Tijnema ! wrote:
> On 3/11/07, Mike Shanley <thebarmy@xxxxxxxxxxxxxxxxx> wrote:
>>
>> Hi,
>>
>> I am just not understanding what I could have possibly done wrong with
>> this query. All of the variables are good, without special characters in
>> any sense of the word... So why isn't it importing anything?
>>
>> Thanks!
>>
>> $q = "INSERT INTO
>>
>> `visitors`(`username`,`password`,`email`,`firstname`,`lastname`,`birthdate`,`verifythis`)
>>
>> VALUES ('".$username."',
>> '".md5($password1)."',
>> '".$email."',
>> '".$firstname."',
>> '".$lastname."',
>> '".$birthdate."',
>> '".$verifythis."');";
^ -- oh my look at that, that's no good.
>> mysql_query($q);
>
>
> * me is gettings crazy!!!
you haven't been here very long have you Tijnema.
> ALWAYS USE THE MYSQL_ERROR COMMAND!
indeed.
> mysql_query($q);
> becomes
> mysql_query($q) or die(mysql_error());
only my stance is that the above construction sucks, it makes for very brittle
code and there is nothing to say whether when this query fails the whole script
needs to die ... another thing is that when the sql breaks your giving the
[potential] evil haxor b'std all the information he needs to perform some kind of
sql injection attack.
I recommend logging the error, and/or using some kind of debug mode in addition to
a more sophistication approach to deciding if/when to exit the script.
but the basic advice sticks: check your return values and examine any/all relevant
error messages.
> then post the result of the error, or fix it by yourself when you know
> where
> the error is.
>
> Tijnema
>
> --
>> Mike Shanley
>>
>> ~you are almost there~
me? I've been there, smoked it and got the t-shirt to prove it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
