You are here: Re: Query using html form variables « PHP SQL « IT news, forums, messages
Re: Query using html form variables

Posted by ft310 on 07/13/05 00:30

Thanks for your input -- the code I provided left alll of the error checking
you recommended out but it is there.

I gather from your message that nothing is going to happen unless I
logically engage the submit function.

Is there no why to do this otherwise -- I am surprised the exchange of hthl
variables and php variable is so circuitous

Again thanks.

"Hilarion" <hilarion@SPAM.op.SMIECI.pl> wrote in message
news:db19o1$29r$1@news.onet.pl...
> > $localCounty = $_POST[ holdCounty ];
> > $localState = $_POST[ holdState ];
> > $localTest = $_POST[ County ];
>
> Should be:
>
> $localCounty = $_POST[ 'holdCounty' ];
> $localState = $_POST[ 'holdState' ];
> $localTest = $_POST[ 'County' ];
>
> or if you defined "GET" as submit method of the form:
>
> $localCounty = $_GET[ 'holdCounty' ];
> $localState = $_GET[ 'holdState' ];
> $localTest = $_GET[ 'County' ];
>
>
> > $s_sqlT2="WHERE County='".$localCounty."' AND State='".$localState."' ";
>
> You should use some escaping unless you have magic quotes turned on.
> Check what happens if someone types "'; DELETE FROM LocationsGB; --"
> in the "holdState" input field.
>
>
> > $dbt = mysql_connect( 'localhost', 'rhodeisl_ft310', 'billwilson' );
>
> You shoud test if the connection was established eg. like this:
>
> $dbt = mysql_connect( 'localhost', 'rhodeisl_ft310', 'billwilson' );
> if ($dbt===FALSE)
> {
> die( 'Error connecting to SQL server: ' . mysql_error() );
> }
>
>
> > mysql_select_db('rhodeisl_RISC',$dbt) ;
>
> Just as above:
> if (!mysql_select_db( 'rhodeisl_RISC', $dbt ))
> {
> die( 'Error switching to target database: ' . mysql_error() );
> }
>
>
> > $resultT = mysql_query( $s_sqlT0, $dbt );
>
> And again:
> $resultT = mysql_query( $s_sqlT0, $dbt );
> if ($resultT===FALSE)
> {
> die( 'Error executing query: ' . mysql_error() );
> }
>
>
> > At the end of this there is no information returned from the database.
>
> How do you check this?
>
>
> > A. The full SQL statement is constructed ($s_sqlT0) but the values
for
> > $localCounty and $localState are not there
>
> Not where? In $s_sqlT0? If so, then you are probably not passing the
> form data by POST, but by GET, or you did not submit the form
> (<input type="submit">).
>
>
> > D. holdCounty and holdState are html form text boxes and have
information
> > in them
>
> Is the HTML <form> constructed correctly? Is it submited correctly?
>
>
> > Please help -- why does that code not work?
>
> Post the HTML of the <form> and names of script files in which the
> form and the script you allready posted reside.
>
>
> Hilarion
>
>

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация