I am a newbie. The following script works but the second one (below)
loads the variables from an html form and then fails. The connection
command in the second sript are identical as the first script was copied
from the first. Only the variable values have been changed.

#!/usr/bin/php
#
<?php
$first_name = 'Harry';
$last_name = 'Potter';
$when_it_happened = 'This morning';
$how_long = '6 ms';
$how_many = 'millions';
$alien_description = 'angels';
$what_they_did = 'danced on the head of a pin';
$fang_spotted = 'No';
$other = 'There were bright flashing lights';
$email = 'harry [at] aol.com';

$dbc = mysqli_connect('localhost', 'tom', 'fog^horn9', 'aliendatabase')
or die('Error connecting to MySQL server');

$query = "INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, " .
"how_many, alien_description, what_they_did, fang_spotted, other, email) " .
"VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many', " .
"'$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email')";

$result = mysqli_query($dbc,$query)
or die('Error Querying the database');

mysqli_close($dbc);

?>

The following program successfully loads the variables from an html form
and then fails.


<?php
$first_name = $_POST['firstname'];
$last_name = $_POST['lastname'];
$when_it_happened = $_POST['whenithappened'];
$how_long =$_POST['howlong'];
$how_many = $_POST['howmany'];
$alien_description = $_POST['aliendescription'];
$what_they_did = $_POST['whattheydid'];
$fang_spotted = $_POST['fangspotted'];
$other = $_POST['other'];
$email = $_POST['email'];

echo 'got to here, ';
echo "$last_name\n\n";

$dbc = mysqli_connect('localhost', 'tom', 'fog^horn9', 'aliendatabase')
or die('Error connecting to MySQL server');

$query = "INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, " .
"how_many, alien_description, what_they_did, fang_spotted, other, email) " .
"VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many', " .
"'$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email')";

$result = mysqli_query($dbc,$query)
or die('Error Querying the database');

mysqli_close($dbc);

?>

The echo entries confirm the variables a have been loaded from an html
form. The program just stops after the echo entries - no die message,
nothing in /var/log/mysql.err or mysql.log.

I believe the problem is a permissions problem. I had to make the first
script executable so of course I also made the second executable but
this did not help.

My system is Debian Squeeze, 64 bit. I found I had to install php5-mysql
to use the mysqli_connect command.

Tom

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

ok, couple of things;

- if you're using user input in SQL queries, you have to push 'm
through a function that sanitizes the input against sql-insertions.
For now, let that be function antiSQLinsertion ($var) { return
mysql_real_escape($var); };
- if you're going to output values from the DB into HTML that have
been put there by the user, you have to also guard against HTML-level
insertions (malicious html/js/flash to name a few). however, this is
not easy, and i havent found a "good" way of doing this, save
stripping all js,<iframe>,<img> and flash.. :(
- you may want to add adodb.sf.net as a database abstraction layer. it
will help if you ever want to switch mysql to another rdbms.

as for your actual problem;
- you could be right about the permissions issue, connect to the
database as root instead and execute a GRANT statement to allow tom xs
to the db.
http://dev.mysql.com/doc/refman/5.1/en/grant.html

google "debian mysql change root password" if you can't get in as root..

it's just strange to me that it works from 1 env, but not another..

On Sun, Feb 28, 2010 at 10:48 PM, Thomas H. George <lists [at] tomgeorge.info> w=
rote:
> I am a newbie. The following script works but the second one (below)
> loads the variables from an html form and then fails. =A0The connection
> command in the second sript are identical as the first script was copied
> from the first. Only the variable values have been changed.
>
> #!/usr/bin/php
> #
> <?php
> =A0 =A0 =A0 =A0$first_name =3D 'Harry';
> =A0 =A0 =A0 =A0$last_name =3D 'Potter';
> =A0 =A0 =A0 =A0$when_it_happened =3D 'This morning';
> =A0 =A0 =A0 =A0$how_long =3D '6 ms';
> =A0 =A0 =A0 =A0$how_many =3D 'millions';
> =A0 =A0 =A0 =A0$alien_description =3D 'angels';
> =A0 =A0 =A0 =A0$what_they_did =3D 'danced on the head of a pin';
> =A0 =A0 =A0 =A0$fang_spotted =3D 'No';
> =A0 =A0 =A0 =A0$other =3D 'There were bright flashing lights';
> =A0 =A0 =A0 =A0$email =3D 'harry [at] aol.com';
>
> =A0 =A0 =A0 =A0$dbc =3D mysqli_connect('localhost', 'tom', 'fog^horn9', '=
aliendatabase')
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0or die('Error connecting to MySQL server')=
;
>
> =A0 =A0 =A0 =A0$query =3D "INSERT INTO aliens_abduction (first_name, last=
_name, when_it_happened, how_long, =A0" .
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"how_many, alien_description, what_they_di=
d, fang_spotted, other, email) " .
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"VALUES ('$first_name', '$last_name', '$wh=
en_it_happened', '$how_long', '$how_many', " .
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"'$alien_description', '$what_they_did', '=
$fang_spotted', '$other', '$email')";
>
> =A0 =A0 =A0 =A0$result =3D mysqli_query($dbc,$query)
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0or die('Error Querying the database');
>
> =A0 =A0 =A0 =A0mysqli_close($dbc);
>
> ?>
>
> The following program successfully loads the variables from an html form
> and then fails.
>
>
> <?php
> =A0 =A0 =A0 =A0$first_name =3D $_POST['firstname'];
> =A0 =A0 =A0 =A0$last_name =3D $_POST['lastname'];
> =A0 =A0 =A0 =A0$when_it_happened =3D $_POST['whenithappened'];
> =A0 =A0 =A0 =A0$how_long =3D$_POST['howlong'];
> =A0 =A0 =A0 =A0$how_many =3D $_POST['howmany'];
> =A0 =A0 =A0 =A0$alien_description =3D $_POST['aliendescription'];
> =A0 =A0 =A0 =A0$what_they_did =3D $_POST['whattheydid'];
> =A0 =A0 =A0 =A0$fang_spotted =3D $_POST['fangspotted'];
> =A0 =A0 =A0 =A0$other =3D $_POST['other'];
> =A0 =A0 =A0 =A0$email =3D $_POST['email'];
>
> =A0 =A0 =A0 =A0echo 'got to here, ';
> =A0 =A0 =A0 =A0echo "$last_name\n\n";
>
> =A0 =A0 =A0 =A0$dbc =3D mysqli_connect('localhost', 'tom', 'fog^horn9', '=
aliendatabase')
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0or die('Error connecting to MySQL server')=
;
>
> =A0 =A0 =A0 =A0$query =3D "INSERT INTO aliens_abduction (first_name, last=
_name, when_it_happened, how_long, =A0" .
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"how_many, alien_description, what_they_di=
d, fang_spotted, other, email) " .
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"VALUES ('$first_name', '$last_name', '$wh=
en_it_happened', '$how_long', '$how_many', " .
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"'$alien_description', '$what_they_did', '=
$fang_spotted', '$other', '$email')";
>
> =A0 =A0 =A0 =A0$result =3D mysqli_query($dbc,$query)
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0or die('Error Querying the database');
>
> =A0 =A0 =A0 =A0mysqli_close($dbc);
>
> ?>
>
> The echo entries confirm the variables a have been loaded from an html
> form. =A0The program just stops after the echo entries - no die message,
> nothing in /var/log/mysql.err or mysql.log.
>
> I believe the problem is a permissions problem. =A0I had to make the firs=
t
> script executable so of course I also made the second executable but
> this did not help.
>
> My system is Debian Squeeze, 64 bit. I found I had to install php5-mysql
> to use the mysqli_connect command.
>
> Tom
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php