A community in which webmasters can ask for help with topics such as PHP coding , MySQL , IT jobs, web design, IT security.
Current location:homephp forumphp talk in 2009 yearPHP Query Fail - page 1
User InfoPosts
PHP Query Fail#1
<?php
if(isset($_POST[(upload(]) && $_FILES[(userfile(][(size(] > 0)
{
$dbhost = (localhost(;
$dbuser = (zuk1_boo(;
$dbpass = (lols(;
$dbname = (zuk1_boo(;

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ((Error connecting to mysql();

$name = $_POST[(name(];
$iq = $_POST[(iq(];

$nuname = str_replace(" ", "-", $name);
$nuname = $nuname.".gif";
$path = "img/$nuname";

move_uploaded_file($_FILES[(userfile(][(tmp_name(],$path);

$query = "INSERT INTO celebs (celeb,path1,iqq) VALUES (($name(,($path(,($iq()";

mysql_query($query) or die((q fail();

mysql_close($conn);

echo "<br>File $fileName uploaded<br>";
}
?>

<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr>
<tr><td><input name="name" type="text" value="name"></td></tr>
<tr><td><input name="iq" type="text" value="iq"></td></tr>
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile">
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>


Bare in mind there is an ID row with auto increment but even if I add that to the query it still won(t work.

No matter what I do with this query it just WILL not work, I(ve triple checked the sql details and they are fine, even though it appears to be connecting fine anyway. I(ve played with the field names in the query and they should be fine but it just won(t work! $5 Paypal to anyone who can help me, I honestly am so frustrated it(s untrue.

posted date: 2009-04-15 07:32:00


Re: PHP Query Fail#2
I had made out the solution of this problem. click to view my topic...

hope that hepls.

posted date: 2009-04-15 07:32:01


Re: PHP Query Fail#3
mysql_query($query) or die((q fail();Replace this withmysql_query($query) or die(mysql_error());And tell us what you get.

posted date: 2009-04-15 07:33:00


Re: PHP Query Fail#4
What's the error?

posted date: 2009-04-15 07:34:00


Re: PHP Query Fail#5
I'm an absolute d*ck head, that's what you get. DB not selected. Sometimes I get so frustrated with problems I miss the obvious :)

posted date: 2009-04-15 07:41:00


Re: PHP Query Fail#6
Where's my 5$ :P

posted date: 2009-04-15 07:43:00


Re: PHP Query Fail#7
Well, now that you(ve solved the actual problem, I think it(s good to point out that you have massive gaping SQL injection holes.The ideal way to fix would be switching to using the PDO or MySQLi functions and use parameterized queries, but the quickest fix would be to change these lines:$name = $_POST[(name(];$iq = $_POST[(iq(];to$name = mysql_real_escape_string($_POST[(name(]);$iq = mysql_real_escape_string($_POST[(iq(]);The code you have now would be extremely unsafe to make public.

posted date: 2009-04-15 07:45:00


Re: PHP Query Fail#8
Thanks for your help, didn't bother looking into securing it because this will be password protected and used for admin only. But good for future reference!

posted date: 2009-04-15 07:47:00


Re: PHP Query Fail#9
Hehe nah :) Just accept the answer :D

posted date: 2009-04-15 07:48:00


Re: PHP Query Fail#10
You should never count on that for security. If someone guessed the password, they could have full access to your database, instead of just being able to use the admin tools.

posted date: 2009-04-15 07:50:00


Re: PHP Query Fail#11
Half the time my coworkers come to me with an SQL problem, they haven't checked mysql_error(), and when they do the answer is obvious.

posted date: 2009-04-15 08:00:00


Re: PHP Query Fail#12
Why all the downvotes?

posted date: 2009-11-09 16:11:00


select page: « 1 2 »
Copyright ©2008-2017 www.momige.com, all rights reserved.