[RESOLVED] Query was empty
Page 1 of 3 123 LastLast
Results 1 to 15 of 34

Thread: [RESOLVED] Query was empty

  1. #1
    Member
    Join Date
    Apr 2012
    Posts
    33

    resolved [RESOLVED] Query was empty

    Hi all,

    One more quick question about my code from the previous thread I posted. Once my T_Variable problem was solved (), I noticed that the page said my query was empty (). I did not find my submitted parts of the form I created in my PHPMyAdmin database (). Did I connect incorrectly to the database? Here's my code once more:

    PHP Code:
    <html>
        <head>
            <title> Lego Comic </title>
        </head>
    <body> <center>
        <h1> Thank you for joining! Now click <a href="index.php" title="Login"> HERE </a> to login! </h1>

    <?php

    //Connect to the database server
    mysql_connect("mysql2.**********.com","xxxxxxxx_xxxxx","xxxxxxxx") or die (mysql_error ());

    //Select database
    mysql_select_db("xxxxxxxx_xxxxx") or die (mysql_error ());

    //The SQL statement is built by the user, taking information from becomeamember.php

    $strSQl "INSERT INTO Members(firstname) values('" $_POST["firstname"] . "')";
    //The SQL statement is executed
    mysql_query($strSQL) or die (mysql_error());

    $strSQL "INSERT INTO Members(username) values('" $_POST["username"] . "')";
    //The SQL statement is executed
    mysql_query($strSQL) or die (mysql_error());

    $strSQL "INSERT INTO Members(password) values('" $_POST["password"] . "')";
    //The SQL statement is executed
    mysql_query($strSQL) or die (mysql_error());

    //Close the database connection
    mysql_close();
    ?>

    </center> </body>
    </html>
    Thanks in advance.
    Last edited by bradgrafelman; 04-08-2012 at 03:00 PM. Reason: PHP bbcode tags added

  2. #2
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,429
    When posting PHP code, please use the board's [php]..[/php] bbcode tags as they make your code much easier to read and analyze.

    As for your error message, the problem is here:
    PHP Code:
    $strSQl "INSERT INTO Members(firstname) values('" $_POST["firstname"] . "')"
    //The SQL statement is executed 
    mysql_query($strSQL) or die (mysql_error()); 
    You define a variable called $stringSQl but then try to use one called $stringSQL (which is undefined at that point).

    A bigger problem, however, is the fact that you're executing three separate INSERT queries, which means you're creating three separate rows in the DB; one has a firstname value, one has a username value, and one has a password value. The rest of the columns in each of the three rows will be set to their default/NULL state. This doesn't really make much sense. Instead, you should probably be using all three pieces of information to create a single row (e.g using only one INSERT query).

    Also note that user-supplied data should never be placed directly into a SQL query string, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize it such as with a function like mysql_real_escape_string() (for string data) or by using prepared statements. For more info, see the PHP manual page security.database.sql-injection.

    Finally, note that the entire mysql extension is quite outdated and has been deprecated in favor of MySQLi or PDO.

  3. #3
    Member
    Join Date
    Apr 2012
    Posts
    33
    Thank you for your help. You've removed the "Query was empty" error.

    I was wondering if you could help me by giving me an example of executing all three commands in one row? It would be a great help.

  4. #4
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,429
    In each of your INSERT queries, you're only listing a single column and a single value. Instead, you should be supplying a comma-separated list of all of the columns that you're specifying for the row to be inserted, followed by a VALUES section with another comma-separated list of values (that corresponds with the list of columns named earlier in the query, e.g. the 2nd value in the list should correspond to the second column).

    The MySQL manual page for the INSERT query states its syntax and includes several sample SQL queries.

  5. #5
    Member
    Join Date
    Apr 2012
    Posts
    33

    Question

    Once again, you have solved that problem. But once again, another has appeared...

    When I load the page, instead of displaying my header and entering the data into the database, it displays this error:

    "Parse error: syntax error, unexpected ';' in /xxxx/xxxxxxxx/xxxxxx_xxxx/members.php on line 22"

    Here is my new code:

    PHP Code:
    <html>
        <head>
            <title> Lego Comic </title>
        </head>
    <body> <center>
        <h1> Thank you for joining! Now click <a href="index.php" title="Login"> HERE </a> to login! </h1>

    <?php

    //Connect to the database server
    mysql_connect("host","user","pass") or die (mysql_error ());

    //Select database
    mysql_select_db("a5179209_avery") or die (mysql_error ());

    //The SQL statement is built by the user, taking information from becomeamember.php

    $strSQL "INSERT INTO Members(firstname, username, password) values('" $_POST["firstname"] . "', '" $_POST["username"] . "', '" $_POST["password"] . "')";
    //The SQL statement is executed
    mysql_query($strSQL) or die (mysql_error());

    //Close the database connection
    mysql_close();
    ?>

    </center> </body>
    </html>
    Thank you so much for your help.
    Last edited by bradgrafelman; 04-09-2012 at 11:36 AM. Reason: DB details obfuscated

  6. #6
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,429
    There are no syntax errors in the code snippet you posted.

  7. #7
    Member
    Join Date
    Apr 2012
    Posts
    33
    So then, what could be my problem?!?

  8. #8
    Member
    Join Date
    Apr 2012
    Posts
    33

    Question Almost there...

    Nvm the last one, solved that myself. There are no error messages displayed, but when I check MyPHPAdmin, it shows an entry, but does not show any data in it?! It makes an entry, but does not show any data under firstname, username or password! It just assigns it an ID number! Here is my new code...

    PHP Code:
    <html>
        <head>
            <title> Lego Comic </title>
        </head>
    <body> <center>
        <h1> Thank you for joining! Now click <a href="index.php" title="Login"> HERE </a> to login! </h1>

    <?php

    //Connect to the database server
    mysql_connect("******.**********.***","********_*****","********") or die (mysql_error ());

    //Select database
    mysql_select_db("********_*****") or die (mysql_error ());

    //The SQL statement is built by the user, taking information from becomeamember.php
    $strSQL "INSERT INTO Members(firstname, username, password) values('" $_POST["firstname"] . "', '" $_POST["username"] . "', '" $_POST["password"] . "')";

    //The SQL statement is executed
    mysql_query($strSQL) or die (mysql_error());

    //Close the database connection
    mysql_close()
    ?>

    </center> </body>
    </html>
    To solve the last problem, I removed the ";" from "mysql_close();". Any ideas on solving this problem? I know I've almost got this working... I'm sorry for posting so many problems that are probably obvious...

  9. #9
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,429
    Few things:

    1. Do you have display_errors set to On and error_reporting set to E_ALL? If so, do you get any error messages?
    2. Your code above doesn't check to see if a form was actually submitted. In other words, simply visiting the above script in your browser (or letting a search engine's bot/spider crawl the page) would trigger the execution of the INSERT query. This is usually a bad design.

      Instead, you should use isset() (or empty()) to check if some data was actually POST'ed. If not, then there's no point in executing any of that SQL-related code.
    3. EDIT: Looks like I already covered this list item previously.


    EDIT: Also, can you show us the HTML markup for the form that's being submitted to this script?

  10. #10
    Member
    Join Date
    Apr 2012
    Posts
    33
    Alright, here's the code for the form being submitted:

    PHP Code:
    <html>
        <
    head>
            <
    titleLego Comic </title>
        </
    head>

        <
    body>
        <
    center>
            <
    h1Lego Comic </h1>
            <
    h2Become a member! </h2>
            <
    pYou can become a member of Lego Comic by filling out the form below! </p>

            <
    form action="members.php" method="post">
            <
    input type="text" value="firstname" />
            <
    input type="text" value="username" />
            <
    input type="password" value="password" />
            <
    input type="submit" value="Join Now!" />

            </
    form>

        </
    center>
        </
    body>
    </
    html
    Hope it helps. In the mean time, I'm going to try the isset or empty codes. Thanks again!

  11. #11
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,429
    None of your form elements have any names (as specified by a 'name' attribute).

  12. #12
    Member
    Join Date
    Apr 2012
    Posts
    33
    How do I turn on display_errors and error_reporting? Also, does this code work?

    PHP Code:
    <html>
        <head>
            <title> Lego Comic </title>
        </head>
    <body> <center>
        <h1> Thank you for joining! Now click <a href="index.php" title="Login"> HERE </a> to login! </h1>

    <?php

    //Connect to the database server
    mysql_connect("mysql2.**********.com","a5179209_avery","nepean99") or die (mysql_error ());

    //Select database
    mysql_select_db("a5179209_avery") or die (mysql_error ());

    //The SQL statement is built by the user, taking information from becomeamember.php
    $strSQL "INSERT INTO Members(firstname, username, password) values('" $_POST["firstname"] . "', '" $_POST["username"] . "', '" $_POST["password"] . "')";

    //Check to see if the values firstname, username and password are empty
    if (empty($strSQL)){
        echo 
    "$strSQL is either empty, zero, or not set at all";
    }
    //The SQL statement is executed
    mysql_query($strSQL) or die (mysql_error());

    //Close the database connection
    mysql_close()
    ?>

    </center> </body>
    </html>

  13. #13
    Member
    Join Date
    Apr 2012
    Posts
    33
    Also, are these properly named?

    PHP Code:
    <html>
        <
    head>
            <
    titleLego Comic </title>
        </
    head>

        <
    body>
        <
    center>
            <
    h1Lego Comic </h1>
            <
    h2Become a member! </h2>
            <
    pYou can become a member of Lego Comic by filling out the form below! </p>

            <
    form action="members.php" method="post">
            <
    input type="text" value="firstname" name="First Name" />
            <
    input type="text" value="username" name="Username" />
            <
    input type="password" value="password" name="Password" />
            <
    input type="submit" value="Join Now!" />

            </
    form>

        </
    center>
        </
    body>
    </
    html
    Thanks.

  14. #14
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,429
    Quote Originally Posted by Minecraft_iPod View Post
    How do I turn on display_errors and error_reporting?
    The manual page configuration.changes lists the various ways to alter PHP directives.

    Quote Originally Posted by Minecraft_iPod View Post
    Also, does this code work?
    I don't know... you tell us.

    Note I do see one thing that doesn't make much sense:

    PHP Code:
    $strSQL "INSERT INTO Members(firstname, username, password) values('" $_POST["firstname"] . "', '" $_POST["username"] . "', '" $_POST["password"] . "')";

    //Check to see if the values firstname, username and password are empty
    if (empty($strSQL)){ 
    Two things wrong with that if() statement:
    1. It doesn't do what the code comment is saying it's doing.
    2. It doesn't do anything useful since the 'else' branch will never be executed; why would $strSQL be empty when it was just defined (with a non-empty value) in the previous statement?


    Quote Originally Posted by Minecraft_iPod View Post
    Also, are these properly named?
    That depends what you mean by "properly," I suppose. You can name them whatever you want - it's your form, after all. However, none of the names you've given the three text fields match the names you're using in the PHP code, so unless you updated the code as well then you're still going to have problems.

  15. #15
    Member
    Join Date
    Apr 2012
    Posts
    33

    Question Totally Redesigned

    Okay, I totally remade the login system with a different tutorial. Almost everything works, except when I try to login with the information I have added to MyPHPAdmin, it comes up with my message, "Wrong Username or Password".

    Here's the code:

    PHP Code:
    <html>
        <head>
            <title> Lego Comic </title>
        </head>

        <body>
            <center>
            <h1> Lego Comic </h1>
            <h2> Login below! </h2>
            <h3> To become a member, click <a href="register.php" title="Become a Member!"> HERE! </a> </h3>
    <?php
    session_start
    ();
    // dBase file
    include "dbconfig.php";

    if (
    $_GET["op"] == "login")
     {
     if (!
    $_POST["username"] || !$_POST["password"])
         {
         die(
    "You need to provide a username and password.");
         }
     
     
    // Create query
     
    $q "SELECT * FROM `Members` "
         
    ."WHERE `username`='".$_POST["username"]."' "
         
    ."AND `password`=PASSWORD('".$_POST["password"]."') "
         
    ."LIMIT 1";
     
    // Run query
     
    $r mysql_query($q);

     if ( 
    $obj = @mysql_fetch_object($r) )
         {
         
    // Login valid, create session variables
         
    $_SESSION["valid_id"] = $obj->id;
         
    $_SESSION["valid_user"] = $_POST["username"];
         
    $_SESSION["valid_time"] = time();

         
    // Redirect to member page
         
    Header("Location: mainsite.php");
         }
     else
         {
         
    // Login not successful
         
    die("Incorrect Username or Password. Press the back button on your browser to try again.");
         }
     }
    else
     {
    //If all went right the Web form appears and users can log in
     
    echo "<form action=\"?op=login\" method=\"POST\">";
     echo 
    "Username: <input name=\"username\" size=\"15\"><br />";
     echo 
    "Password: <input type=\"password\" name=\"password\" size=\"15\"><br />";
     echo 
    "<input type=\"submit\" value=\"Login\">";
     echo 
    "</form>";
     }
    ?>

            </center>
        </body>
    </html>
    Can you see any problems?

    Thanks!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •