[RESOLVED] Can you tell me why this is just displaying my code?

dapuxter

<?php

$con = mysql_connect("sql3.phpnet.us", "login", "password");
if (!con)
   {
   die('Could not connect: '. mysql_error());
   }

mysql_select_db("dbname", $con);

$sql="INSERT_INTO outage (date, time, outagetype, mtcplant, city, node, services, custcount, cbs, impact, desc)
VALUES
('$_POST['date'],'$_POST['time']','$_POST['outagetype']','$_POST['mtcplant']','$_POST['city']','$_POST['node']','$_POST['services']','$_POST['custcount']','$_POST['cbs']','$_POST['impact']','$_POST['desc']')";

if (!mysql_query($sql,$con))
   {
   die('Error: ' . mysql_error());
   }
echo "Table successfully updated.";

mysql_close($con)

?>

This info is gotten from a form, who's only pertinent line I can think of is:

<form action="insert.php" method="post">

When I submit the form, all I get is an echo of the above php code. All of the "login", "password", and "dbname" etc fields are correct, I just changed them here for obvious reasons. I'm sure its something simple since I'm teaching myself php but I've been over it and been over it and can't figure it out. Thanks in advance!

Piranha

Are you sure that PHP runs on your server? Try to do a page with the following:

This text is from HTML<br />
<?php echo "This text is from PHP"; ?>

Please post the source code of the page being generated.

Flyier

<?php 

$con = mysql_connect("sql3.phpnet.us", "login", "password"); 
if (!$con) 
   { 
   die('Could not connect: '. mysql_error()); 
   } 

$select_db=mysql_select_db("dbname", $con); 
 if (!$select_db) {
    die ('Can\'t select db : ' . mysql_error());
}

$sql="INSERT INTO outage (date, time, outagetype, mtcplant, city, node, services, custcount, cbs, impact, desc) 
VALUES 
('$_POST['date'],'$_POST['time']','$_POST['outagetype']','$_POST['mtcplant']','$_POST['city']','$_POST['node']','$_POST['services']','$_POST['custcount']','$_POST['cbs']','$_POST['impact']','$_POST['desc']')"; 

if (!$result=mysql_query($sql,$con)) 
   { 
   die('Error: ' . mysql_error()); 
   } 
echo "Table successfully updated."; 

mysql_close($con);

?>

dapuxter

Here's the code of the page being generated:

<?php

$con = mysql_connect("sql3.phpnet.us","login","passwordl");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("dbnamet", $con);

$result = mysql_query("SELECT * FROM outage");

echo "<table border="1">
<tr>
<th>Date</th>
<th>Time</th>
<th>Planned/Unplanned</th>
<th>MTC/Plant</th>
<th>City</th>
<th>Node</th>
<th>Services Affected</th>
<th>Customer Count</th>
<th>CBS Customers Affected?</th>
<th>Impact</th>
<th>Description</th>
</tr>";

while($row = mysql_fetch_array($result))
   {
   echo "<tr>";
   echo "<td>" . $row['date'] . "</td>";
   echo "<td>" . $row['time'] . "</td>";
   echo "<td>" . $row['outagetype'] . "</td>";
   echo "<td>" . $row['mtcplant'] . "</td>";
   echo "<td>" . $row['city'] . "</td>";
   echo "<td>" . $row['node'] . "</td>";
   echo "<td>" . $row['services'] . "</td>";
   echo "<td>" . $row['custcount'] . "</td>";
   echo "<td>" . $row['cbs'] . "</td>";
   echo "<td>" . $row['impact'] . "</td>";
   echo "<td>" . $row['desc'] . "</td>";
   echo "</tr>";
   }
echo "</table>";

mysql_close($con);
?>

Piranha: I copied and pasted the test code above into a new file and it does display both lines so PHP is running.

Flyier: I see that you added a $result variable into the code but other than that I don't see any change. If that's all thats needed to fix it, can you explain why so I know in the future?

Edit: Also, I just replaced my code with yours, submitted the form, and still got a blank page so there's still an error somewhere since its not echoing the success line, right?

Thanks guys!

scross

So the output of your script is the code you placed in your last post?? If it outputting your php code then php obviously is not getting its hands on that file (or you're using short tags, but I can see you are clearly not and so don't need to worry about this).

dapuxter

You know, I thought I might have misunderstood the question the first time. The code in my 2nd post is the code that build my report from the database. The code in my first post is the code that's being displayed when I hit submit, and the code that's supposed to insert data into the database. Just in case I muddied the waters even further, here's the code that's being displayed when I hit submit on my html form:

<?php

$con = mysql_connect("sql3.phpnet.us", "login", "password");
if (!con)
   {
   die('Could not connect: '. mysql_error());
   }

mysql_select_db("dbname", $con);

$sql="INSERT_INTO outage (date, time, outagetype, mtcplant, city, node, services, custcount, cbs, impact, desc)
VALUES
('$_POST['date'],'$_POST['time']','$_POST['outagetype']','$_POST['mtcplant']','$_POST['city']','$_POST['node']','$_POST['services']','$_POST['custcount']','$_POST['cbs']','$_POST['impact']','$_POST['desc']')";

if (!mysql_query($sql,$con))
   {
   die('Error: ' . mysql_error());
   }
echo "Table successfully updated.";

mysql_close($con)

?>

And, just in case there's something obvious I'm missing, here's the HTML for my form in its entirety.

<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Outage Reporting Form</title>
<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<style type="text/css">
body {background-color:"E0EEEE"}

label {
	float:"left";
	width:"200px";
	font-family:"berlin sans fb";
	font-size:"120%";
	margin-left:"10px";
}

input {background-color:"CDC8B1"}
input.radio {background-color:"E0EEEE"}
input.checkfirst {background-color:"E0EEEE";}
input.checkfollow {background-color:"E0EEEE"}
input.submit {background-color:"838B8B"; border:"4px"; border:"F0FFFF"; margin-bottom:"1em"; margin-left:"2em"; margin-right:"1em"}

textarea {background-color:"CDC8B1"}

select {background-color:"CDC8B1"}

legend {font-size:"140%"; font-family:"berlin sans fb"}

br {clear:"left"}

</style>

</head>

<body>

<form action="insert.php" method="post">
<fieldset>
<legend>Outage Tracking Form</legend>
<br />
<label for="date">Date (MM/DD): </label>
<input type="text" name="date" maxlength="5" /><br />
<label for="time">Time (HH:MM): </label>
<input type="text" name="time" maxlength="5" />
<br />
<br />
<label for="outagetype">Planned/Unplanned?</label>
<input class="radio" type="radio" name="outagetype" value="planned" />Planned
<input class="radio" type="radio" name="outagetype" value="unplanned" checked="checked" />Unplanned
<br />
<label for="mtcplant">MTC/Plant:</label>
<input class="radio" type="radio" name="mtcplant" value="mtc" />MTC
<input class="radio" type="radio" name="mtcplant" value="plant" checked="checked" />Plant
<br />
<label for="city">Select a city: </label>
<select name="city">
<option value="1">Gainesville</option>
<option value="2">Ocala</option>
</select>
<br />
<label for="node">Node: </label>
<input type="text" name="node" size="5" maxlength="4" />
<br />
<label for="services">Services Affected: </label>
<input class="checkfirst" type="checkbox" name="services" value="video" />Video<br />
<label for="service"></label>
<input class="checkfollow" type="checkbox" name="services" value="data" />Data<br />
<label for="service"></label>
<input class="checkfollow" type="checkbox" name="services" value="phone" />CDT<br />
<label for="service"></label>
<input class="checkfollow" type="checkbox" name="services" value="all" />All Services<br />
<br />
<label for="custcount">Customers Affected: </label>
<input type="text" name="custcount" maxlength="10" size="10" /><br />
<label for="cbs">CBS Customers Affected?</label>
<input class="radio" type="radio" name="cbs" value="yes" />Yes
<input class="radio" type="radio" name="cbs" value="no" checked="checked" />No<br />
<br />
<br />
<label for="impact">Impact: </label>
<textarea name="impact" rows="4" cols="30">Actual End User Experience, so on and so forth.</textarea><br />
<br />
<label for="desc">Description: </label>
<textarea name="desc" rows="4" cols="30">Brief outage description.</textarea>
<br />
<br />
<input class="submit" type="submit" value="Report Outage" onclick="verify()" />
</fieldset>
</form>
</body>
</html>

I know there's no error correction, I just haven't added it yet. I'm the only person with access to it for now and I just want to get it working properly before I tidy it up.

Flyier

When I execute the sql query it gives me error:

SQL query:

INSERT INTO outage( DATE, TIME, outagetype, mtcplant, city, node, services, custcount, cbs, impact, DESC )
VALUES (
'we', 'rew', 'sd', 'ry', 'rtf', 'sa', 'oi', 'ew', 'vc', 'bhy', 'xs'
)

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc) VALUES ('we','rew','sd','ry','rtf','sa','oi','ew','vc','bh

May be you should use another names in the table instead of reserved words DATE, TIME and DESC.

You will get a MySQL query syntax error number 1064 when you incorrectly use a reserved word in your query such as "when" or "order".

MySQL 4 has additional reserved words that you cannot use and the full list of them is at http://www.mysql.com/doc/en/Reserved_words.html.

scross

No, just place backticks (`) around the names like so:

INSERT INTO `outage` ( `date`, `time`, `outagetype`, `mtcplant`, `city`, `node`, `services`, `custcount`, `cbs`, `impact`, `desc` )
VALUES (
'we', 'rew', 'sd', 'ry', 'rtf', 'sa', 'oi', 'ew', 'vc', 'bhy', 'xs'
)

Flyier

Scross is right. After placing backtickes everything worked perfectly.

dapuxter

Should I use backticks for the values also, or is single quotes ok for those? I'm going to try it just to find out, but just wondering.

scross

NO!! 🙂 Backticks are only for identifiers, this means: column names, table names, database names etc but they are very different to single quotes and double quotes and so should not be used for values. In simple terms:

Backticks - for identifiers
Single quotes/double quotes - for values

dapuxter

Well, I have progress now. I have it writing to my table, the only problem is its writing literally. As in instead of writing the value of $POST['varname'], its actually writing $POST['varname'] in every field. I think it might be a magic quote problem.

scross

No, just surround each of your $_POST['whatever'] values with { and }

dapuxter

Oh yeah, I remember reading that somewhere now. Thanks man, I'll try it out!

dapuxter

Ok, I'm still sort of stuck. I've got it either writing the variable names to the table or not doing anything at all. Here's the code that writes the variable names to the table:

<?php

$con = mysql_connect("sqlserver", "login", "password");
if (!con)
   {
   die('Could not connect: '. mysql_error());
   }

mysql_select_db("dbname", $con);

$sql = 'INSERT INTO `dbname`.`outage` (`id`, `date`, `time`, `outagetype`, `mtcplant`, `city`, `node`, `services`, `custcount`, `cbs`, `impact`, `desc`) VALUES (NULL, \'{$_POST[\'\'date\'\']}\', \'{$_POST[\'\'time\'\']}\', \'{$_POST[\'\'outagetype\'\']}\', \'{$_POST[\'\'mtcplant\'\']}\', \'{$_POST[\'\'city\'\']}\', \'{$_POST[\'\'node\'\']}\', \'{$_POST[\'\'services\'\']}\', \'{$_POST[\'\'custcount\'\']}\', \'{$_POST[\'\'cbs\'\']}\', \'{$_POST[\'\'impact\'\']}\', \'{$_POST[\'\'desc\'\']}\');';

if (!mysql_query($sql,$con))
   {
   die('Error: ' . mysql_error());
   }
echo "Table successfully updated.";

mysql_close($con)

?>

I got that just using a mysql command to write the data directly into the table and then using phpMyAdmin to generate php code for it. The script processes correctly and just inserts the variable names instead of the variable values.

Thinking it was a magic quotes problem, I turned magic quotes off in my control panel and changed the code to this (just the $sql= line since that's all I changed:

$sql = "INSERT_INTO `dbname`.`outage` (`id`,`date`,`time`,`outagetype`,`mtcplant`,`city`,`node`,`services`,`custcount`,`cbs`,`impact`,`desc`) VALUES 

(NULL,{$_POST['date']},{$_POST['time']},{$_POST['outagetype']},{$_POST['mtcplant']},{$_POST['city']},{$_POST['node']},{$_POST['services']},{$_

POST['custcount']},{$_POST['cbs']},{$_POST['impact']},{$_POST['desc']})";

I also tried surrounding each variable name structure with single quotes like: '{$_POST['date']}' and that didn't work either. In both of the last examples the script has no output, just a blank page.

Roger_Ramjet

If id is an autoinc column then you do NOT have it or ANY VALUE for it in the insert query - not never no how. Autoincs are generated by the db so just forget about them.

Now, you are not protecting yourself from sql injections. If you were then your query construction would also be much easier. Go to the manual to read about the 'Best Practice' for Queries. Do it that way and then all of your problems will disappear; especially this one about whether you need {} around the vars and what they are doing.

dapuxter

I assumed it would be easier to get it functioning and then worry about all the security code. I guess not though. Thanks for the link, I'll read it and see if it clarifies things for me!

Edit: Ok, I have a question about that. This line specifically:

$query = sprintf("INSERT INTO products (`name`, `description`, `user_id`) VALUES ('%s', '%s', '%d')",
                    mysql_real_escape_string($product_name, $link),
                    mysql_real_escape_string($product_description, $link),
                    $_POST['user_id']);

What does the '%s" and '%d' mean? Is that referencing the positions of the mysql_real_escape_string lines?

Piranha

[man]sprintf[/man] tells you about the different commands of sprintf.

dapuxter

Ok, got it. All of my variables can be strings since right now I don't plan on doing any operations with them other than displaying them. So, I changed my insert statement to this:

if(get_magic_quotes_gpc()) {
            $outagedate = stripslashes($_POST['date']);
            $outagetime = stripslashes($_POST['time']);
            $outagetype = striplslashes($_POST['outagetype']);
            $mtcplant = striplslashes($_POST['mtcplant']);
            $outagecity = striplslashes($_POST['city']);
            $outagenode = striplslashes($_POST['node']);
            $services = striplslashes($_POST['services']);
            $custcount = striplslashes($_POST['custcount']);
            $cbs = striplslashes($_POST['cbs']);
            $impact = striplslashes($_POST['impact']);
            $outagedesc = striplslashes($_POST['desc']);

    } else {

        $outagedate = $_POST['date'];
        $outagetime = $_POST['time'];
        $outagetype = $_POST['outagetype'];
        $mtcplant = $_POST['mtcplant'];
        $outagecity = $_POST['city'];
        $outagenode = $_POST['node'];
        $services = $_POST['services'];
        $custcount = $_POST['custcount'];
        $cbs = $_POST['cbs'];
        $impact = $_POST['impact'];
        $outagedesc = $_POST['desc'];

    }

mysql_select_db("dbname", $con);

$sql = sprintf("INSERT INTO `dbname`.`outage` (`date`, `time`, `outagetype`, `mtcplant`, `city`, `node`, `services`, `custcount`, `cbs`, `impact`, `desc`) VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')",
mysql_real_escape_string($outagedate, $con),
mysql_real_escape_string($outagetime, $con),
mysql_real_escape_string($outagetype, $con),
mysql_real_escape_string($mtcplant, $con),
mysql_real_escape_string($outagecity, $con),
mysql_real_escape_string($outagenode, $con),
mysql_real_escape_string($services, $con),
mysql_real_escape_string($custcount, $con),
mysql_real_escape_string($cbs, $con),
mysql_real_escape_string($impact, $con),
mysql_real_escape_string($outagedesc, $con),);


mysql_query($sql, $con);

if (mysql_affected_rows($con) > 0) {
            echo "Outage Inserted\n";
        }
     else {
    echo "Error writing entry.\n";
}

When I submit now I'm getting a blank page. I think I might be missing a { or } somewhere, but I can't find it. I might have also messed something up in the actual sprintf call.

Edit: I found the typo that was causing the problem and all is working now. Thanks guys!