(INSERT INTO...) not working

[randal_138]

Hello PHP freaks.  Having a few issues with my PHP scripts, specifically the $query = sprintf and mysql_real_escape_string functions.  Kind of new to this, so if you do reply, explain it to me like I am a complete moron...

 

Oh, before I forget.  My specific problem is that I can click the "Post" button and follow the header to "Location: view.php", but the actual text in the Subject and Message fields is not being sent to the database.  Finally managed to get rid of all the error messages I was getting, and now I get this...

 

Thanks in advance!

 

Here is my script for the entire page:

 

_____________________________________________________________

 

<?php

require_once('auth.php');

?>

<?php

mysql_connect('xxxxxx', 'xxxxxx', 'xxxxxx');

 

$subject = $_POST['subject'];

$message_text = $_POST['message_text'];

 

// add entry to the databse if the form was submitted and

// the necessary information was supplied in the form

if (isset($_POST['submitted']) && $subject && $message_text)

{

$query = sprintf('INSERT INTO FORUM_MESSAGE (SUBJECT, MSG_TEXT) VALUES ($subject, $message_text)', Ryan_iframe,

mysql_real_escape_string($subject),

mysql_real_escape_string($message_text));

mysql_query($query);

 

// redirect user to list of forums after new record has been stored

header('Location: view.php');

}

 

// form was submitted but not all the information was correctly filled in

else if (isset($_POST['submitted']))

{

$message = '<p>Not all information was provided.  Please correct ' .

'and resubmit.</p>';

}

?>

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>Member Index</title>

<link href="loginmodule.css" rel="stylesheet" type="text/css" />

</head>

<body>

<h1>Welcome <?php echo $_SESSION['SESS_FIRST_NAME'];?></h1>

Home | <a href="member-profile.php">My Profile</a> | <a href="logout.php">Logout</a>

 

<br /><br />

 

<form method="post">

<div>

<label for="subject">Subject: </label>

<input type="text" id="subject" name="subject" value="<?php echo htmlspecialchars($subject); ?>" /><br />

<label for="message_text">Message: </label>

<input type="text" id="message_text" name="message_text" value="<?php echo htmlspecialchars($message_text); ?>" /><br />

<input type="hidden" name="submitted" value="true" />

<input type="submit" value="Post" />

</div>

</form>

 

</body>

</html>

[revraz]

When troubleshooting queries, use mysql_error() after the query to see if any errors are produced.

You are sanitizing your variables after you put them into your query string, sanitize before.

You are missing single quotes around your variables in your query string, use double quotes around the entire string and single for the variables.

[randal_138]

Will give these a whirl and reply with the results. 

[Zurev]

I recommend echo'ing out your $query variable before it gets to the mysql_query line, then posting here what it returns, that'll give you an idea of what EXACT query is getting run, also, I second revraz's comment on mysql_error().

[randal_138]

The mysql_error() did wonders for me!  Not only was my syntax messed up in the $query string and the associated lines, but thanks to my organizational skill, the script was not actually connecting to the database.  mysql_connect() and mysql_select_db() did the trick and it now works.

 

You guys are awesome!

 

Ryan