Collegeboox Posted October 24, 2011 Share Posted October 24, 2011 Below are two pages...Post.php. and Posted.php the posted page checks and makes sure everything is filled out and makes sure that the link has not been already added. The problem I am having is that it is not pulling over the link information. Every time you hit submit it drops down and goes to saying that you forgot to fill something in and I have it showing everything right now so when that happens I can see what is not going through and the $link never comes through. Any ideas? if anyone needs a better explanation please post and I will try to explain better....basically I am trying to post and everything posts but the link. POST.PHP <h1>Post</h1> <div class="descr"></div><form method="post" action="posted.php"> <table align="center"> <tr> <td> Youtube Embed Link </td> <td> <input name="link" type="text" id="link"/> </td> </tr> <tr> <td> Title Of Song </td> <td> <input name="title" type="text" id="title" /> </td> </tr> <tr> <td> Author </td> <td> <input name="author" type="text" id="author" /> </td> </tr> <tr> <td> Text: </td> <td> <input name="information" type="text" id="information" /> <br /> </td> </tr> <tr> <td colspan="2" align="center"> <br> <input name="submit" type="submit" value="Post" /> </td> </tr> </table> </form> POSTED.PHP <?php //msut be logged in page session_start(); if ($_SESSION['username']) { echo""; } else die("You must log in first!"); //form information $submit = $_POST['submit']; $row4 = $_SESSION['username']; // form data $link = strip_tags($_POST['link']); $information = strip_tags($_POST['information']); $title = strip_tags($_POST['title']); $author = strip_tags($_POST['author']); $date = date('Y-m-d'); //Connect To Database $hostname=''; $username2=''; $password2=''; $dbname=''; mysql_connect($hostname,$username2, $password2) OR DIE ('Unable to connect to database! Please try again later.'); mysql_select_db($dbname); $querycheck = "SELECT * FROM videos WHERE username='$row4'"; $result = mysql_query($querycheck); while($rowz = mysql_fetch_array($result)) $linkcheck = $rowz['link']; if ($submit) { if ($link&&$information&&$title&&$author) { if ($link == $linkcheck) { die ("This link has already been posted."); } else { //Connect To Database $hostname=''; $username2=''; $password2=''; $dbname=''; mysql_connect($hostname,$username2, $password2) OR DIE ('Unable to connect to database! Please try again later.'); mysql_select_db($dbname); $queryreg = mysql_query("INSERT INTO videos Values ('','$row4','$link','$title','$author','$information','$date')"); } } else { die ("You forgot to put something in the link/title/author/text box. $information $title $link $author"); } } ?> Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted October 24, 2011 Share Posted October 24, 2011 You don't need to connect to a database twice. Once you're connected, the connection stays open until the script ends, you manually close it, or you attempt to open another connection and you don't specify to keep the current one open. Similarly, you don't need a while-loop if you're only retrieving a single row of data. The entire point of loops is to iterate over multiple items. You also neglect to put brackets in the loop anyway. Ultimately, you need to do some bare bones basic debugging. That means turning on error reporting by putting the following at the top of your files: ini_set('display_errors', 1); error_reporting(E_ALL | E_STRICT); which will display all errors, warnings, and notices when things break. That will help you narrow down your problems. You also need to escape your incoming string (read: text) data. Stripping tags does nothing to protect your database from injection attacks. mysql_real_escape_string - learn it, use it, love it. Quote Link to comment Share on other sites More sharing options...
Collegeboox Posted October 24, 2011 Author Share Posted October 24, 2011 I understand and I will put that in my code now, however did you see anything that could be causing my problem. Quote Link to comment Share on other sites More sharing options...
Collegeboox Posted October 24, 2011 Author Share Posted October 24, 2011 I am getting this error when i put that code in... Notice: Undefined index: embedded in /home/content/71/8511971/html/posted.php on line 20... I kind of understand what it is saying but I do not know how to fix it, any ideas? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 24, 2011 Share Posted October 24, 2011 What format is the link? Can you post some sample data? Quote Link to comment Share on other sites More sharing options...
Collegeboox Posted October 24, 2011 Author Share Posted October 24, 2011 This is what is being inputted in link line... <object style="height: 390px; width: 640px"><param name="movie" value="http://www.youtube.com/watch?v=NhO-tTsxVso?version=3&feature=player_embedded"><param name="allowFullScreen" value="true"><param name="allowScriptAccess" value="always"><embed src="http://www.youtube.com/watch?v=NhO-tTsxVso?version=3&feature=player_embedded" type="application/x-shockwave-flash" allowfullscreen="true" allowScriptAccess="always" width="640" height="360"></object> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 24, 2011 Share Posted October 24, 2011 And what do you think the strip_tags() function you run on all the incoming form data might do to that? Quote Link to comment Share on other sites More sharing options...
Collegeboox Posted October 24, 2011 Author Share Posted October 24, 2011 haha I am assuming messing it up, but I mean it used to work. I posted a couple things then all of a sudden I get the error. So what should I change it to? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 24, 2011 Share Posted October 24, 2011 It's one giant tag, so strip_tags() removes it entirely. There is no reason to use strip_tags() on data simply to insert it in a database. If you're thinking it's protecting you from SQL injection, it isn't. That code is wide open to injection. You should be validating and escaping or casting data before using it in a query. Quote Link to comment Share on other sites More sharing options...
Collegeboox Posted October 24, 2011 Author Share Posted October 24, 2011 To be honest at this point I am not worried about people injecting stuff into the website because the page that this is on is password protected. Can you give me the code that you would use. I am not familiar with casting. Quote Link to comment Share on other sites More sharing options...
xyph Posted October 24, 2011 Share Posted October 24, 2011 The article in my signature covers SQL injection. Quote Link to comment Share on other sites More sharing options...
Collegeboox Posted October 24, 2011 Author Share Posted October 24, 2011 well i guess just taking the strp out made it work I want to thank everyone that helped me....THANK YOU Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.