Re: mysqli_connect problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/01/2010 07:54 PM, Thomas H. George wrote:
<?php  ...
	$alien_description = $_POST['aliendescription'];
	$what_they_did = $_POST['whattheydid'];
	$email = $_POST['email'];
...
	$query = "INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long,  " .
		"how_many, alien_description, what_they_did, fang_spotted, other, email) " .
		"VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many', " .
		"'$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email')";

Any suggestions?
Tom

Yes I have one. Whatever book you are using, burn it then shoot it!

Without looking at the query, it is most likely failing because you are inserting un-escaped data into your database. So when you enter something like: Goa'uld into your alien database then it will fail because you have an unescaped control character. This code, when freely accessible, will ensure that your database will be compromised quickly. Search for SQL Injection on Google.

Unfortunately I can not recommend a good beginners guide since most of the ones I have seen teach this kind of stuff but hopefully someone else on this list can.

BTW, you can do your mysql connection this way and get the error returned plus the SQL query.

mysqli_query($link, $sql) or die("<p>$sql</p>".mysqli_error($link));
--
John
Gerechtigkeit entspringt dem Neid; denn ihr oberster Grundsatz ist: Allen das Gleiche.
[Walther Rathenau]

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux