Alfraganus Posted October 20, 2015 Share Posted October 20, 2015 Dear all, I've been trying to upload my datas to directly server, but somethis is wrong with it, my localhost is not saying any error but only (mysql_errno) messaging me "post has not been published succesfully": I dont know what wrong with it, I tried different ways but not working(((, I would be very glad if someones can fix it here are the codes: <?php mysql_connect("localhost","root",""); mysql_select_db("yangiliklar"); if (isset($_POST['submit'])) { $post_title=$_POST ['title']; // $post_date= date ('y-m-d'); $post_author=$_POST ['author']; $post_keywords=$_POST ['keywords']; $post_content=$_POST ['content']; $post_image=$_FILES ['image']['name']; $image_tmp= $_FILES ['image']['tmp_name']; if($post_title=='' or $post_keywords=='' or $post_content=='' or $post_author=='') { echo "<script>alert ('any on the field is empty') </script>"; exit (); } else { move_uploaded_file($image_tmp, "images/$post_image"); $insert_query="insert into posts (posts_title, post_author, post_image, post_keywords, post_content) values ('$post_title, '$post_author', '$post_image', '$post_keywords', '$post_content')"; if (mysql_query($insert_query)) { echo "<center><h1>post published succesfully </h1></center>"; } else { echo "post has not been published succesfully"; } (this message is coming) } } ?> Link to comment Share on other sites More sharing options...
Ingolme Posted October 20, 2015 Share Posted October 20, 2015 You can see why it's not working by checking what mysql_error() returns. echo "post has not been published succesfully. Reason: " . mysql_error(); Your code is vulnerable to hacking. The mysql library is outdated and by passing POST data right into the query you're leaving it open to SQL injection. Here's an excerpt from the mysqli_error() manual page: WarningThis extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include: [*]mysqli_error()[*]PDO::errorInfo() Link to comment Share on other sites More sharing options...
Alfraganus Posted October 20, 2015 Author Share Posted October 20, 2015 I changed mysql in mysqli but the result is the same, what can help me? Link to comment Share on other sites More sharing options...
justsomeguy Posted October 20, 2015 Share Posted October 20, 2015 Did you add any error checking? Using mysqli isn't as simple as renaming some functions. You also need to use prepared statements, the old mysql extension does not support prepared statements so that's new code, not renaming things.http://php.net/manual/en/mysqli.quickstart.prepared-statements.phpOne of the reasons to use prepared statements is to remove the data from the actual query and let the database server handle the data itself. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now