1

ORIGINAL TEXT REMOVED

OK, so I found the original problem thanks to a helpful answer. It lists "Invalid query: No database selected" as the error.

require_once ('../dir_connect.php');            

$dbc = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
        if (!$dbc) {
            die('Could not connect: ' . mysql_error());
        }

If I have this, and I have this in the dir_connect.php file:

/** The name of the database */
define('DB_NAME', 'unlisted_employees');

/** MySQL database username */
define('DB_USER', 'unlisted_qpass');

/** MySQL database password */
define('DB_PASSWORD', 'testpass');

/** MySQL hostname */
define('DB_HOST', 'localhost');

Is there something I need to add to make an actual database connection?

Improve this question
1
  • 1
    You're missing a parameterized query, for one thing... Commented Mar 23, 2010 at 1:56

4 Answers 4

Reset to default
4

You need to check the return value of the mysql_query() call.

http://php.net/manual/en/function.mysql-query.php

$result = mysql_query($query);
if (!$result) {
    die('Invalid query: ' . mysql_error());
}

Right now, you'll never actually hit the error condition and won't actually see what (if any) error that MySQL is sending back to you.

Also, you probably want to escape the values you are plugging into the query instead of just doing normal string concatentation. If you don't, your app could be vulnerable to a SQL injection attack. Here is how to generate the query safely:

$query = sprintf("INSERT INTO staff (name, lastname, username, password, position, department, birthmonth, birthday, birthyear, location, phone, email, street, city, state, country, zip, tags, photo) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
                mysql_real_escape_string($name),
                mysql_real_escape_string($lastname),
                mysql_real_escape_string($username),
                mysql_real_escape_string($password),
                mysql_real_escape_string($position),
                mysql_real_escape_string($department),
                mysql_real_escape_string($birthmonth),
                mysql_real_escape_string($birthday),
                mysql_real_escape_string($birthyear),
                mysql_real_escape_string($location),
                mysql_real_escape_string($phone),
                mysql_real_escape_string($email),
                mysql_real_escape_string($street),
                mysql_real_escape_string($city),
                mysql_real_escape_string($state),
                mysql_real_escape_string($country),
                mysql_real_escape_string($zip),
                mysql_real_escape_string($tags),
                mysql_real_escape_string($photo));

EDIT: Just saw your comment to another answer. If you are already doing the escaping like:

$birthday = mysql_real_escape_string(trim($_POST['birthday']));

then you don't need to escape it when generating the query. It's probably better practice to do the escaping at the time you generate the query so it is clear that you aren't missing anything.

EDIT2: According to the docs, mysql_connect() should take the host, user, and password and then you need to do a mysql_select_db() call afterwards to pick the correct database.

http://www.php.net/manual/en/function.mysql-select-db.php

$dbc = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$dbc) {
    die('Could not connect: ' . mysql_error());
}

// make foo the current db
$db_selected = mysql_select_db(DB_NAME, $dbc);
if (!$db_selected) {
    die ('Could not select database: ' . mysql_error());
}

(BTW, you should edit your question and put back the original text so it might be useful to others finding this topic later!)

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Invalid query: No database selected Oops? I'll double check how that happened.
0

You should be using something like mysql_real_escape_string (or whatever is appropriate for your DB engine) to escape the parameters in your query. Check out the documentation that I linked to. It's been a while since I've used PHP, but someone may chime-in with a better parametrized escaping method.

But, your main problem seems to be that you're inserting strings into integer fields. Check the values of your zip, birthmonth, birthday, birthyear, etc fields... they probably don't need to be escaped with single quotes.

Good luck!

Improve this answer

1 Comment

Thanks! I'll look into this for sure. I'm not certain that I understand exactly how it works. I'm new to this escape_string, but I am using it above like this; $birthday = mysql_real_escape_string(trim($_POST['birthday'])); Is there a better way to do it?
0

No connection to the database?

mysql_query() returns false on failure and generates a warning, not an error.

By the way, !$query does not tell you anything as far as mysql is concerned as it is just a text string.

Improve this answer

Comments

0

The problem is here:

if (!$query) {
    die('Invalid query: ' . mysql_error());
}

You are checking the $query variable to decide if the query ran or not, which makes no sense. Instead you need to collect the return value of the mysql_query and then make use of it instead.

$res = mysql_query($query);
if (!$res) {
    die('Invalid query: ' . mysql_error());
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.