Quick help needed (easy question)

nicknax

<html>
<head>
<meta http-equiv="refresh" content="5;url=http://site.com/location.html">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
</html>
<?php

$boardid = $_POST['boardid'];

if($_POST['username'] == 'Guest') { die("Sorry, only members can add todo items!"); }

// connect to server, database, table.
include ("connect.php");

// add the new information into the database
$query = "INSERT INTO $boardid (username,date,news) VALUES ('$POST[username]','$POST[date]','$_POST[news]')";
if(!mysql_db_query($dbname,$query,$link_id)) die(mysql_error());
echo "Added new todo item to database :-)";

echo "<br />";
echo "You shuold be redirected in 5 seconds. If not, <a href=\"index.php\">click here</a>!";
?>

any ideas why that brings up mysql error, anyone?
(its for my chat boards)

marian

you get mysql error from your query

$query = "INSERT INTO $boardid (username,date,news) VALUES ('$POST[username]','$POST[date]','$_POST[news]')

or from the connection;

include ("connect.php");

so check your select statment well and also check to see if you have the right username and password to connect to the database

goodluck

nicknax

it's all fine, but... You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '(username,date,news) VALUES ('admin','10/12/04 02:31 pm <

tsinka

Hi,

seems like $boardid/$_POST['boardid'] isn't set so the tablename is wrong. If $boardid is set ... which value does it contain ?

Thomas

nicknax

on form.php, I have

<form method="post" action="postChat.php">
<p align="left">
<b>                       
</b><u><b><center>Add Todo Task</center></b></u></p>
<table border="0" cellpadding="0" cellspacing="0" width="302" height="168">
<tr>
<td width="64" height="13">Name:</td>
<td height="13" width="274">
<p align="left" style="border-style: solid; border-width: 1"><b> <? echo name?></b></p>
</td></tr>
<tr>
<td width="64" height="111">Todo:</td>
<td width="236" height="111"> <textarea rows="5" name="news" cols="27"></textarea></td>
</tr>
<tr>
<td width="1" height="1"><input type="hidden" name="date" value="<?php
// prints something like: Wednesday the 15th
print date("d/m/y h:i a");

?></td>
<td width="1" height="1"><input type="hidden" name="username" value="<? echo name ?>"</<input type="hidden" name="boardid" value="game"</td><input type="submit" name="submit" value="Post Todo" />
</td>
<td width="236" height="27">
</td>
</tr>
</table>
<p> <br />
</p>
</form>
</body>
</html>
</html>

So i assume it posts this to the code as post 1

tsinka

Ok,

the HTML code is partly invalid, especially the part with the boardid input (some tags are not correctly closed).

wrong code:

  <input type="hidden" name="username" value="<? echo name ?>"</
  <input type="hidden" name="boardid" value="game"
</td>
<input type="submit" name="submit" value="Post Todo" />

Look at the two hidden inputs. The first one isn't closed correctly, the second not closed at all. Additionally, the table tags are not correct. Always make sure that you have correct <tr><td>...</td></tr> sequences (not something like e.g. <tr><td>...</td></td></tr></td>). Some browsers might have difficulties displaying the table correctly.

Add print_r($_POST) to the PHP code to check how the POST data looks like.

Besides that the code is a little bit dangerous and might be open to SQL injection.

Never post certain parts of a SQL query like table names or field names (or even complete SQL queries) directly with a form.

At least check if the submitted table name and user name is valid.

The hidden input with the username is some kind of dangerous, too, because users can submit whatever they want as username since you don't check if the username is valid. I'd suggest to use sessions to store certain data you need on several pages (like username/user id and stuff like that).

Thomas