Author Topic: PHP scripts failing to use SQL functions  (Read 5322 times)

reactosguy

  • Member
  • **
  • Posts: 269
  • Kudos: 2
    • Microsoft Sucks !!!
PHP scripts failing to use SQL functions
« on: 29 September 2010, 00:46 »
Hello. I made a couple of PHP scripts to insert and update data, but they do not work. Why?

Code: [Select]
<?php
$id 
$_POST['id'];
$cont $_POST['elm1'];
$head $_POST['header'];
$tit $_POST['title'];
$cxn mysqli_connect("localhost","********","*******","msuck");
$query "UPDATE articles SET title='$tit', header='$head', content='$cont' WHERE id='$id'";
$result mysqli_query($cxn$query);
?>

<html>
<head>
<script type="text/javascript">
window.location = "index.php?loc=msuck&id=<?php echo $id?>";
</script>
</head>
</html>

UPDATE script

Code: [Select]
<?php
$id 
$_POST['id'];
$cont $_POST['elm1'];
$head $_POST['header'];
$tit $_POST['title'];
$dat date('Y-m-d');
$tim date('H:i:s');

$cxn mysqli_connect("localhost","********","*******","msuck");
$query "INSERT INTO articles (content,id,author,date,time,title,header) VALUES ($cont,$id,'Administrator',$dat,$tim,$tit,$head)";
$result mysqli_query($cxn$query);

header("Location: index.php?loc=msuck&id={$_POST['id']}");
?>


INSERT script

Sorry if you notice "elm1", I'm using a TinyMCE editor.

I notice no problems, and I feel that I followed it the same way that the book I'm using (PHP & MySQL Web Development All In One Desk Reference for Dummies, 3rd Edition by Janet Valade, ISBN: 978-0-470--16777-9) does. Do you have any answers?  (8-)

Refalm

  • Administrator
  • Member
  • ***
  • Posts: 5,183
  • Kudos: 704
  • Sjembek!
    • RADIOKNOP
Re: PHP scripts failing to use SQL functions
« Reply #1 on: 29 September 2010, 09:54 »
Try not using Javascript for updating the content.

Also, you should look at "strip_tags", your website is open to SQL insert attacks.

reactosguy

  • Member
  • **
  • Posts: 269
  • Kudos: 2
    • Microsoft Sucks !!!
Re: PHP scripts failing to use SQL functions
« Reply #2 on: 29 September 2010, 21:08 »
Try not using Javascript for updating the content.

I have to, header statements only work at the beginning. If I do it at the beginning, the insert or update functions for SQL won't work because the page was redirected before.

Also, you should look at "strip_tags", your website is open to SQL insert attacks.

I forgot about that, but the site isn't live (It's on localhost), so the only problem is accessing my computer via botnet or physical access to do so.

Refalm

  • Administrator
  • Member
  • ***
  • Posts: 5,183
  • Kudos: 704
  • Sjembek!
    • RADIOKNOP
Re: PHP scripts failing to use SQL functions
« Reply #3 on: 1 October 2010, 09:56 »
Why is "window.location" javascript in the <head> tag?
I'm not sure that even does anything when you implement it that way.

Also, you could try this:
Code: (PHP) [Select]
<?php
echo '<meta http-equiv="refresh" content="0;url=index.php?loc=msuck&id=$_POST['id']" />';
?>
instead of using header.
« Last Edit: 1 October 2010, 09:59 by Refalm »

reactosguy

  • Member
  • **
  • Posts: 269
  • Kudos: 2
    • Microsoft Sucks !!!
Re: PHP scripts failing to use SQL functions
« Reply #4 on: 1 October 2010, 21:12 »
Why is "window.location" javascript in the <head> tag?
I'm not sure that even does anything when you implement it that way.

It works perfectly. I tried it.

Also, you could try this:
Code: (PHP) [Select]
<?php
echo '<meta http-equiv="refresh" content="0;url=index.php?loc=msuck&id=$_POST['id']" />';
?>
instead of using header.

I was thinking about that as well. I just didn't know how to do it.

EDIT: This article said that too many meta redirects on a site leads to one being flagged as spam on a search engine.

So, are there any problems with my SQL queries? That's exactly what I want answered.
« Last Edit: 2 October 2010, 05:22 by reactosguy »

Refalm

  • Administrator
  • Member
  • ***
  • Posts: 5,183
  • Kudos: 704
  • Sjembek!
    • RADIOKNOP
Re: PHP scripts failing to use SQL functions
« Reply #5 on: 2 October 2010, 00:05 »
Check if $time and $date are in the right format. Sometimes the values for date are actually month-day-year. And maybe time input is without seconds. Just check the database.

You also need put strings between '
« Last Edit: 2 October 2010, 00:07 by Refalm »

reactosguy

  • Member
  • **
  • Posts: 269
  • Kudos: 2
    • Microsoft Sucks !!!
Re: PHP scripts failing to use SQL functions
« Reply #6 on: 2 October 2010, 05:15 »
Check if $time and $date are in the right format. Sometimes the values for date are actually month-day-year. And maybe time input is without seconds. Just check the database.

You also need put strings between '

The database uses a DATE in one of the columns of the tables. It's usually interpreted as Year-Month-Day.

Also, TIME column does do seconds, if I remember correctly.

EDIT: I changed both of them to VARCHARs so there shouldn't be many new problems.
« Last Edit: 2 October 2010, 05:23 by reactosguy »