Closed Thread Icon

Topic awaiting preservation: Why oh why!?! Pages that link to <a href="https://ozoneasylum.com/backlink?for=29348" title="Pages that link to Topic awaiting preservation: Why oh why!?!" rel="nofollow" >Topic awaiting preservation: Why oh why!?!\

 
Author Thread
felixmc
Neurotic (0) Inmate
Newly admitted

From:
Insane since: Jul 2007

posted posted 07-09-2007 20:38

Hi Guys, hope someone can shed some light...am going to eat the desk soon.
Problem - cannot insert the drop-down option into MYSQL DB. Inserts everything else fine - it cant 'see' $value - WHY??

code:
<?php 
include "connect.php";

if(isset($_POST['submit'])) //if submit was pushed

{
   $email=$_POST['email'];

   $checkdups="SELECT * from feedback where email='$email'";

   $checkdups2=mysql_query($checkdups) or die("Could not check duplicates");

   $checkdups3=mysql_num_rows($checkdups2);   

   if(strlen($email)<4 || substr_count($email," ")>0)

   {

      print "That is not a valid email address. Please try again.";

   }

   else if($checkdups3>0)

   {

      print "That email is already in our database.";

   }

   else

   {

      srand((double)microtime()*1000000);  //sets random seed

      $string = md5(rand(0,1000000)); 

      $thekey=$string;

      $insertemail="INSERT into feedback (email,validkey,category) values('$email','$thekey','$value')";

      mysql_query($insertemail) or die("Could not insert mail");

      mail($email,"TEST","Dear colleague, please validate your account by clicking this link: $path/validate.php?email=$email&string=$string","From: $adminmail");

			print "Thank you.  A validation link has been sent to your email, please make sure you click on the link to verify your account.";

   }

}

else

{

    print "<form action='Review_2.php' method='post'>";
		print "<br>";
    print "To subscribe please enter your Email:<br><br>";
    print "<input type='text' name='email' size='40'><br><br>";
		$category = array(
1=> "A",
2=> "B",
3=> "C",
);
$category = str_replace(" ", " ", $category);

echo '<SELECT name=category>';
foreach ($category as $key => $value)
{
echo '<OPTION value='.$value.'> '.$value.'';
}
echo '</select>';
		print "<input type='submit' name='submit' value='Submit'></form>";

}
?>



Edit Tyberius Prime: Some code tags do help... if even a little...

(Edited by Tyberius Prime on 07-09-2007 21:44)

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 07-09-2007 23:18

argh. the other machine ate my (lengish, in depth) post...

all right, it's been a long day, here is the quick answers
a) Read up on sql injection and start springling php->mysql_escape_string() around the values you use in sql statements
b) read up on mail injection that $adminmail that you don't set let's anybode turn this code into a spam mailer.
c) the actual answer to your question is 'your select is named "category" not "value", and you're missing the quotes in name="category"...
d) keep it up, you'll get there eventually, but please, please read up on those injections before you're bitten - there are automatic bots for both attacks out there.

so long,

->Tyberius Prime

felixmc
Obsessive-Compulsive (I) Inmate

From:
Insane since: Jul 2007

posted posted 07-10-2007 10:31

Good man Tyberius, new to this game but will read up on sql & mail injection (have a great big book to get through!).
$adminmail is set in the conect.php file, is this inadequate? I'll read up on the above and prob answer that myself later today.
(c) "category" not "value" - Tried both yesterday, still nada. Accepts it when I set it as a value ie:
$insertemail="INSERT into feedback (email,validkey,category) values('$email','$thekey','1234')";
Hence my cry 'why cant it be seen!'. I'll keep looking. Thanks for the advice!

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 07-10-2007 11:29

var_dump($_POST); is your friend to see what acutally get's transmited to your page...

felixmc
Nervous Wreck (II) Inmate

From:
Insane since: Jul 2007

posted posted 07-10-2007 12:38

A friend indeed! It appears to be picking up the variable but not inserting into DB. Gets the email in ok. mmmn, have checked spelling...will dbl check. array(3) { ["email"]=> string(20) "myemail@xx.xx.xx" ["category"]=> string(1) "B" ["submit"]=> string(6) "Submit" }

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 07-10-2007 13:21

well, the other point is, you really should be using $_POST['your_variable'] instead of $variable - php->register_globals = on is sooooo last century and a continous joy of legacy problems...

felixmc
Nervous Wreck (II) Inmate

From:
Insane since: Jul 2007

posted posted 07-10-2007 13:58

Good man, finally working! If ever you are down on your luck in Edinburgh Tyberius, there is a shot of whiskey reserved.
I will read up on earlier topics. New to this game but liking php!
Thanks.

« BackwardsOnwards »

Show Forum Drop Down Menu