I’ve set up a web application where I can add, remove and edit data in my client database. Everything worked fine until I recently added more form fields.
The edit and delete functions still work fine. When I add a new record via the insert form I get a success message but the record doesn’t show in the database.
However, I have no problem entering a new record in the database directly.
Both the form code and form processing code seem fine. I’ve double and triple checked every single line. I can only think that something is missing in the database, something that makes inserting records via the web working. Something like more indexes or such… (??)
I’m using [I]phpMyAdmin
Here is the code for those who wonder:
[code=php]<?
// this code will display error messages if any…
ini_set (‘display_errors’, 1);
/// —> end displaying errors…
include(“dbinfo.inc.php”);
$company=$_POST[‘company’];
$address=$_POST[‘address’];
$city=$_POST[‘city’];
$state=$_POST[‘state’];
$zip=$_POST[‘zip’];
$url=$_POST[‘url’];
$contact=$_POST[‘contact’];
$phone=$_POST[‘phone’];
$mobile=$_POST[‘mobile’];
$fax=$_POST[‘fax’];
$email=$_POST[’email’];
$proposal_date=$_POST[‘proposal_date’];
$invoice_date=$_POST[‘invoice_date’];
$invoice_number=$_POST[‘invoice_number’];
$amount=$_POST[‘amount’];
$notes=$_POST[‘notes’];
$comments=$_POST[‘comments’];
$project=$_POST[‘project’];
$estimate=$_POST[‘estimate’];
$deposit=$_POST[‘deposit’];
$projecturl=$_POST[‘projecturl’];
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( ‘Unable to connect to the database because: ‘ . mysql_error());
$query = “INSERT INTO content VALUES (”,’$company’,’$address’,’$city’,’$state’,’$zip’,’$url’,’$contact’,’$phone’,’$mobile’,’$fax’,’$email’,’$proposal_date’,’$invoice_date’,’$invoice_number’,’$amount’,’$notes’,’$comments’,’$project’,’$estimate’,’$deposit’,’$projecturl’)”;
mysql_query($query);
echo “<P><P><center><B>Congrats!</B><BR>The record has been added successfully!</center>”;
mysql_close();
?>
[code=php]
$result = mysql_query($query);
if($result !== FALSE)
{
if(mysql_affected_rows($result) == 0)
{
echo "<p>Database Error " . mysql_errno($result) . ": " . mysql_error() . "</p>n";
}
}
else
{
echo "<p>ERROR: Unknown error occured while attempting to insert data into database.</p>n";
}
[/code]
[code=php]
$result = mysql_query($query);
if($result == FALSE or mysql_affected_rows($result) == 0)
{
echo "<p>Database Error " . mysql_errno() . ": " . mysql_error() . "</p>n";
}
[/code]
$userprofiles_tablename = 'userprofiles';
$userprofiles_table_def = "indexnumber INT(31) DEFAULT '0' NOT NULL AUTO_INCREMENT,";
$userprofiles_table_def .= "userid INT(30) DEFAULT '0' NOT NULL,";
$userprofiles_table_def .= "lastname CHAR(40) NOT NULL,";
$userprofiles_table_def .= "firstname CHAR(40) NOT NULL,";
$userprofiles_table_def .= "password CHAR(20) NOT NULL,";
$userprofiles_table_def .= "lastlogin BIGINT(40) DEFAULT '0' NOT NULL,";
$userprofiles_table_def .= "division CHAR(15) NOT NULL,";
$userprofiles_table_def .= "usertype CHAR(10) NOT NULL,";
$userprofiles_table_def .= "title CHAR(40) NOT NULL,";
$userprofiles_table_def .= "accesslevel INT(30) DEFAULT '0' NOT NULL,";
$userprofiles_table_def .= "contactnumber CHAR(30) NOT NULL,";
$userprofiles_table_def .= "email CHAR(200) NOT NULL,";
$userprofiles_table_def .= "flags CHAR(20) NOT NULL,";
$userprofiles_table_def .= "ftpuploadabletypes TEXT,";
$userprofiles_table_def .= "ftpuploadabledirectories TEXT,";
$userprofiles_table_def .= "notes TEXT,";
$userprofiles_table_def .= "PRIMARY KEY (indexnumber),";
$userprofiles_table_def .= "INDEX (userid, lastname, firstname, lastlogin, usertype, accesslevel, flags)";
$filefolders_tablename = 'filefolders';
$filefolders_table_def = "indexnumber INT(31) DEFAULT '0' NOT NULL AUTO_INCREMENT,";
$filefolders_table_def .= "foldernumber INT(30) DEFAULT '0' NOT NULL,";
$filefolders_table_def .= "parentnumber INT(30) DEFAULT '0' NOT NULL,";
$filefolders_table_def .= "location CHAR(100) NOT NULL,";
$filefolders_table_def .= "foldername CHAR(20) NOT NULL,";
$filefolders_table_def .= "adminid INT(30) DEFAULT '0' NOT NULL,";
$filefolders_table_def .= "minlevel INT(30) DEFAULT '0' NOT NULL,";
$filefolders_table_def .= "notes TEXT,";
$filefolders_table_def .= "PRIMARY KEY (indexnumber),";
$filefolders_table_def .= "INDEX (foldernumber, parentnumber, location, foldername, adminid)";
[/QUOTE]
Yes, I have user name and password in the database but I don't want this in the form....I guess I have to.....[/QUOTE]
<i>
</i>INSERT INTO table_name (col1, col2, col3) VALUES ('val1', 'val2', 'val3);
... or ...
INSERT INTO table_name SET col1='val1', col2='val2', col3='val3';
Well, currently I have user name and password in the "content" table so the query statement works fine, however if I have username and password in a separate table called "login" I have to change the query so it compares the id from "login" with the id from "content". This is where I'm confused...[/QUOTE]
I read that storing login info in sessions is not very secure. Also, my clients don't create anything, they just view their personal info...[/QUOTE]
I already have a login and it uses sessions.
I also have a separate table with just the login info and the user id, but because I wasn't able to figure out how to define the query I ended up adding the login info to the main table.
So all I need to know is how to set up the query to compare two tables.[/QUOTE]
How do you 'grab' the user id from the login table. I mean, what code do I add to the session code? Or does that mean that I have to create an additional query that compares the user id to the user name and puts this info into the session?
Sorry, I'm totally confused here....[/QUOTE]
[CODE]
$sque = "SELECT * FROM userprofiletable WHERE username = '$loginname' LIMIT 1";
$result = mysql_query($sque, $link_id);
$qdata1 = mysql_fetch_object($result);
if ($qdata1->password == "$loginpassword" && other login logic) {
$userprofile = $qdata1;
//also I like to modify the users statistics here, like last login and stuff.
}
[/CODE]
[CODE]
$query="SELECT * FROM content WHERE useridnumber='$userprofile->useridnumber'";
[/CODE]
[code=php]<?php
session_start();
ob_start();
include("database.php");
$sque = "SELECT * FROM users WHERE username = '$username' LIMIT 1";
$result = mysql_query($sque, $link_id);
$qdata1 = mysql_fetch_object($result);
if ($qdata1->password == "$password") {
$userprofile = $qdata1;
include "include/newsession2.php";
header ('Location:main.php');
exit();
} else {
session_unset();
print "Wrong Login. Use your correct User Name and Password and try again.<br> <input type='submit' value='Retry' onClick='history.go(-1)'>";
}
mysql_close();
?>[/code]
$result = mysql_query($sque, $link_id);[/QUOTE]
$result = mysql_query($sque);[/QUOTE]
0.1.9 — BETA 5.18