To administer your WestHost account, please enter your
Domain Name or Server Manager Username.

WestHost: Professional Website Hosting Company








Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Junior Member
    Join Date
    Apr 2007
    Location
    Asheville, NC
    Posts
    20

    Red face Can't connect to mysql using php script

    I'm relatively new to php and mysql. I wrote a simple php script to pull data from a html form and post that data to mysql. I created the DB in mysql and made sure all the permissions/privildeges were correct. When I go to the html form and enter info, it just comes up with a blank page. No errors, nothing. The database has no new data.

    I know for a fact that my username and password are correct and I think localhost should be correct. I've read every post on here where people had similar problems and I've tried everything I can think of. Any advice would be greatly appreciated! Thanks in advance for your help!

    Here's my php script:

    <?php

    $con = mysql_connect('localhost', 'root', 'password')
    or die("Query failed:" .mysql_error()."Actual query:".$query");
    print "Connected to MySQL<br>";

    mysql_select_db("tester");

    $sql = "INSERT INTO userpass (username, password)
    VALUES
    ('$_POST[username]', '$_POST[password]')";

    if (!mysql_query($sql, $con))
    {
    die('Error: ' . mysql_error());
    }
    echo "record added!";

    mysql_close($con);
    ?>

  2. #2
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,687

    Default

    You can "turn on" logging for the directory where you are trying this script out by creating a .htaccess file with this code in it.
    Code:
    php_flag log_errors on
    php_value error_log /var/www/html/php_error.log
    Upload the file to the same directory where you have the php script you are trying and then run the script. See what errors show up in the resulting php_error.log file.

    The path and name of the file can be what ever you want BTW. The above is set to write the errors to php_error.log in /var/www/html but it could write the log anywhere you want. It is always best to remove "turn off" off this logging once you get things going by removing the .htaccess file. If not you can end up with a log file that is very large that eats up your diskspace quota.

    I think that this line is your problem BTW:
    PHP Code:
    or die("Query failed:" .mysql_error()."Actual query:".$query"); 
    The quote " after the $query should not be there. The line should look like this:
    PHP Code:
    or die("Query failed:" mysql_error() . "Actual query:" $query); 
    Also do you see how the coloring of the code has changed in my second php example? I placed the code inside the bbCode for php which color codes things. This is the easiest way to "catch" mistakes in your code and there are editors out there that do this also. I use EditPlus or Crimson both well color code your scripts.
    Last edited by wildjokerdesign; 04-30-2007 at 06:47 AM.
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  3. #3
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,687

    Default

    I just keep seeing things in your code. I thought I should warn you that this is a very insecure bit of code by itself. The fact that you are inserting $_POST variables directly into your database without any type of "checking" could be a security risk. Depending on how you have your php.ini set up the script could also fail depending on what is entered into the form.
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  4. #4
    Junior Member
    Join Date
    Apr 2007
    Location
    Asheville, NC
    Posts
    20

    Default Thanks!

    Wow, thanks so much for the info, Wildjoker. You are amazing! I love the way you put everything in layman's terms so that even a beginner like me can understand it!

    BTW, is there anything in particular that I should have in my php.ini file that would help to make this script more secure? What kind of "checking" should I do in the script to make it more secure? I certainly don't want to take up loads of your valuable time, so you don't necessarily have to give examples, maybe just a hint or two

  5. #5
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,687

    Default

    Although there are things you could do with the php.ini I would suggest not going that route. It would be the "lazy mans" way so to speak. It could actually cause problems with other php scripts you may want to install down the line or already have installed.

    Have you visited php.net yet? I spend tons of time there and you can get an overview of some of the things on this page: http://us2.php.net/manual/en/security.php

    When ever you use data from form you have to assume two things. One, is that the person entering the data may enter something wrong. Two, a hacker is going to use that form to destory your site! Ok I admit that number two is a bit over dramatic but I think you understand.

    Let use take for example your form. I do not really know what you are useing it for but if perhaps the password you want the to enter should be only letter with no numbers or other charecters then you have done nothing to check that before you have inserted it into your database.

    When you are at the php.net site make sure to have a close look at the function addslashes.
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Location
    U.S.A.
    Posts
    220

    Default

    You might also want to familiarize yourself with the term "SQL injection". Using the $_POST variable directly in the SQL statement the way you are opens your web app to someone using SQL injection to do the bad things wildjokerdesign was hinting at.

    http://en.wikipedia.org/wiki/SQL_injection

  7. #7
    Junior Member
    Join Date
    Apr 2007
    Location
    Asheville, NC
    Posts
    20

    Default Aaaaaaahhhhhhhh

    Ok, I think I'm losing my mind here.

    I tried creating the .htaccess file and ran the script a billion times and it is not creating the php_error file. What does this mean? Is the php script not getting kicked off at all when I enter data into the form?

    I also made the correction in my code that wildjoker suggested and it still didn't run (before or after I created the .htaccess file).

    I'm just using this script as a test to learn how to enter data from a form into the DB, so the security stuff is not an issue. Thank goodness!

    Any advice? Thanks!!!!!!!!

  8. #8
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,687

    Default

    Try this:
    PHP Code:
    <?php

    $con 
    mysql_connect('localhost''root''password');

    if (!
    $con)
    {
     die(
    "Connection failed:" mysql_error());
    }

    echo 
    "Connected to MySQL<br />";

    $select_db mysql_select_db('tester'$con);

    if (!
    $select_db)
    {
     die(
    "Can't select tester:" mysql_error());
    }

    $sql "INSERT INTO userpass (username, password)
    VALUES ('$_POST[username]', '$_POST[password]')"
    ;

    if (!
    mysql_query($sql$con))
    {
    die(
    'Error: ' mysql_error());
    }
    echo 
    "record added!";

    mysql_close($con);
    ?>
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  9. #9
    Junior Member
    Join Date
    Apr 2007
    Location
    Asheville, NC
    Posts
    20

    Default Genius! Pure Genius!

    It worked! Thank you so much! Wish I could take you out to dinner or something....

  10. #10
    Senior Member rolling's Avatar
    Join Date
    May 2004
    Location
    Different day, different place
    Posts
    486

    Default

    Now there's an offer WildJoker!
    Richard

    I have jotted down some of my meddlings at http://www.rollingr.net/wordpress
    Click here for a full list of formatting codes for this forum

Similar Threads

  1. Replies: 16
    Last Post: 05-10-2006, 07:29 PM
  2. PHP connect to MySQL database
    By robert6040 in forum PHP / MySQL
    Replies: 2
    Last Post: 08-17-2005, 02:49 PM
  3. Problem with PHP and mysql - code just broke
    By scubajoe in forum PHP / MySQL
    Replies: 11
    Last Post: 03-20-2005, 10:47 PM
  4. PHP and MySQL Site Application Upgrades
    By WestHost - MStevenson in forum News / Announcements
    Replies: 0
    Last Post: 02-01-2005, 12:55 PM
  5. Replies: 0
    Last Post: 12-18-2004, 09:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •