_string($_POST['name']);$content=mysql_real_escape_string($_POST['content']);$query1=sprintf("INSERT INTO contentdb (name, content) VALUES ('%s', '%s')", $user, $content);// Execute the query or die and echo an error messagemysql_query($query1) or die("Unable to execute query: " . mysql_error());echo "Added 1 row.";}else{echo '<form action="insert.php" method="post">Name:<input type="text" name="name" />Content:<textarea cols="40" name="content" id="content" rows="10"></textarea><input type="submit" value="Submit" /></form>';}?> Make this one page as "insert.php". It should work perfect. Link to comment Share on other sites More sharing options...
thescientist Posted January 2, 2011 Share Posted January 2, 2011 I do everything like this:<?php// Connect to database$con=mysql_connect(yourserver,yourid,yourpass);mysql_select_db('dino', $con);// Define query variables$user=mysql_real_escape_string($_POST['name']);$content=mysql_real_escape_string($_POST['content']);$query1=sprintf("INSERT INTO contentdb (name, content) VALUES ('%s', '%s')", $user, $content);// Execute the query or die and echo an error messagemysql_query($query1) or die("Unable to execute query: " . mysql_error());echo "Added 1 row.";?> And all works, but mysql steel adding empty row.Help please. you should be checking to make sure name and content or set/or not empty first before just throwing them into the database. an if/else statement to test would be the best approach, where if they are set, or (ideally) not empty, then execute the query. Link to comment Share on other sites More sharing options...
smicki Posted January 4, 2011 Author Share Posted January 4, 2011 I tested this script and it works fine:<?phpif (isset($_POST["name"]) or isset($_POST["content"])){// Connect to database$con=mysql_connect(server,id,pass);mysql_select_db('dino', $con);// Define query variables$user=mysql_real_escape_string($_POST['name']);$content=mysql_real_escape_string($_POST['content']);$query1=sprintf("INSERT INTO contentdb (name, content) VALUES ('%s', '%s')", $user, $content);// Execute the query or die and echo an error messagemysql_query($query1) or die("Unable to execute query: " . mysql_error());echo "Added 1 row.";}else{echo '<form action="insert.php" method="post">Name:<input type="text" name="name" />Content:<textarea cols="40" name="content" id="content" rows="10"></textarea><input type="submit" value="Submit" /></form>';}?> Make this one page as "insert.php". It should work perfect. This work … Thanks for everything Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.