|
|
Posted by Hilarion on 08/22/05 16:58
> Nothing to do with priviliges or any Mysql problems.
>
> The code now reads
>
> $ip = $_SERVER['REMOTE_ADDR'];
> $file = $_SERVER['PHP_SELF'];
> $query = mysql_db_query($dbname, "INSERT INTO useronline
> VALUES('$timestamp','$ip','$file')") or die("<b>MySQL Error:</b>
> ".mysql_error());
>
>
> For some reason, be it the way i write it, the code will not run if
> $_SERVER['REMOTE_ADDR'] or $_SERVER['PHP_SELF'] is entered directly
> into the insert command.
You got it working, but the cause of problems was not using
(or not using) $_SERVER array directly, but using column names
in the INSERT query.
When I wrote:
$query = 'INSERT INTO useronline ( timestamp, ip, file ) '
. "VALUES ('" . mysql_escape_string( $timestamp ) . "', "
. "'" . mysql_escape_string( $_SERVER['REMOTE_ADDR'] ) . "', "
. "'" . mysql_escape_string( $_SERVER['PHP_SELF'] ) . "' )";
I assumed that the columns you are inserting into are called
"timestamp", "ip" and "file". I was probably right, but I forgot
that TIMESTAMP is reserved keword of SQL (at least in MySQL).
If you change the query above to:
$query = 'INSERT INTO useronline ( `timestamp`, `ip`, `file` ) '
. "VALUES ('" . mysql_escape_string( $timestamp ) . "', "
. "'" . mysql_escape_string( $_SERVER['REMOTE_ADDR'] ) . "', "
. "'" . mysql_escape_string( $_SERVER['PHP_SELF'] ) . "' )";
then it should work.
Why do I insist on using column names in INSERT query? Because
it makes the INSERT more readable and also if you rearrange the
columns ordering, then the oryginal INSERT (without column names)
will stop working (or will work not as intended - insert values
into wrong fields), while the one with the column names will still
work.
Hilarion
Navigation:
[Reply to this message]
|