0

/* I have set up a database in my php admin and use dreamweaver. Not sure why it doesn't work. The $ vars are taken from the ftp site i use. Here is the code: */

<?php
$db_host = "host";
$db_username = "user_name";
$db_pass = "password";
$db_name = "db_name";

@mysql_connect($db_host, $db_username $db_pass) or die ("Could not connect 
to MySQL");
@mysql_select_db($db_name) or die ("No database"); 

$sql = "INSERT INTO 'signups' (FirstName, LastName, email,CompanyName, 
JobTitle, ProductSector,ProductWebsite,ProductName,id)
VALUES ('$FirstName', '$LastName', '$email','$CompanyName', '$JobTitle', 
'$ProductSector','$ProductWebsite','$ProductName','$id')";
?>
Improve this question
3
  • miss something? also the query contains syntax errors Commented Sep 26, 2015 at 21:19
  • Why do you silent errors? Commented Sep 26, 2015 at 21:20
  • ? sorry, but i am a noob. i checked this syntax sooo many times with different srcs and it appear correct. not sure where this is wrong... Commented Sep 26, 2015 at 21:27

2 Answers 2

Reset to default
1

I realize this is a 'quick and easy' way to connect to MySQL - but it is extremely prone to Sql injection. A parameterized query is a more secure approach. Additionally, the 'mysql' driver should not be used the driver is deprecated and will not exist in php7. Instead, MySQLi or PDO driver(preferred) for sql is to be used. The MySQL_connect is no longer documented on the PHP website.

Even if this is a test environment, I would strongly encourage switching to a secure driver early.

As Elias Nicolas pointed out... Placing the @ symbol in front of mysql_connect causes any error you are having to be 'skipped'. The error won't log, and it will make it look like there isn't a problem when there is.

Edit: This will get you close to Mysqli - should already exist in the extensions for php. You might need to enable it in the php.ini. Also, you might need single ' marks around the ?'s. i.e: ('?').

// don't forget to sub the vars!
$db_host = "host";
$db_username = "user_name";
$db_pass = "password";
$db_name = "db_name";

$link = new mysqli($db_host, $db_username, $db_pass, $db_name) or die ('Could not connect to the database server' . mysqli_connect_error());

$sql = <<<QUERY
INSERT INTO signups 
    (FirstName, LastName, email, CompanyName, JobTitle, ProductSector, ProductWebsite, ProductName, id)
VALUES
    (?,?,?,?,?,?,?,?,?);
QUERY;

if ($stmt = $mysqli->prepare($sql)) 
{
    $stmt->bind_param("sssssssss", $FirstName, $LastName, $email, $CompanyName, $JobTitle, $ProductSector, $ProductWebsite, $ProductName, $id);
    $stmt->execute();
}

$link->close();
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

For your table name, and the names of the columns but not the values, you use ` instead of '. Your sql should look like this. 

INSERT INTO `signups` (`FirstName`, `LastName` `email`, `CompanyName`, 
`JobTitle`, `ProductSector'`,`ProductWebsite`,`ProductName`,`id`)
VALUES ('$FirstName', '$LastName', '$email','$CompanyName', '$JobTitle', 
'$ProductSector','$ProductWebsite','$ProductName','$id')

Hope that helps.

Improve this answer

6 Comments

thanks but this doesn't work. i have edited the quotes to be straight quotes and it still doesn't show. can we confirm that this is a syntax issue? is the rest of the syntax ok?
I believe that it is.
<?php $db_host = "host"; $db_username = "user_name"; $db_pass = "password"; $db_name = "db_name"; mysql_connect($db_host, $db_username $db_pass) or die ("Could not connect to MySQL"); mysql_select_db($db_name) or die ("No database"); INSERT INTO 'signups' ('FirstName', 'LastName', 'email', 'CompanyName', 'JobTitle', 'ProductSector', 'ProductWebsite', 'ProductName', 'id') VALUES ('$FirstName', '$LastName', '$email','$CompanyName', '$JobTitle', '$ProductSector','$ProductWebsite','$ProductName','$id')"; ?>
Look at my code exactly. The quotes are different at certain points. Look at the quotes extremely carefully.
thank you for your response. but even after direct c&p, it still doesn't work.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.