mysql - INSERT query in PHP Failing (returns blank error) -

-

this question has answer here:

i'm using following code in attempt insert user-provided values in <form> sql table. when insert query used in phpmyadmin, insertion successful, unsuccessful in following php. connection database successful.

<?php $servername = "localhost"; $username = "***"; $password = "***"; $db_name = "my_db"; $trip; $odom; $gals; $ppg;  if (isset($_request['trip'])){  $trip = $_request['trip']; $odom = $_request['odom']; $gals = $_request['gals']; $ppg = $_request['ppg'];  }   // create connection $conn = mysqli_connect($servername, $username, $db_name, $password);  // check connection if ($conn->connect_error) { die("connection failed: " . $conn->connect_error); } echo "connected ";

here, i've tried using double quotes around query form string; i've omitted quotes well, no avail. also, in values, i've tried both single-quotations , omission thereof well, without success. variables double values, not strings. 

 $vals = "insert `log` (`trip`, `odometer`, `gallons_pumped`,      `price_gallon`)   values ('$trip', '$odom', '$gals', '$ppg')";

the return value of $retval false, no error provided.

$retval = mysql_query($vals);  if ($retval) { echo "new record created successfully"; } else { echo "error: " . $vals . "<br>" . $retval->error; }  mysql_close($conn);  ?>

is syntax incorrect? if not, why insert query unsuccessful?

you're mixing mysqli_* functions mysql_* functions. can't that; aren't same library.

use mysqli_*. please don't use mysql_*; mysql_* functions outdated, deprecated, , insecure. use mysqli or pdo instead.

the last block of code should (untested):

$retval = mysqli_query($vals); // changed  if ($retval) {     echo "new record created successfully"; } else {     echo "error: " . $vals . "<br>" . mysqli_error($conn); // changed }  mysqli_close($conn); // changed

note change $retval->error mysqli_error($conn). definition, if reached point in code because $retval evaluated false , therefore not object.

also, please note wide open sql injection. sql statement this:

$vals = "insert `log` (`trip`, `odometer`, `gallons_pumped`, `price_gallon`) values ('$trip', '$odom', '$gals', '$ppg')";

but values ($trip, etc.) come straight user (via $_request). bad things can happen if user submits values containing, example, ' character. should use prepared statements, this:

$vals = "insert `log` (`trip`, `odometer`, `gallons_pumped`, `price_gallon`) values (?, ?, ?, ?)";  if($stmt = mysqli_prepare($conn, $vals)) {     // adjust "sddd" below match data types; see http://php.net/manual/en/mysqli-stmt.bind-param.php     mysqli_stmt_bind_param($stmt, "sddd", $trip, $odom, $gals, $ppg);      $retval = mysqli_stmt_execute($stmt); } else {     echo "error: " . $vals . "<br>" . mysqli_error($conn); }  mysqli_close($conn);

Comments

Post a Comment

Popular posts from this blog

c - How to retrieve a variable from the Apache configuration inside the module? -

-
i'm building custom apache module. how retrieve variable apache configuration inside module? see variable "some_var_config_from_apache_or_htaacess" inside apache module: /* source: http://people.apache.org/~humbedooh/mods/examples/mod_example_1.c */ /* include required headers httpd */ #include "httpd.h" #include "http_core.h" #include "http_protocol.h" #include "http_request.h" static void register_hooks(apr_pool_t *pool); static int example_handler(request_rec *r); /* define our module entity , assign function registering hooks */ module ap_module_declare_data example_module = { standard20_module_stuff, null, // per-directory configuration handler null, // merge handler per-directory configurations null, // per-server configuration handler null, // merge handler per-server configurations null, // directives may have httpd register_hoo
Read more

c# - Constructor arguments cannot be passed for interface mocks -

-
when debug code , read line mocklessonplannerafactory creation error: constructor arguments cannot passed interface mocks. var mockschoolclasscodeservice = new mock<ischoolclasscodeservice>(); var mockdateservice = new mock<idateservice>(); var mocklessonplannerafactory = new mock<ilessonplannerafactory>(mockdateservice.object); var mocklessonplannerbfactory = new mock<ilessonplannerbfactory>(mockdateservice.object); var service = new timetableservice(mockunitofwork.object, mocklessonplannerafactory.object, mocklessonplannerbfactory.object, mockschoolclasscodeservice.object); my timetableservice accepts instances of interface type only. mocklessonplannerafactory , bfactory... want in constructor idateservice passed. what wrong code? the clue in error message "constructor arguments cannot passed interface mocks." the mock created interface have default constructor because interfaces don't have constructor. remember mockin
Read more

python - malformed header from script index.py Bad header -

-
i want run python code in apache2(ubuntu 14.04) server. have followed these steps , getting error: step 1: configuration 1: have created directory , file under /var/www/cgi-bin configuration 2 : have edited /etc/apache2/sites-available/000-default.conf alias /cgi-bin /var/www/cgi-bin <directory "/var/www/cgi-bin"> options indexes followsymlinks execcgi addhandler cgi-script .cgi .py allow </directory> <directory /var/www/cgi-bin> options </directory> step 2: and python script is: index.py #!/usr/bin/env python import cgi; import cgitb;cgitb.enable() print "content-type: text/plain\n" print "<b>hello python</b>" step 3: when ran through chrome browser using: url : http://localhost/cgi-bin/index.py step 4: i getting error in error-log malformed header script 'index.py': bad header: hello python you should end header \r\n, must print out yet \r\n signal body coming. (i
Read more