By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,689 Members | 1,731 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,689 IT Pros & Developers. It's quick & easy.

Can't insert record into Access Database

P: 1
I'm trying to create a registration/login script using Access 2003. I'm using ADOdb to connect through ODBC.

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. // Connects to your Database
  3. include('adodb/adodb.inc.php');       # load code common to ADOdb
  4. $db = &ADONewConnection('access');    # create a connection
  5. $db->PConnect('evdb');   # connect to MS-Access, evdb DSN
  6. $db->debug = true;
  7.  
  8. //This code runs if the form has been submitted
  9. if (isset($_POST['submit'])) {
  10.  
  11. //This makes sure they did not leave any fields blank
  12. if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
  13. die('You did not complete all of the required fields, <a href="reg.php">Return</a>');
  14. }
  15.  
  16. // checks if the username is in use
  17. if (!get_magic_quotes_gpc()) {
  18. $_POST['username'] = addslashes($_POST['username']);
  19. }
  20. $usercheck = $_POST['username'];
  21. $check = $db->GetRow("SELECT user.username FROM [user] WHERE username = '$usercheck'")
  22. or die('<b>Could Not Connect to Server</b>');
  23. $check2 = count($check);
  24.  
  25.  
  26. //if the name exists it gives an error
  27. if ($check2 != 0) {
  28. die('Sorry, the username '.$_POST['username'].' is already in use.');
  29. }
  30.  
  31. // this makes sure both passwords entered match
  32. if ($_POST['pass'] != $_POST['pass2']) {
  33. die('Your passwords did not match.');
  34. }
  35.  
  36. // here we encrypt the password and add slashes if needed
  37. $_POST['pass'] = md5($_POST['pass']);
  38. if (!get_magic_quotes_gpc()) {
  39. $_POST['pass'] = addslashes($_POST['pass']);
  40. $_POST['username'] = addslashes($_POST['username']);
  41. }
  42.  
  43. // now we insert it into the database
  44. $insert = "INSERT INTO user ( username, password )
  45. VALUES ('".$_POST['username']."','".$_POST['pass']."')";
  46. //echo $insert;
  47. $add_member = $db->Execute($insert);
  48. ?>
  49.  
The problem is that I get the little custom error Could Not Connect to Server when I try to insert a record, yet when I use the form with a username I inserted through Access it reads it just fine and returns if the username has been used. Also if I removed line line 23 (the one with the error) and it'll complete the script, but it won't insert the record.
Jun 1 '07 #1
Share this Question
Share on Google+
1 Reply


ronnil
Expert 100+
P: 134
I'm sorry, I do not have an answer to your question, but i discovered a bug in your code, which could make you pull your hair out later on.

Personally i consider tampering with the global variables of php bad coding practice, and this proves why:

at line 17-18 you check if magic quotes is on (which is a good thing), but then you set the $_POST['username'] = something

Expand|Select|Wrap|Line Numbers
  1. if (!get_magic_quotes_gpc()) {
  2.     $_POST['username'] = addslashes($_POST['username']);
  3. }
at line 38-41 you put this code. This time, you give addslashes an already escaped string, forcing it to do double escaping:

Expand|Select|Wrap|Line Numbers
  1. if (!get_magic_quotes_gpc()) {
  2.     $_POST['pass'] = addslashes($_POST['pass']);
  3.     $_POST['username'] = addslashes($_POST['username']);
  4. }
The result is, that if magic_quotes_gpc is off, you will put in a double escaped string into the database, whilst only checking the username with a single escaped string.

In other words, with magic quotes off, you will never trigger the "username exists" part. (unless your database is too smart for it's own good, since you should be knowing what you're doing), say we post a string like

I'mthegreatest

your script will search for:
I\'mthegreatest

and then it will insert
I\\'mthegreatest

This can be avoided by setting another variable as the placeholder. for instance:

Expand|Select|Wrap|Line Numbers
  1. if(!get_magic_quotes_gpc())
  2. {
  3.     $username = addslashes($_POST['username']);
  4. } else {
  5.     $username = $_POST['username']
  6.  
This, in worst case scenario, assigns a new value to the $username, so if make this action two times in a row, you still get the same result.

And you might as well instantiate all the variables at once (giving a minimal perfomance increase i guess :P)

This could actually also prove to be the solution, depending on what goes on inside $db->Execute, but I'm pretty certain it won't.

either case... never ever tamper with your original data, make a copy and play around with that.

Hope this helps someway around :)
Jun 2 '07 #2

Post your reply

Sign in to post your reply or Sign up for a free account.