469,578 Members | 1,775 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,578 developers. It's quick & easy.

Why isn't my script inserting info into my mysql database?

Ajm113
161 100+
Ok, when I was new to this I had this problem and I bet a lot of other people did when they where new to PHP and Mysql. So this mite be your question;
"Ok, no errors or warnings in mysql and php so why isn't the script entering info into my row?".

Well to awnser your question most servers that you pay for monthly or own will have a anti mysql injection attack. So it will not allow the injection to enter in your database for your protection and theirs.

"Whats a mysql injection attack and how does it happen?"

Lets say you made a emailer for your first project or a comments area and you wanted the user to enter anything he or she wants on your comments area. But if they enter in single qoutes into your textarea/input field that means they can do anything they want to your database! Using simple mysql commands if they wanted. So that means big trouble to you when you do this kind of stuff so befor you jump off your seat and start publishing stuff like a comments system it is best to protect it.

"Ok, so whats best to protect this ordeal?"

Well their are two ways that will work or not. One way is the mysql_escape_string function. Which works perfect for me that is...

"This function will escape the unescaped_string, so that it is safe to place it in a mysql_query(). This function is deprecated.

This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting."


As you can see it is simmulare to the real_escape function.

The real_escape string works great, but sometimes servers arn't configured to this function so if you get errors that you think are unfixable that envolve this function then go with the mysql_escape_string. It will usauly something like "Cannot connect to nobody@localhost on mysql-real-escape-string." Something like that I forgot how it said it, but it is something like that.

It is also best and wise since html can sometime convert spaces or single quotes into slashes or browser friendly text like a url you mite want to use the stripslashes

Example of inserting data into a database the good way:

[PHP]<?php

require('connect.php'); //use the mysql_connect function in this file

$text = htmlentities(stripslashes(mysql_escape_string($_PO ST['text'])));

mysql_query("INSERT INTO table (stories) VALUES ('$text')");

?>[/PHP]

Sorry if I forgot something, but this is what I know and do with all my scripts.
Jun 7 '07 #1
1 1483
Wrong session to post,:)
Jun 7 '07 #2

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

1 post views Thread by E | last post: by
5 posts views Thread by news | last post: by
10 posts views Thread by Jerim | last post: by
6 posts views Thread by Bunty | last post: by
reply views Thread by suresh191 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.