I keep getting the following errors: Warning: mysql_query() [function.mysql-query]: Access denied for user '*****'@'localhost' (using password: NO) in /home/*****.php on line 12 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /*****.php on line 12 Code (markup): The code: if ($submit){ mysql_query("INSERT INTO ****** (id, name, img, code) VALUES (' ', '{$_POST['name']}', '{$_POST['img']}', '{$_POST['code']}')"); } Code (markup): I tried just about everything but it doesn't want to work.. mysql_connect works fine.. password and username are correct.. I've been using this method for about two years now and this is the only time I'm experiencing these errors.. what am I doing wrong?
If your id field is an auto increment, just leave it out of your insert. Also, "name" might be a reserved word in mysql, so you might need to wrap it in backquotes, as in `name` (but don't do this in VALUES part of the clause, only in the INSERT INTO part) Try those changes and see if it works. mysql_query("INSERT INTO ****** (`name`, img, code) VALUES ('{$_POST['name']}', '{$_POST['img']}', '{$_POST['code']}')"); Code (markup):
Yes it works.. one strange thing I noticed is if I use echo "$name"; after setting $name = $_POST['name']; Its printed as $name and not as what was put in. If I just use echo $name; it works fine.. does it have something to do with that?
echo "$name"; should work fine echo '$name'; (in single quotes) will print out $name instead of the actual value. I wonder if your server needs a reboot, or if you're out of drive space on your either your log or db partitions?
I have plenty of space.. more than 200GB.. How can a server be rebooted? Another weird thing I noticed is that I have an IPB board running on the same server and it goes great..
I tried this now: $query = ("INSERT INTO ****** (name, image, code) VALUES ('$name', '$img', '$code')"); $result = mysql_query($query); The problem really appears to be the query.. everything else is working great now including the echo name thingy. I'm really out of ideas..
Ah, ok, the table name gives me an idea (and besides, what I'm about to recommend is good security practice anyhow). You need to wrap each inserted string in a call to mysql_real_escape_string() to escape out any quotes. Not only will this prevent sql injection attacks, but it also solves problems where quote characters in strings can screw up sql statements. Call the following before the query you just posted: $name = mysql_real_escape_string($_POST['name']); $img = mysql_real_escape_string($_POST['img']); $code = mysql_real_escape_string($_POST['code']); PHP:
Its giving me more errors: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user '*****'@'localhost' (using password: NO) in /home/url.php on line 7 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/url.php on line 7
It finally works.. I added the connection thingy to the php page instead of including it. I'm still working on safety issues but isn't it less safe to have that information on the page?
Good job. When you say "that information", do you mean the login information? If the include file you were using is located in your html directory tree, you're no less safe now than before. For highest safety, you would store the information in an ini file outside your site directory hierarchy, and get the login parameters via a call to parse_ini_file()
seems you're looking on the problem from the wrong point .. nothing wrong with your query .. why do you torture the query ? the server explicitly tells you that it can't connect to the DB Warning: mysql_query() [function.mysql-query]: Access denied for user '*****'@'localhost' (using password: NO) in /home/*****.php on line 12 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /*****.php on line 12 leave alone your query, and solve the problem of connecting to your DB mysql_connect(localhost, username, password) or die(mysql_error()); mysql_select_db(yourdbname) or die(mysql_error()); donno, you're probably aware of this, but just want to remind that even if you create a database with username "myname" and database name "myname", if your server is a cpanel hosting then it usually creates your db with following info: DBusername: yourmaindomain_myname DBname: yourmaindomain_myname instead of myname:myname .. so be sure you've paid attention to that hope that helps p.s. again, stop torturing your query .. the problem is not the query (yet)