Insert row to MySQL Table using PHP Form -

-

i user able insert "bid" mysql table using php form - demo, not live purpose. following error message,

error: have error in sql syntax; check manual corresponds mysql server version right syntax use near ''90','2011-07-13'' @ line 3 (line 3 refers tag?) figure doesnt form inputs being "text" type, no idea how fix - advice welcome, form & php code below;

<form action="insert.php" method="post"> <div><label for="commodity">commodity</label><input type="text" name="commodity"/></div> <div><label for="region">region</label><input type="text" name="region"/></div> <div><label for="member">member</label><input type="text" name="member" /></div> <div><label for="size">size</label><input type="int" name="size" /></div> <div><label for="price">post bid</label><input type="decimal" name="price" /></div> <div><label for="posted">date posted</label><input type="text" name="posted"/></div> <p><label for="submit">submit bid</label><input type="submit" /></p> </form>

& php

<?php $con = mysql_connect("localhost","",""); if (!$con)   {   die('could not connect: ' . mysql_error());   } mysql_select_db("palegall_newtrader", $con); $sql="insert `buy` (commodity, region, member, size, price, posted) values ('$_post[commodity]','$_post[region]','$_post[member]','$_post[size]','$_post[price]','$_post[posted]'"; if (!mysql_query($sql,$con))   {   die('error: ' . mysql_error());   } echo "1 record added"; mysql_close($con) ?>

many in advance, scotia

you're vulnerable sql injection, , post contains ', causing syntax error. try following:

$commodity = mysql_real_escape_string($_post['commodity']); $region = mysql_real_escape_string($_post['region']); etc...  $sql = "insert ... values ('$commodity', '$region', etc...)";

the escape function ensure sql metacharacters in data escaped, can't "break" query. never ever directly insert user-provided data sql query, if it's simple script ever use. habit of escaping (or better yet, using pdo prepared statements), because @ point, you'll burned if don't.


Comments

Post a Comment

Popular posts from this blog

linux - Using a Cron Job to check if my mod_wsgi / apache server is running and restart -

-
my group , running server based upon django , uses mod_wsgi run apache server. not working on project after over, attempting set cronjob similar functionality check if apache server has shut down(system restart or power failure), , if has, restart server me. i've found documentation on how check if apache server down , restart server if is, our server uses https , our start command pretty verbose. can use functionality provided in these examples: https://askubuntu.com/questions/277389/cron-job-to-restart-apache https://www.digitalocean.com/community/tutorials/how-to-use-a-simple-bash-script-to-restart-server-programs or need more complicated process make happen? the command use start server is python manage.py runmodwsgi --host 0.0.0.0 --port 8001 --https-port 8000 --ssl-certificate (certificate location) --server-name (domain name) i'm pretty new linux , using both mod-wsgi apache appreciated. you better off using --setup-only option mod_wsgi-expres
Read more

actionscript 3 - TweenLite does not work with object -

-
i got following problem: i have object called tempscore game. this object blitted canvas renderer via copypixels method. object not display object. it's score-object (self made). score-object extends object called basicblitarrayobject. basicblitarrayobject extends eventdispatcher (therefore no display object). i tried apply several different tweenlite-plugins tempscore-object (i.e. transformaroundcenter, colormatrixfilter, etc.). nothing happens. absolutely nothing. sometimes error messages (when plugin requires display object , object not display object). far good. according greensock (maker of tweenlite) engine can tween numeric property of object. when plugin transformaroundcenter requires display object tweening have modify plugin working non-display object (tempscore). can't because it's way hard me. my game rests upon code: http://www.8bitrocket.com/book/ch11_blastermines.zip try apply tweenlite object called tempmine inside game class blastermines.
Read more

jQuery Ajax Render Fragments OR Whole Page -

-
i'm in throes of building application wraps mess of legacy code. page working on, need substitute fragment divs constructed on back-end -- or else need replace entire page altogether. idea there dynamically controlled flow needs satisfied before can forward legacy product. substituting fragments works fine, seen in below my_body_content swap. trouble comes when i'm trying render not fragment, whole page, in "body" swap. @ point page goes blank. i want similar errors returned server. want nice rest 404 error messages displayed on screen, legacy-product 404s show in legacy-product 404 page. yes, requirements project weird. that's not problem can fix. here's jquery invocation, names changed protect guilty: $.ajax({ url: "places/things", type: "post", data: json.stringify(somebadassobject), datatype: "text", accepts: "text/html", contenttype: "application/json; charset=
Read more