hi there.

new install of php5, mysql5, apache 2 running on ubuntu 10.04.
this won't enter anything into my db.



there are 3 fields in the db. name, number and status. number is auto increment.
i don't get any errors nor does the "thanks for posting" text show up. no records are in the db.
i've fooled around with this too much and i think there may be a problem with my mysql/php install.

any suggestions?

Sorry, can't help you but good to see you again, old man!

If that's the actual code, then you have errors. Use this:

[PHP]
<?php

$name=$_POST['name'];

$user="user";
$password="password";
$database="test";
mysql_connect(localhost, $user, $password) or die(mysql_error("Unable to connect to database"));
mysql_select_db($database) or die(mysql_error("Unable to select database"));
$query= INSERT INTO test(name, status) VALUES ('$name', 0);
mysql_query($query);
mysql_close();

echo "thanks for posting."
?>
[/PHP]

The $_POST[name] should be $_POST['name']

thanks. correct me if i'm wrong but you're the old man aren't you? :p

I can't help with the php, but I can delete your database very easily.

Oh Darth Evad. What crazy websites are you cooking up this time?

thanks zecks. i've tried that and it didn't work and i just copy and pasted your code and it didn't work either.

is there anything i should look for in my module installs that may not be working? i just installed them as per the instructions (software installer in ubuntu).

Are you thinking about SQL injection, Detty?

yeah, unless the mysql module does auto-sanitizing now?

I AM one of the old men around here but you're a tad older.

lol. it's been years since i've actually coded anything and i wasn't very good at it then either. just fooling around with time on my hands.

You better stay off of Dave's lawn!

Detty: No, it doesn't.

Evad: Have you made sure that proper permissions are set up for the user so it can actually insert data?

Use parameterized queries

yes. all privileges.

parameterized queries?

stay off my lawn!

Evad: I just found your problem. I completely overlooked that you have die(mysql_error("Some text")); That's incorrect. You could simply use die("Some text"); because mysql_error() is to return the error from MySQL. See if this works:

[PHP]
<?php

$name=$_POST['name'];

$user="user";
$password="password";
$database="test";
mysql_connect(localhost, $user, $password) or die("Unable to connect to database");
mysql_select_db($database) or die("Unable to select database");
$query= INSERT INTO test(name, status) VALUES ('$name', 0);
mysql_query($query);
mysql_close();

echo "thanks for posting."
?>
[/PHP]

Emon: I wasn't aware PHP was able to do parameterized queries until now. It's possible with MySQLi.

hmmm... that didn't work either.

i appreciate your help.

Haha. I'm blind tonight. You need a ; at the end of the final echo statement.

should the query be a string?

ie

"INSERT INTO test(name, status) VALUES ($name);"

or does PHP do that using some weird method too?

i was gonna start headbutting babies if that was it.

didn't work.

if i used the package manager to install everything should i assume it's all in the proper directories etc.?
i installed phpmyadmin and it's working fine. i ran the insert query in it and it inserted a row.

I really am completely blind tonight and only capable of finding one error at a time. Good God. You forgot some quotation marks in $query. Here:

$query = "INSERT INTO test ( name , status ) VALUES ( '$name' , 0 )";

dumb question.
should php, mysql etc be installed in /var/www/ or /etc/ ?

zecks, that didn't work either. d'oh.

That I am unsure of as it's been quite some time since I've used linux, but I would assume the package manager installed them alright, especially if phpmyadmin is working just fine.

Another fix needed (quotes around localhost):

mysql_connect("localhost", $user, $password) or die("Unable to connect to database");

Neither? Usually it's /usr/bin or somewhere in /usr. /var/www is the place where the webpages live. /etc/ is configs.

thanks matty. i'll try that tomorrow.

thanks zecks.

Maybe your server is setup to not display errors. Run error_reporting(E_ALL) at the begging of the script.

I don't use PHP much (opinion withheld), but it looks like this[1] may be an implementation of it.

Parameterized queries are better because you don't have to worry about escaping single quotes in strings (or, at least, you don't have to with JDBC - I'm inferring here).

More importantly, however (at least in Oracle), usage of paramterized queries allows for reuse of their parsed, optimized forms. For example, let's say I submit the following query to Oracle:



Then I submit the following to Oracle:



It's the same query, right? The only thing that's changed is the user ID. However, Oracle sees it as two completely different queries and will re-parse the execution path for each query. The cost is negligible in this case, but high-volume executions of simple queries or a few executions of complex queries can have a measurable impact on performance. Instead, you could use the following notation:



I can now use bind variables[2] to bind the two values I queried for above. Oracle will receive the above query and the value bindings and, for the first execution, do a hard parse of the execution path of the query. For the second, it will do a soft parse and retrieve the stored execution path from memory.

1. http://us2.php.net/ref.mysqli
2. http://en.wikipedia.org/wiki/SQL_injection#Parameterized_statements

I think he should get his script working before he worries about prepared statements

I mean look he is inserting post data directly to the DB

Heh, yeah but prepared statements would sort out all the quoting issues. You're using the mysql extension which doesn't support preapred statements anyway. You'd need to use mysqli or PDO (which is currently FOTM in php) to use them.

For example:



This should sort out any SQL injection too.

Hi Evad!

Yes. But on ubuntu, you'll see a symbolic link to a phpmyadmin folder in /var/www/. Obviously, since it's a web interface.

huh? I mean yes I know it's there but what's that have to do with where php is installed?

CM, can we please have a white background for the PHP code?

What zanardi said.

PHPMyAdmin is completely unrelated to PHP itself except for the fact that it runs on PHP. Obviously it'd have the php files in an area where PHP is processing them, since they're just webpages.

Turn on error display in the php config file...

I know, I was agreeing with you that is where PHP would be installed; however, Evad mentioned phpmyadmin, /etc AND /var/www. I was merely showing they were two entities and not to look for php in /var/www. I see that was confusing.

well, i've tried everything i could. i even tried reinstalling mysql.
i've set up mysql and php on a local machine before with relatively little trouble.

i couldn't get mysql and php to install in the /usr/bin/ directory. they're still in /etc/.

is there anything i might be overlooking?

Is there a reason you're trying to move everything?