Re: Problems with a script. .

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John R. Sims, Jr. wrote:
> <?php
[snip * - not even gunna bother]
> </HTML>

Okay, quick/proper fixes 1 - 4:

1) you never open a <FORM> element, you only close it - you'll be wanting one, probably with a method="POST".

2) you should quote your array indices... just because php will evaluate them as themselves doesn't mean it's a good thing to rely on.
wrong: ($_POST[master_id] == "")) {
right: ($_POST['master_id'] == "")) {


3) you should similarly quote and curly group for the mysql queries.
wrong:
$add_master = "insert into client values ($_POST[fname]', '$_POST[lname]')";
right:
$add_master = "insert into client values ('{$_POST['fname']}',
'{$_POST['lname']}')";

4) also, all of your queries are doing inserts - they're not specifying the fields they are to insert into, and I'm sure many of them should in fact be UPDATE statements. You'll want to fix that before your data gets *too* sparse.

....

Once that's all fixed, go to step 5.

....

5) rewrite all the database accesses to prevent people from doing sql injection attacks and ruining everything.

cheers,
--
- Martin Norland, Sys Admin / Database / Web Developer, International Outreach x3257
The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital.


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux