I'm totally incompetant

Anon

I'm trying to have people fill out a form and have the responses sent to a mysql database but I can't get it to work and don't know if my coding is wrong or the database is screwed up. The database name is observingyourmind_com and the table name is signatures. T1 through T7 are the variables that represent peoples responses. The zero at the end just fills up a space for the last field which has an autoincrement feature. Is this code correct?

<?php
$db=mysql_connect ("http://www.observingyourmind.com","username","password");
mysql_select_db("observingyourmind_com",$db);
mysql_query("INSERT INTO signatures VALUES ('$T1','$T2','$T3','$T4','$T5','$T6','$T7','$T8',0)",$db);
mysql_close ($db);
echo "Thanks for your help";
?>

Also, if I want to use an include to hide my username and password, could I just have the first two lines of code be
$user=include(file1.inc);
$password=include(file2.inc);
and put $user where username was and $password where password was and have notepad files on the server that only had my username or password in them.
Thank you in advance for any help you could give a frustrated incompetant programmer
Adam

arnihr

Well, I don't know if you can do this:
$user=include(file1.inc);
$password=include(file2.inc);

but you can do this:
create file called some.inc.php (always let it end with .php, for security reasons) and set this in it:
$username = "some_username";
$password = "some_password";
$host = "http://www.observingyourmind.com";
$db = "observingyourmind_com";

and then include it at the top of your query file and do this:
$conn = mysql_connect($host, $username, $password);

But I really can't tell what's wrong with your query... exept that the rows aren't in these line, then you would have to do this:
$sql = "INSERT INTO signatures (t1, t2... id) VALUES('$T1','$T2','$T3','$T4','$T5','$T6','$T7','$T8','')";

I think the 0 in the query is the problem, but I'm kinda messed up right now, so I'm not much of a help...

I recommend that you take a look the code snippets and find yourself what Tim made, mysql functions he created ... and always set the query into a variable, such as $sql and echo it just to see if it's ok...

Hope that makes some sense too you 🙂

Anon

yes ArniHr is correct for the autoincrement feature, you just leave it as ''
(empty)

also include die statements in your sql queries and processes.

ie
$db=mysql_connect ("http://www.observingyourmind.com","username","password") or die ("Cannot connect to database");
mysql_select_db("observingyourmind_com",$db) or die ("Cannot select db");
mysql_query("INSERT INTO signatures VALUES ('$T1','$T2','$T3','$T4','$T5','$T6','$T7','$T8',0)",$db) or die ("Cannot insert sql statement");
mysql_close ($db) or die ("Cannot close database");
echo "Thanks for your help";

Those die statements should identify at what point your program dies and when you're ready to go live then you can take them out.

Anon

I could be wrong about this since I'm new to this myself, but I think you may be putting in the wrong parameter for you database server. Check with your system administrator to see if the first argument of the mysql_connect() function is correct. Usually the database server is different from the web server. You might also try using the default value of "localhost". This frequently works, although not on all systems.

Also, you might try using the SQL keyword NULL for the auto-increment column. To the best of my knowledge NULL != 0 but rather represents no value. 0 typically represents 0, which is a value. You may simply be writing the data over the same row again and again.

As for your second question, such an arrangement is probably less secure than the original. PHP code is never sent to the end user and therefore remains relatively private, although your password still could be seen by someone with access to your directory on your server. However, any file who's extention does not rout it through the reprocessor will automatically be seen to the user as is, so if a hacker somehow gets a listing of the directory those files reside in, they only have to download it to view its contents.

Good luck.