INSERT into does not work in php pages but works in phpMyAdmin

ratso

I have just moved my development environment from windows to linux, and I can communicate with MySQL (SELECT, INSERT, CREATE etc) with PhpMyAdmin and MySQLnavigator, and my php scripts will SELECT but whenever I use INSERT it does not work

I have checked my user rights and they are all selected

Anyone have a clue as to what could be happening?

Thanks

[deleted]

Which error messages do you get?

ratso

I dont get any error messages!

It just enters blank fields whenever I use an INSERT command from a script page, but I have dropdown menus populated by fields from the database and they showup!

Its just so weird

It only happens on the scripted pages, if I use an admin tool to INSERT it works fine

[deleted]

So in other words the insert works perfectly, but you just don't put any data in it.

Check wether the form data is actually being sent to the script.

ratso

Thanks for the advice Vincette,

I eventually tracked down the problem

whereas it was on in my old installation

and must be on at the webserver I use as well

Apparently having them on is not a good thing

But I am still learning

Thanks

Ratso

[deleted]

"Apparently having them on is not a good thing "

Indeed it is not, you should learn to use $GET and $POST etc instead, it is more secure and helps you remember where the vars actually came from; everything in $GET came from the URL, everything in $POST came from a FORM, everything in $_SESSION came from the session etc. There's no cheating or hacking possible.

good luck!

ratso

Dont suppose you could point me at any examples?

Thanks

Ratso

[deleted]

Well, imagine you have an authorisation system, and when people logon you put a var called 'logon_ok' in the session, and you give it a value of '1'.

In subsequent scripts. You'd check to see whether $logon_ok exists and contains the value '1'.

With register_globals=on, all GET/POST/SESSION and COOKIE vars are registered as globals. So if a hacker enters as a url:
www.yoursite.com?logok_ok=1
PHP will register 'logon_ok' as a global, your script will see that 'logon_ok' exists and contains the value '1', and treats the hacker as an authorized user.

With register_globals=off, none of the URL parameters are registered as globals, and the only way to get to the session_vars is through $_SESSION (or $HTTP_SESSION_VARS on older PHP versions) Now your script specifically checks wether 'logon_ok' exists as a SESSION variable, and only your script can put variables in sessions, so if 'logon_ok' exists in the session, you can be sure that your script put it there, and this person is indeed authorized.

ratso

Thanks Vincette

I will have to do some more reading up on this one I guess

See ya

Ratso