表单停止提交到数据库
Okay, it was working before.... now all of a sudden it has stopped. i'm not sure why. The only thing i've added was a delete feature.. and after that it no longer submits. I can delete an entry though =D
php code for form
<?php
if (isset($_POST['submit'])){
$con = mysql_connect("localhost", "", "");
if (!$con){
die("Cannot connect:" . mysql_error());
}
$Firstname = $_POST['Firstname'];
$Email = $_POST['Email'];
$Prayer = $_POST['Prayer'];
//if there is no input these messages will come up//
if($Firstname==''){
echo "<script>alert('Please enter your name!')</script>";
exit();
}
if($Email==''){
echo "<script>alert('Please enter your email!')</script>";
exit();
}
if($Prayer==''){
echo "<script>alert('Please enter your prayer request!')</script>";
exit();
}
mysql_select_db("dxh6110",$con);
//if everything is good, information will be submitted to database
$sql = "INSERT INTO ChurchPrayer (Firstname, Email, Prayer) VALUES('$_POST[Firstname]','$_POST[Email]','$_POST[Prayer]')";
if(mysql_query($sql,$con)){
echo "<script>alert('Congratulations, You have successfully submitted your prayer requests. You will hear from us very soon!')</script>";
}
mysql_close($con);
}
?>
Oh, I'm aware that I should be using prepared statements to prevent SQL injection... but I'm not sure exactly what it is or what it looks like. I will definitely add them later, when I get further into my school project. Currently worried about the functionality..
not sure what else needs to be added... i'll add my delete.php
<?php session_start(); //starting the session?>
<?php
//connecting to database
$con = mysql_connect("localhost","","","dxh6110");
//defining variable
$delete_id = $_GET['del'];
//command to remove input from SQL DB
$query = "delete from ChurchPrayer where id='$delete_id'";
if(mysql_query($con,$query)){
echo "<script>window.open('view_prayers.php?deleted=User has been deleted!','_self')</script>";
}
?>
My admin log-in works, and when the admin logs in it brings them to a page which will allow them to view entries and delete entries made to the DB. Currently there are two, but when I try to add more requests.... they don't go to the DB. No errors are given when submit is clicked.
Firstly, ("localhost","xxx","xxx","xxx") doesn't do what you think.
mysql_connect() takes 3 parameters, not 4. The fourth is for something else. Four parameters are what one would use with mysqli_connect(), but those different MySQL APIs do not intermix with each other, so don't use that connection method if you're going to use mysql_ functions.
Consult:
- http://php.net/manual/en/function.mysql-connect.php
- http://php.net/manual/en/function.mysql-select-db.php
Do as you did in your other question:
$con = mysql_connect("localhost", "xxx", "xxx");
if (!$con){
die("Cannot connect:" . mysql_error());
}
mysql_select_db("your_db",$con);
Then this if(mysql_query($con,$query)){ the connection comes 2nd.
Plus, $_GET['del'] and ?deleted=User inspect that. Those are the two things that stood out for me.
If your delete link is ?deleted=XXX, it needs to be ?del=XXX - XXX being an example.
$_GET['del'] needs to match the parameter in the ?parameter in your method.
I.e.: view_prayers.php?del=XXX if view_prayers.php is the file you're using to delete with.
Plus, as mentioned in comments, this method is insecure.
It's best that you use mysqli with prepared statements, or PDO with prepared statements.