Karl DeSaulniers wrote:
HI,
Thanks for your response. Here is my query. UserID is auto incrament and
UserLastLogin is a current_timestamp.
$query_users = "INSERT INTO users(UserID, Username, UserEmail,
UserPassword, UserFirstName, UserLastName, UserCompany, UserAddress,
UserAddress2, UserCity, UserState, UserCountry, UserZip, UserPhone,
UserFax, UserEmailVerified, UserRegistrationDate, UserVerificationCode,
UserIP, UserLastLogin)
VALUES('NULL','".$Username."','".$UserEmail."','".$UserPassword."','".$UserFirstName."','".$UserLastName."','".$UserCompany."','".$UserAddress."','".$UserAddress2."','".$UserCity."','".$UserState."','".$UserCountry."','".$UserZip."','".$UserPhone."','".$UserFax."','".$UserEmailVerified."','".$UserRegistrationDate."','".$UserVerificationCode."','".$UserIP."',
now())";
This works as far as populating the database, but my results page does
not return anything.
Only if the VALUES is set like this:
VALUES('NULL','".$Username=$_POST['Username']."','".$UserEmail=$_POST['UserEmail']."','".$UserPassword=$_POST['UserPassword']."','".$UserFirstName=$_POST['UserFirstName']."','".$UserLastName=$_POST['UserLastName']."','".$UserCompany=$_POST[$UserCompany]."','".$UserAddress=$_POST['UserAddress']."','".$UserAddress2=$_POST['UserAddress2']."','".$UserCity=$_POST['UserCity']."','".$UserState=$_POST['UserState']."','".$UserCountry=$_POST[$UserCountry]."','".$UserZip=$_POST['UserZip']."','".$UserPhone=$_POST['UserPhone']."','".$UserFax=$_POST[$UserFax]."','".$UserEmailVerified=$_POST[$UserEmailVerified]."','".$UserRegistrationDate=$_POST[$UserRegistrationDate]."','".$UserVerificationCode=$_POST['UserVerificationCode']."','".$UserIP=$_POST[$UserIP]."',
now())";
but some do not work with this setup. variables like $UserEmailVerified,
$UserRegistrationDate and $UserIP are not created from the form that was
submitted.
for example, User IP date is created like this.
$UserIP = md5($_SERVER[REMOTE_ADDR]);
Problem 1 is sql injection. Wrap each variable in a
mysql_real_escape_string call:
insert into table (...) values ('" . mysql_real_escape_string($username)
. "' ....
also quoting 'NULL' means it will add 'NULL' as the id - not what you
want. You can leave out the column to use the default from the database.
Any errors from mysql?
Add:
echo mysql_error();
after your insert call.
---------------------
Below is a snip of how I retrieve the info on the result page (dont want
to clutter with whole code. also $fieldOne etc are MySql wildcards '%'
from some dropdown lists that show before this code is executed. The
results from adding show up fine there.)
$query_users = "SELECT * FROM users WHERE UserID LIKE '$fieldOne' AND
Username LIKE '$fieldTwo' AND UserEmail LIKE '$fieldThree' AND
UserPassword LIKE '$fieldFour' AND UserFirstName LIKE '$fieldFive' AND
UserLastName LIKE '$fieldSix' AND UserCompany LIKE '$fieldSeven' AND
UserAddress LIKE '$fieldEight' AND UserAddress2 LIKE '$fieldNine' AND
UserCity LIKE '$fieldTen' AND UserState LIKE '$fieldEleven' AND
UserCountry LIKE '$fieldTwelve' AND UserZip LIKE '$fieldThirteen' AND
UserPhone LIKE '$fieldFourteen' AND UserFax LIKE '$fieldFifteen' AND
UserEmailVerified LIKE '$fieldSixteen' AND UserRegistrationDate LIKE
'$fieldSeventeen' AND UserVerificationCode LIKE '$fieldEighteen' AND
UserIP LIKE '$fieldNineteen' AND UserLastLogin LIKE '$fieldTwenty' LIMIT
$min, $max_results";
Again you need to escape all your data (except $min, $max_results - just
make sure they are always integers).
I'm assuming there are no errors reported by mysql.
To debug this, I'd simplify the query and work out which bit isn't
matching what you want (it could be $fieldOne isn't quite what you
expect, or it could be $fieldEleven or $fieldEighteen or ..).
Start off with one field, then add another and go from there.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
