Forum Moderators: open
INSERT INTO phpnews_news (mood,tags,time,month,year,subject,titletext,maintext,views,break,catid,trusted) VALUES ('1','tags','1187884757','8','2007','krishna','khanna','erts','0','0','1','0')
But NO values are not available in the db
<?php
session_start();if (!isset($_SESSION['token']))
{
session_regenerate_id();
$_SESSION['token'] = true;
}//check for token
if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
{//token is correct
$token_age = time() - $_SESSION['token_time'];
if ($token_age >= 600)
{//token correct but timeout
echo "Timeout!";
exit;
}
if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] )
{
// correct security code, now validate name and other field
// Strip slashes from all GPC data
include("$_SERVER[DOCUMENT_ROOT]/includes/stripgpcslash.inc.php");
//gpc slashes stripped
//connect to db
// Do includes
include("$_SERVER[DOCUMENT_ROOT]/includes/connect.inc.php");
// end includes
//connect to db
$fault=0;
if(strlen($_POST["subject"]) > 0)//name field is set
{
$n = $_POST['subject'];
if (strlen($n) > 0 && strlen($n) < 31) //valid and sql friendly name now in $name
{
$subject = trim(mysql_real_escape_string($_POST['subject']));
}
else {
// $n is not valid
echo "you to fill your subject properly.";
$fault++;
exit;
}
}
else {
//name not set
echo "you left the subject blank.";
$fault++;
exit;
}
//validation for next field
if(strlen($_POST["titletext"]) > 0)//titletext field is set
{
$titletext = trim(mysql_real_escape_string($_POST['titletext']));
}
else {
echo "you left the titletext blank.";
$fault++;
exit;
}
//validation for next field
if(strlen($_POST["maintext"]) > 0)//content field is set
{
$maintext = trim(mysql_real_escape_string($_POST['maintext']));
}
else {
echo "you left the content field blank.";
$fault++;
exit;
}
//validating next field
if(strlen($_POST["mood"]) > 0)
{
$n = $_POST['mood'];
if ($n > 0 && $n < 10)
{
$mood = trim(mysql_real_escape_string($_POST['mood']));
}
else {
echo "you to select the mood properly.";
$fault++;
exit;
}
}
else {
echo "you left the mood field blank.";
$fault++;
exit;
}
//validating next field
if(strlen($_POST["catid"]) > 0)
{
$n = $_POST['catid'];
if ($n > 0 && $n < 9)
{
$catid = trim(mysql_real_escape_string($_POST['catid']));
}
else {
echo "you to select the category properly.";
$fault++;
exit;
}
}
else {
echo "you left the category blank.";
$fault++;
exit;
}
//validating next field
if(strlen($_POST["tags"]) > 0)
{
$tags = trim(mysql_real_escape_string($_POST['tags']));
}
else {
echo "you left the tags field blank.";
$fault++;
exit;
}
//validating next field
$date = mktime(date("G"), date("i"), date("s"), date("n"), date("d"), date("Y"));
$month=date("n", $date);
$year=date("Y", $date);
$time = strtotime("now");
$ip = $_SERVER['REMOTE_ADDR'];
$sql="INSERT INTO phpnews_news (mood,tags,time,month,year,subject,titletext,maintext,views,break,catid,trusted)
VALUES ('$mood','tags','$time','$month','$year','$subject','$titletext','$maintext','0','0','$catid','0')";
mysql_close($con);
if(! $fault)
{
echo $sql;
exit;
}
}
else {
// security code is invalid
echo " invalid code.";
exit; }
}
else
{
echo "invalid referrer!";
exit;
}
?>
But NO values are not available in the db
Also, where in that script do you actually send the query to the database? I see where you assign a value to the variable $sql, but in the next line you close the db connection without ever doing anything.
