0

This wont work. All the fields are correct etc and I have a db connection.

To the problem

I use this script to insert a post into the db:

<?php

if (isset($_POST['msg'])) {

$title = mysql_real_escape_string($_POST['title']);
$msg = mysql_real_escape_string($_POST['msg']);

// kolla efter tomma fält
if (empty($title) || empty($msg)) {
$reg_error[] = 1;
}

if (!isset($reg_error)) {
mysql_query("INSERT INTO messages (title, message, date, user_id)
             VALUES('$title', '$msg', '".time()."', '2')");

header('location: /');

exit;

}


}
?>

The Form:

<form action="post_msg.php" method="post">

<b>Title:</b>
<input type="text" name="title" size="40" />


<b>Message:</b>
<textarea rows="15" cols="75" name="msg"></textarea>


<input type="submit" value="Post Message" />
</form>

Worked fine the other day. Not today. No errors. The "post stuff" shows up in the url. I thought it only did when using $_GET which i dont. http://localhost/post_msg.php?title=fdsg&msg=sdfg

i dont get any errors the page just reloads

messages db

CREATE TABLE IF NOT EXISTS `messages` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`title` varchar(140) COLLATE utf8_unicode_ci DEFAULT NULL,
`message` text COLLATE utf8_unicode_ci
`date` int(10) unsigned NOT NULL,
`user_id` int(10) unsigned NOT NULL,
 PRIMARY KEY (`id`),
 FULLTEXT KEY `title` (`title`,`message`)
Improve this question
6
  • Could you post the opening tag for the form? Commented Jun 29, 2009 at 15:20
  • Why all the extra quotes around time()? Commented Jun 29, 2009 at 15:21
  • where is your opening tag for the form? Commented Jun 29, 2009 at 15:22
  • You should test the number of rows affected or the insert_id of your mysql_query to ensure things went smoothly. If they didn't, you should print your query out - maybe before that consider print_r($_POST) just to see what values ARE getting passed through. Commented Jun 29, 2009 at 15:30
  • Sounds like you're looking at the wrong files (either by testing wrong URL or by looking into the source of another file). Commented Jun 29, 2009 at 15:36

8 Answers 8

Reset to default
4

Sounds like your form isn't set to use POST

<form action="post_msg.php" method="post">
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

A few comments that might help:

  1. Please provide log output, error messages
  2. Print the SQL and run it manually on the server, what errors occur?
  3. Your SQL construction using string concatenation is really grim and probably a security hazard.

Look at the documentation for PDO. The API in PHP, although inconsistently named is fairly stable. So it is most likely that you did something wrong, in which case an error should ensue.

Improve this answer

1 Comment

when i ran it direct it worked mysql_query("INSERT INTO messages (title, message, date, user_id) VALUES('test', 'test', '".time()."', '2')");
1

If everything works fine you get a result. But if anything "fails" you get nothing, no message what so ever. It leaves you in the dark, clueless. And that's bad.
Turn on the error reporting. Don't just have an if-block, add an else-block, too.

<?php
error_reporting(E_ALL); ini_set('display_errors', true);
if (isset($_POST['msg'])) {
    $title = mysql_real_escape_string($_POST['title'])
      or die('escape_string title failed');
    $msg = mysql_real_escape_string($_POST['msg'])
      or die('escape_string msg failed');
    // kolla efter tomma fält
    if (empty($title) || empty($msg)) {
        $reg_error[] = 1;
    }

    if (!isset($reg_error)) {
        mysql_query("INSERT INTO messages (title, message, date, user_id)
          VALUES('$title', '$msg', '".time()."', '2')")
          or die(mysql_error());
        header('location: /');
        exit;
    }
    else {
        print_r($reg_error);
    }
}
else {
    echo 'post parameter "msg" missing';
}
?>
Improve this answer

Comments

0

echo what the query result

echo mysql_errno($link) . ": " . mysql_error($link) . "\n";

did the script enter to the line that doing the query ?

Improve this answer

Comments

0

Remove the redirect header and type this at the end of the script for debugging:

var_dump($_POST); echo mysql_error();

Improve this answer

1 Comment

this is what i got: array(0) { }
0

I just noticed something weird...

$reg_error is an array the way you wrote it.

$reg_error[] = 1;

So.. assign a key to that array, like $reg_error[0] or whatever.. and then

if(count($reg_error) > 0) { /* your code */ }

..or just remove the [] brackets from $reg_error and leave the if/else as is.

Improve this answer

Comments

0

With the code provided, reg_error is only used to determine whether or not perform the SQL. Instead of setting a variable (since its only set dependent upon a conditional statement), why not just change your code to do:

<?php

if (isset($_POST['msg'])) {

$title = mysql_real_escape_string($_POST['title']);
$msg = mysql_real_escape_string($_POST['msg']);

// kolla efter tomma fält
if (!empty($title) && !empty($msg)) {

  mysql_query("INSERT INTO messages (title, message, date, user_id)
             VALUES('$title', '$msg', '".time()."', '2')");

  header('location: /');

  exit;

}

else {

  echo "There was an error";

}


}
?>

This would simply the code. The else statement would obviously, eventually be modified, but for now would give you a fall back way of showing you if it even attempted the SQL query. If its not, the condition is failing and you arent getting values from the post for some reason.

The only way your URL would change is if the method of the form tag was changed. If it's set to post, it shouldnt show in the URL.

Improve this answer

1 Comment

thanks thats nicer. and yeah its set to post but it still shows in the url. very weird i dont understand it
0

I found the problem! i checked my header.php file and guess what? there was a form i hadent closed :/ sorry for bothering you guys

Improve this answer

Comments