PHP/MySQL

jeannie2002

I am running Mandrake 8.2, phpMyAdmin 2.3.1, MySQL 3.23.47 and PHP 4.1.2.

I have setup MySQL user accounts with "Insert" privileges in order to have my PHP web form submit data. When "submit" is clicked, the message of a successful transfer appears, and I have verified that the Host, User and password configured in the webpage are working. However, when I check the appropriate database table via phpMyAdmin no new row has been inserted.

So it seems that the database is granting access to the webpage, yet no new row is being created to add the data to the table.

"Insert" in phpMyAdmin will insert a new row.

Any suggestions?

😕

[deleted]

Sounds like your error checking is being bypassed and the query is not getting executed.

Maybe you could post some code?

jeannie2002

<?php
if ($submit) {
// process form
$estat = 0;
$etest = $permemail;
$et1 = chop($etest);
$et2 = strpos($etest,"@");
$et3 = strlen($etest);
$et4 = strpos(substr($et1,$et2,$et3 - $et2), ".");
if (($et2 > 0) && ($et2 < $et3) && ($et4 > 0)) {
$estat = 1;
}

$db = mysql_connect("localhost:/var/lib/mysql/mysql.sock", "<User (omitted)>", "<pw(omitted)>");
mysql_select_db("deviant",$db);

$sql = "SELECT username FROM player WHERE username='$username'";

$test = mysql_query($sql);

// FIXME: add check to see if user name already exists

if(($password1 == $password2) && ($password1 != "")) {
if($estat == 1) {
if(($username != "") && (mysql_num_rows($test) == 0)) {
$password = $password1;
$initip = $REMOTE_ADDR;
$lastip = $REMOTE_ADDR;

    $sql = "INSERT INTO player (permemail, username, password, realname, aim, icq, userexitmsg, initip, lastip) VALUES ('$permemail', '$username', password('$password'), '$realname', '$aim', '$icq', '$userexitmsg', '$initip', '$lastip')";

    $result = mysql_query($sql);

philipolson

Try rewriting:

$result = mysql_query($sql);

With:

if (!$result = mysql_query($sql)) {
    print "Could not run query ($sql) : " . mysql_error();
    exit;
}

Essentially, mysql_query() returns FALSE on failure so we're checking that. Another potentially useful function for this sort of thing is mysql_affected_rows(). It'll return the number of rows affected by your query, in this case, your INSERT

The mysql_error() function is very useful. In production code you most likely won't want to show such errors, code accordingly.

jeannie2002

I get a parse error on the second line of this code.

if (!$result = mysql_query($sql)) {
print "Could not run query ($sql) : " . mysql_error();
exit;
}

philipolson

Strange, there is no parse error in that code ... must be from somewhere else.

philipolson

Hello? Btw, one thing I forgot was a @ to suppress mysql_query, so:

if (!$result = @mysql_query($sql)) {
    print "Could not run query ($sql) : " . mysql_error();
    exit;
}

Since we're handling the error ourselves. Maybe that error was what you meant as a parse error? Please explain.