when try enter data form have made adds new entry can see phpmyadmin not transfer other details across
i using simple form collects 9 fileds post update.php. here have in update.php
<?php $realname = $_post['realname']; $age = $_post['age']; $country = $_post['country']; $gamename = $_post['gamename']; $gamelevel = $_post['gamelevel']; $itemlevel = $_post['itemlevel']; $class = $_post['class']; $played = $_post['played']; $support = $_post['support']; mysql_connect ("localhost", "mydb_userid", "mypassword") or die ('error: ' . mysql_error()); mysql_select_db ("mydb_recruitment"); $query="insert applicants (id, realname, age, country, gamename, gamelevel, itemlevel, class, played, support)values ('null','".$realname."','".$age."','".$country."','".$gamename."','".$gamelevel."','".$itemlevel."','".$class."','".$played."','".$support."')"; mysql_query($query) or die ('error updating db'); echo "you have sucessfully sent application. details reviewed , you"; ?>
hope can help, searching net seems sugest global variables - dont know if have control of hosted site.
this signup form:
<!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>candidate registration</title> </head> <body> <form medthod="post" action="update.php"> real name:<br /> <input type="text" name="realname" size="50" /><br /> age:<br /> <input type="text" name="age" size="10" /><br /> country:<br /> <input type="text" name="country" size="20" /><br /> in game name:<br /> <input type="text" name="gamename" size="30" /><br /> in game level:<br /> <input type="text" name="gamelevel" size="10" /><br /> in game item level:<br /> <input type="text" name="itemlevel" size="10" /><br /> class played:<br /> <input type="text" name="class" size="30" /><br /> how long have played wow?:<br /> <input type="text" name="played" size="10" /><br /> please enter brief statement of why want join:<br /> <input type="text" name="support" size="5000" /><br /> <br /> <input type="submit" value="update db" /> </form> </body> </html>
this update.php form
<?php $realname = $_post['realname']; $age = $_post['age']; $country = $_post['country']; $gamename = $_post['gamename']; $gamelevel = $_post['gamelevel']; $itemlevel = $_post['itemlevel']; $class = $_post['class']; $played = $_post['played']; $support = $_post['support']; mysql_connect ("localhost", "mydb_daniel", "mypwd") or die ('error: ' . mysql_error()); mysql_select_db ("mydb_recruitment"); $query="insert applicants (id, realname, age, country, gamename, gamelevel, itemlevel, class, played, support)values ('null','".$realname."','".$age."','".$country."','".$gamename."','".$gamelevel."','".$itemlevel."','".$class."','".$played."','".$support."')"; mysql_query($query) or die ('error updating db'); echo "you have sucessfully sent application. details reviewed , you"; ?>
i understand peoples concerns sercurity, please understand me mess around , produce basic signup form guild, wont requesting credit card details :)
is form method set post? - unless have explicitly added variables within $_get superglobal variables this:
$realname = $_get['realname'];
if set post - please var_dump($_post) @ top of script , see if variables making script.
something else i've seen before caused when people redirecting in .htaccess domain.com www.domain.com , post script explicity domain.com/script.php , script redirects www.domain.com/script.php , empties post.
edit
you have spelt method wrong in form tag - if update should work misspelling causing variables sent vars.
you can fix security issues in basic way this:
$realname = mysql_real_escape_string($_post['realname']); $age = mysql_real_escape_string($_post['age']); $country = mysql_real_escape_string($_post['country']); $gamename = mysql_real_escape_string($_post['gamename']); $gamelevel = mysql_real_escape_string($_post['gamelevel']); $itemlevel = mysql_real_escape_string($_post['itemlevel']); $class = mysql_real_escape_string($_post['class']); $played = mysql_real_escape_string($_post['played']); $support = mysql_real_escape_string($_post['support']);
Comments
Post a Comment