Menu
Community /Pin to ProfileBookmark
@NogDogOct 07.2010 — #Do the $_POST values print out OK?
Maybe start with a little basic debugging of the insert query to see if anything "interesting" pops up:
Anyway, since the PHP does not run in the browser, I'd put a small bet on a bug in the HTML of the form page (or depending on some HTML quirk that is not consistent). Maybe run the form page through theHTML validator ?@NogDogOct 07.2010 — #
Good point: you should be using mysql_real_escape_string() to escape your external inputs before using them in the query.@NogDogOct 08.2010 — #
htmlentities is for a different purpose, and is not guaranteed to deal with everything that must be escaped before using a value in SQL. htmlentities() is for filtering data to be output in a HTML context, while mysql_real_escape_string() is for filtering data to be used in a MySQL query. Besides, if you apply htmlentities() to your database inputs, you have now forced any such data to be HTML-specific, which can be bad for a few reasons: (1) you may not always want to use all data in an HTML context, (2) it can make it harder to search the data, and (3) it can cause data which would otherwise fit within a fixed-width field to now be too long to fit.
Why does my script work in IE but not in FF?
Hi there,
Well this is strange… I have a really simple page that writes some data to a mysql db, and another page that displays it. standard textbook stuff.
For some reason, in firefox it just doesn’t add the data to the db! If I do it in IE, it works fine. There is nothing fancy here, purely code – no design or layout at all yet.
adddb.php:
[code=php]<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ />
<title>BHP Tools – Employee satisfaction survey</title>
</head>
<body>
<h1>Employee satisfaction survey</h1>
<p>
<?php
$username=”root”;
$password=””;
$database=”bhp”;
$company=$_POST[‘company’];
$time=$_POST[‘time’];
$q1=$_POST[‘q1’];
$q2=$_POST[‘q2’];
$q3=$_POST[‘q3’];
$q4=$_POST[‘q4’];
$q5=$_POST[‘q5’];
$q6=$_POST[‘q6’];
$q7=$_POST[‘q7’];
$q8=$_POST[‘q8’];
$q9=$_POST[‘q9’];
$q10=$_POST[‘q10’];
$q11=$_POST[‘q11’];
$comments=$_POST[‘comments’];
echo “Question 1: $_POST[q1]”;
echo “<br>”;
echo “Question 2: $_POST[q2]”;
echo “<br>”;
echo “Question 3: $_POST[q3]”;
echo “<br>”;
echo “Question 4: $_POST[q4]”;
echo “<br>”;
echo “Question 5: $_POST[q5]”;
echo “<br>”;
echo “Question 6: $_POST[q6]”;
echo “<br>”;
echo “Question 7: $_POST[q7]”;
echo “<br>”;
echo “Question 8: $_POST[q8]”;
echo “<br>”;
echo “Question 9: $_POST[q9]”;
echo “<br>”;
echo “Question 10: $_POST[q10]”;
echo “<br>”;
echo “Question 11: $_POST[q11]”;
echo “<br>”;
echo “Your comments: $_POST[comments]”;
echo “<br>”;
echo “Time here: $_POST[time]”;
echo “<br>”;
echo “Record for “$_POST[company]” has been added.”;
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( “Unable to select database”);
$query = “INSERT INTO satisfaction VALUES (”,’$company’,’$time’,’$q1′,’$q2′,’$q3′,’$q4′,’$q5′,’$q6′,’$q7′,’$q’,’$q9′,’$q10′,’$q11′,’$comments’)”;
mysql_query($query);
mysql_close();
?>
</p>
<p><a href=”show.php”>View all entries?</a></p>
</body>
</html>
show.php:
[code=php]<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8″ />
<title>BHP Tools – Employee satisfaction survey</title>
</head>
<body>
<h1>Employee satisfaction survey- results</h1>
<?php
$username=”root”;
$password=””;
$database=”bhp”;
$con = mysql_connect(localhost,$username,$password);
if (!$con)
{
die(‘Could not connect: ‘ . mysql_error());
}
mysql_select_db(“bhp”, $con);
$result = mysql_query(“SELECT * FROM satisfaction”);
$num_rows = mysql_num_rows($result);
echo “<table border=’1’>
<tr>
<th>Company name</th>
<th>Time at company</th>
<th>q1</th>
<th>q2</th>
<th>q3</th>
<th>q4</th>
<th>q5</th>
<th>q6</th>
<th>q7</th>
<th>q8</th>
<th>q9</th>
<th>q10</th>
<th>q11</th>
<th>Comments</th>
</tr>”;
while($row = mysql_fetch_array($result))
{
echo “<tr>”;
echo “<td>” . $row[‘company’] . “</td>”;
echo “<td>” . $row[‘time’] . “</td>”;
echo “<td>” . $row[‘q1’] . “</td>”;
echo “<td>” . $row[‘q2’] . “</td>”;
echo “<td>” . $row[‘q3’] . “</td>”;
echo “<td>” . $row[‘q4’] . “</td>”;
echo “<td>” . $row[‘q5’] . “</td>”;
echo “<td>” . $row[‘q6’] . “</td>”;
echo “<td>” . $row[‘q7’] . “</td>”;
echo “<td>” . $row[‘q8’] . “</td>”;
echo “<td>” . $row[‘q9’] . “</td>”;
echo “<td>” . $row[‘q10’] . “</td>”;
echo “<td>” . $row[‘q11’] . “</td>”;
echo “<td>” . $row[‘comments’] . “</td>”;
echo “</tr>”;
}
echo “</table>”;
echo “<BR>”;
//$aveq1=$q1 / $num_rows;
//echo $aveq1;
mysql_close($con);
?>
</body>
</html>
Would love to know your thoughts on where I’m going wrong!
Sign in
to post a comment6 Comments(s) ↴
0
@NogDogOct 07.2010 — #Do the $_POST values print out OK?Maybe start with a little basic debugging of the insert query to see if anything "interesting" pops up:
[code=php]
$query = "yadda yadda yadda";
$result = mysql_query($query);
if($result == false) {
user_error(mysql_error() . "<br />n$query");
}
[/code]Anyway, since the PHP does not run in the browser, I'd put a small bet on a bug in the HTML of the form page (or depending on some HTML quirk that is not consistent). Maybe run the form page through the
0
@NogDogOct 07.2010 — #...
LIkeliest cause is an error in your SQL syntax that can easily occur if certain characters are within your POSTS
....[/QUOTE]
Good point: you should be using mysql_real_escape_string() to escape your external inputs before using them in the query.
0
@NogDogOct 08.2010 — #I likes using htmlentities myself.
Also gets rid of ' and "[/QUOTE]
htmlentities is for a different purpose, and is not guaranteed to deal with everything that must be escaped before using a value in SQL. htmlentities() is for filtering data to be output in a HTML context, while mysql_real_escape_string() is for filtering data to be used in a MySQL query. Besides, if you apply htmlentities() to your database inputs, you have now forced any such data to be HTML-specific, which can be bad for a few reasons: (1) you may not always want to use all data in an HTML context, (2) it can make it harder to search the data, and (3) it can cause data which would otherwise fit within a fixed-width field to now be too long to fit.