The Cave of Dragonflies forums

Go Back   The Cave of Dragonflies forums > Websites > Webmaster Help and Discussion

Notices

Reply
 
Thread Tools
  #1  
Old 07-19-2013, 11:15 PM
42aruaour's Avatar
42aruaour 42aruaour is offline
Time: I come from the past. O.o
 
Join Date: July 17, 2013
Location: This Universe, Planet Earth
Age: 18
Posts: 118
Pronoun: he
42aruaour is an unknown quantity at this point
Default Comments System not Working...

I want people to be able to add comments to my weblog, but I can't figure out why I can't update MySQL tables for it to work. I've spent quite a while working on this, but am unable to get it to work. Skip the next section if you don't care about specs.

I used HTML5, CSS3, PHP 5.3.25, Javascript (very minimal), and MySQL 5.1.68 in my blog so the code was minimal, only needing to put the blog entry into MySQL. It runs on Apache 2.2.2 and I do not have control over the server physically, I can only access it through cPanel.

The only way I can add or remove any table entries is through PHPMyAdmin. I know that I should be able to add entries to MySQL from the weblog on the host that I'm using, but I don't really know SQL the best, so I can't quite be sure that I'm doing it correctly. there might be a problem in the PHP too, but I don't think so.

Here's the code. (This is for adding blog entries) The database is named "a_database", the table is named "Entries", and the host is 127.0.0.1 or "localhost".
CODE

Form code:
Code:
<form method="post" action="submit.php">
ID: <input type="text" name="id"><br>
Date: <input type="text" name="date"><br>
Time: <input type="text" name="time"><br>
Title: <input type="text" name="title"><br>
Link: <input type="text" name="link"><br>
Content: <textarea name="content" cols="100" rows="10"></textarea><br>
Search: <textarea name="search" cols="100" rows="10"></textarea><br>
<input type="submit" value="Submit">
</form>
PHP code (submit.php):
Code:
<?php

$id = $_POST["id"];
$date = $_POST["date"];
$time = $_POST["time"];
$title = $_POST["title"];
$link = $_POST["link"];
$content = $_POST["content"];
$search = $_POST["search"];

$con = mysql_connect("localhost","*uname*,"*pword*");
if (!$con)
{
	die('Could not connect: ' . mysql_error());
}

mysql_select_db("a_database", $con);

$query = "INSERT INTO a_database.Entries VALUES ( " . $id . ", '" . $date . "', '" . $time . "', '" . $title . "', '" . $link . "', '" . $content . "', '" . $search . "' )";
$result = @mysql_query( $query );

echo("I dont think there are any problems?");

mysql_close($con);
?>

Sorry, I had deleted the comments submission code before I thought about asking here. The script above is called on form submission.

Thanks for any help!
Adam
__________________
"Keep looking up... After it rains." Fringe TV Show. Season 4 Episode 20: Worlds Apart.

Can't keep up with that cookie thing because of school.
Reply With Quote
  #2  
Old 08-02-2013, 04:41 PM
1. Luftballon 1. Luftballon is offline
Banned
 
Join Date: June 24, 2008
Posts: 3,372
Pronoun: it
1. Luftballon is an unknown quantity at this point
Default Re: Comments System not Working...

Quote:
Originally Posted by 42aruaour View Post
Code:
$query = "INSERT INTO a_database.Entries VALUES ( " . $id . ", '" . $date . "', '" . $time . "', '" . $title . "', '" . $link . "', '" . $content . "', '" . $search . "' )";
$result = @mysql_query( $query );
please don't do this, use parameterised queries or something to that effect, but really please don't interpolate arbunsafe strings into ... um anything, really, anything that's going anywhere. also read this, I'd appreciate if everyone using php read this, but even if you don't, at least read the other two links and pdo docs.

more pertinent, really don't suppress your errors (that's still what @ does in php, right). if something is going wrong you want to know what's going wrong; quiet failure is ... a bug, unless that's what you really want to do (it's not).

offhand, I'd guess there could be a problem is with specifying a_database in the query; but I haven't dealt with databases not sqlite so I'm likely to be wrong.

if you take out the error-suppression, it would probably tell you, though.

Quote:
Sorry, I had deleted the comments submission code before I thought about asking here. The script above is called on form submission.
source control helps. this is an okay introduction, I think.
Reply With Quote
  #3  
Old 08-04-2013, 03:48 PM
42aruaour's Avatar
42aruaour 42aruaour is offline
Time: I come from the past. O.o
 
Join Date: July 17, 2013
Location: This Universe, Planet Earth
Age: 18
Posts: 118
Pronoun: he
42aruaour is an unknown quantity at this point
Default Re: Comments System not Working...

Thanks. Actually that code there was made all the way from when I started the website, but I never uploaded it so it was never updated to prevent SQL injection. I really do not like PHP, but it's really the best I can do for a web platform for now. I mean, I'm still fixing things here and there, and it's really annoying how every update breaks 40 commands and adds 45 new commands. I never knew there was a CGI wrapper for C, so when I get the time, I'm going to rewrite in C or WebPy. Also, I never realized that I put the @ there before, so I'll remove it. I typically hate suppression and such.
Thanks for the help and everything. I read all the links, and I do agree with the one against PHP. By the way... is there something like web.py for C but not a wrapper? I don't appreciate wrappers very much.
__________________
"Keep looking up... After it rains." Fringe TV Show. Season 4 Episode 20: Worlds Apart.

Can't keep up with that cookie thing because of school.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:08 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Pokémon, Pikachu and all other Pokémon characters © Nintendo, Game Freak and Creatures Inc. The Cave of Dragonflies, content, styles, etc. © Butterfree/Dragonfree/antialiasis.
Forum now hosted by Eevee's HQ.