Welcome to WebmasterWorld Guest from 54.81.220.239

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Issues submitting a form

Intermittant problems submitting a form

     
5:21 pm on May 13, 2018 (gmt 0)

New User

joined:May 13, 2018
posts:11
votes: 2


I am brand new to php and mysql.(I have been learning it for 3 weeks) I have a web form that submits data to a mysql database and it works intermittently. I have narrowed the problem down to one text area form field. Depending on what is entered into this form field the data will be submitted or not. The varchar is set to 65000 should it should not be a space issue. I am not sure what other information to provide.

This works:

2016-2017
Dinamo Bucharest (Romania A1)

2015-2016
LP-Vampula (Finland, Champions League)
Highest regular season hitting percentage (56.51%)
2014 - 2015
SATU MARE (Romania)

Michigan State University (2010-2013)
Team USA National A2 Team (2010-2013)
Member of USA Training Team (2014)
USA Professional Volleyball League (PVL) Tournament (2014) Team GEVA, Chesapeake Rising Tide (2015)

-Finished 1st all time in block assists, and single season block assists at MSU
-2nd all time in hitting percentage and total blocks at MSU
2011-2013: 3 NCAA tournament berths (2nd round (2011), back to back NCAA Regional Semifinal appearances (2012 & 2013)
2013: AVCA All-America Honorable Mention
2013: AVCA All-North Region First Team
2013: All-Big Ten Honorable Mention
2013: Hokie Invitational and Butler Invitational All-Tournament Team
2012: COBRA Magazine All-National First Team
2012: Big Ten Defensive Player of the Week (Sept 17)
2012: Charleston Invitational, Spartan Showcase and UCONN Classic All-Tournament Team
2012: Preseason All-Big Ten
2011: COBRA Magazine All-Region First Team
2011: Spartan Showcase, Best Western Falcon Invite and Spartan Invitational All-Tournament Team
2010: Big Ten Freshman of the Week (Nov 22 & Nov 29)
2010: Big Ten Defensive Player of the Week (Nov 29)


But this does not:

Racing Club de Cannes (Pro A France)- 2017/2018
March 2018- French Cup Champion
April 2018- Finished regular season in 2nd place. Currently, in semi-finals of the championship

Canadian Senior National Team (2016-2018)
May 2016- Selected to senior national team
June 2017- Starting reception libero for Pan American Cup (Peru, 6th place)
July 2017- Starting reception libero for Grand Prix
October 2017- Grand Champions of the NORCECA Continental Championship and World Championship Qualification Tournament. Starting reception libero.

VC Tirol (Pro A Austria)- 2016/2017
- October 2017- named co-captain of professional team
- February 2017- Finished 1st in total kills and 3rd in total points in the Austrian league

University- UBC Okanagan 2011-2016
2015/2016
- Named co-captain of university team (UBC-O Heat)
- Canada West- Star of the week award
- Canada West- Second team all star award
- Lead the team in kills, kills/set, points, points/set, aces, and aces/set
- Canada West Silver Medalist
- National Bronze Medalist
- Finalist for UBC- Okanagan's Most Outstanding Athlete of the Year
2014/2015
- Canada West Athlete of the week
- Nominated for UBC Okanagan Most Outstanding athlete of the year
- 6th in Canada West in Kills/set and points/set
- Lead team in kills, kills/set, points, and points/set

Team British Columbia (U-15 to U19)
- 2013- Selected to Team BC for Canada Summer Games (Silver medal)
- 2011- National Champion- tournament all star


Here is my php code and the problem form field is PlayerWriteUp


<?php include('../../connect.php'); ?>

<?php
$PlayerFirstName = $_POST['PlayerFirstName'];
$PlayerLastName = $_POST['PlayerLastName'];
$PlayerFullName = $_POST['PlayerFullName'];
$Agency = $_POST['Agency'];
$CurrentNumber = $_POST['CurrentNumber'];
$EditedBy = $_POST['EditedBy'];
$EUPassportDetails = $_POST['EUPassportDetails'];
$FacebookCode = $_POST['FacebookCode'];
$FBNumericID = $_POST['FBNumericID'];
$HaveEUPassport = $_POST['HaveEUPassport'];
$headshot = $_POST['headshot'];
$HighLightVideo = $_POST['HighLightVideo'];
$HighLightVideoID = $_POST['HighLightVideoID'];
$InternalNotes = $_POST['InternalNotes'];
$IPField = $_POST['IPField'];
$NameOnPassport = $_POST['NameOnPassport'];
$PassportExpires = $_POST['PassportExpires'];
$PassportNumber = $_POST['PassportNumber'];
$PersonEvaluating = $_POST['PersonEvaluating'];
$PlayerAddress = $_POST['PlayerAddress'];
$PlayerBlockTouch = $_POST['PlayerBlockTouch'];
$PlayerCareerHighlights = $_POST['PlayerCareerHighlights'];
$PlayerCountry = $_POST['PlayerCountry'];
$PlayerCurrentTeam = $_POST['PlayerCurrentTeam'];
$PlayerDateOfBirth = $_POST['PlayerDateOfBirth'];
$PlayerEmail = $_POST['PlayerEmail'];
$PlayerFavCountries = $_POST['PlayerFavCountries'];
$PlayerHeight = $_POST['PlayerHeight'];
$PlayerID = $_POST['PlayerID'];
$PlayerMobile = $_POST['PlayerMobile'];
$PlayerNationality = $_POST['PlayerNationality'];
$PlayerPassword = $_POST['PlayerPassword'];
$PlayerPhone = $_POST['PlayerPhone'];
$PlayerPlaceOfBirth = $_POST['PlayerPlaceOfBirth'];
$PlayerPrimaryPosition = $_POST['PlayerPrimaryPosition'];
$PlayerSalary = $_POST['PlayerSalary'];
$PlayerSecondaryPosition = $_POST['PlayerSecondaryPosition'];
$PlayerSex = $_POST['PlayerSex'];
$PlayerSpikeTouch = $_POST['PlayerSpikeTouch'];
$PlayerStatus = $_POST['PlayerStatus'];
$PlayerWeight = $_POST['PlayerWeight'];
$PlayerWriteUp = $_POST['PlayerWriteUp'];
$PPI = $_POST['PPI'];
$RegisteredOn = $_POST['RegisteredOn'];
$VideoID1 = $_POST['VideoID1'];
$VideoID2 = $_POST['VideoID2'];
$VideoID3 = $_POST['VideoID3'];
$VideoID4 = $_POST['VideoID4'];
$VideoURL1 = $_POST['VideoURL1'];
$VideoURL2 = $_POST['VideoURL2'];
$VideoURL3 = $_POST['VideoURL3'];
$VideoURL4 = $_POST['VideoURL4'];
$Whatsapp = $_POST['Whatsapp'];
$AccompaniedBy = $_POST['AccompaniedBy'];
$UniqueID = $_POST['UniqueID'];


//EUPassportDetails did not work for some reason.

//$result = mysqli_query($dbc, "INSERT INTO `Players`(`PlayerFirstName`, `PlayerLastName`, `PlayerFullName`, `Agency`, `CurrentNumber`, `EditedBy`, `FacebookCode`, `FBNumericID`, `HaveEUPassport`, `headshot`, `HighLightVideo`, `HighLightVideoID`, `InternalNotes`, `IPField`, `NameOnPassport`, `PassportExpires`, `PassportNumber`, `PersonEvaluating`, `PlayerAddress`, `PlayerBlockTouch`, `PlayerCareerHighlights`, `PlayerCountry`, `PlayerCurrentTeam`, `PlayerDateOfBirth`, `PlayerEmail`, `PlayerFavCountries`, `PlayerHeight`, `PlayerID`, `PlayerMobile`, `PlayerNationality`, `PlayerPassword`, `PlayerPhone`, `PlayerPlaceOfBirth`, `PlayerPrimaryPosition`) VALUES ('$PlayerFirstName','$PlayerLastName','$PlayerFullName','$Agency','$CurrentNumber','$EditedBy','$FacebookCode','$FBNumericID','$HaveEUPassport','$headshot','$HighLightVideo','$HighLightVideoID','$InternalNotes','$IPField','$NameOnPassport','$PassportExpires','$PassportNumber','$PersonEvaluating','$PlayerAddress',$PlayerBlockTouch,'$PlayerCareerHighlights','$PlayerCountry','$PlayerCurrentTeam','$PlayerDateOfBirth','$PlayerEmail','$PlayerFavCountries',$PlayerHeight,'$PlayerID','$PlayerMobile','$PlayerNationality','$PlayerPassword','$PlayerPhone','$PlayerPlaceOfBirth','$PlayerPrimaryPosition')");





$result = mysqli_query($dbc, "INSERT INTO `Players`(`PlayerFirstName`, `PlayerLastName`, `PlayerFullName`, `Agency`, `CurrentNumber`, `EditedBy`, `FacebookCode`, `FBNumericID`, `HaveEUPassport`, `headshot`, `HighLightVideo`, `HighLightVideoID`, `InternalNotes`, `IPField`, `NameOnPassport`, `PassportExpires`, `PassportNumber`, `PersonEvaluating`, `PlayerAddress`, `PlayerBlockTouch`, `PlayerCareerHighlights`, `PlayerCountry`, `PlayerCurrentTeam`, `PlayerDateOfBirth`, `PlayerEmail`, `PlayerFavCountries`, `PlayerHeight`, `PlayerID`, `PlayerMobile`, `PlayerNationality`, `PlayerPassword`, `PlayerPhone`, `PlayerPlaceOfBirth`, `PlayerPrimaryPosition`, `PlayerSalary`, `PlayerSecondaryPosition`, `PlayerSex`, `PlayerSpikeTouch`, `PlayerStatus`, `PlayerWeight`, `PlayerWriteUp`, `PPI`, `RegisteredOn`, `VideoID1`, `VideoID2`, `VideoID3`, `VideoID4`, `VideoURL1`, `VideoURL2`, `VideoURL3`, `VideoURL4`, `Whatsapp`, `AccompaniedBy`) VALUES ('$PlayerFirstName','$PlayerLastName','$PlayerFullName','$Agency','$CurrentNumber','$EditedBy','$FacebookCode','$FBNumericID','$HaveEUPassport','$headshot','$HighLightVideo','$HighLightVideoID','$InternalNotes','$IPField','$NameOnPassport','$PassportExpires','$PassportNumber','$PersonEvaluating','$PlayerAddress',$PlayerBlockTouch,'$PlayerCareerHighlights','$PlayerCountry','$PlayerCurrentTeam','$PlayerDateOfBirth','$PlayerEmail','$PlayerFavCountries',$PlayerHeight,'$PlayerID','$PlayerMobile','$PlayerNationality','$PlayerPassword','$PlayerPhone','$PlayerPlaceOfBirth','$PlayerPrimaryPosition','$PlayerSalary','$PlayerSecondaryPosition','$PlayerSex',$PlayerSpikeTouch,'$PlayerStatus',$PlayerWeight,'$PlayerWriteUp',$PPI,'$RegisteredOn','$VideoID1','$VideoID2','$VideoID3','$VideoID4','$VideoURL1','$VideoURL2','$VideoURL3','$VideoURL4','$Whatsapp','$AccompaniedBy')");

echo mysql_errno($result) . ": " . mysql_error($result). "\n";

?>

<html>
<head>


</head>
<body>

<br>The Following information has been added to the database:
<br>Player: <?php echo $PlayerFirstName; ?> <?php echo $PlayerLastName; ?>

</body>
<html>




5:29 pm on May 13, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101


Waht is the problem? Is there an error message? Reported by PHP, by MySQL? Or is it the data which are not correctly recorded into the database?

May be it's a matter of special characters, in the text submitted, in all events, you must use mysqli_escape_string each time you insert string into a MySQL database.
5:42 pm on May 13, 2018 (gmt 0)

Full Member

5+ Year Member

joined:Aug 16, 2010
posts:257
votes: 21


Your second example contains a ' character. You must use the escape function for all your data fields. See [secure.php.net...]

Better option is to learn to use prepared statements ( [secure.php.net...] ). IThis way you are protected against mysql injection hacks and dont have to use the escape function.
11:27 pm on May 13, 2018 (gmt 0)

New User

joined:May 13, 2018
posts:11
votes: 2


There is no actual error message. The data just does not go in. It looks like everything is fine but nothing gets entered. I assumed the backslashes were a problem but I removed them and that did not fix it either. I will try and figure out what an escape string is and see if that does anything.
11:53 pm on May 13, 2018 (gmt 0)

New User

joined:May 13, 2018
posts:11
votes: 2


So I figured out that it was an apostrophe in the original text that caused everything to fail. The word Okanagan's in the second example screwed everything up. Not sure how to fix it just yet but at least I know what is causing it.
11:56 pm on May 13, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15699
votes: 810


There is no actual error message.
Did you mean: No error message that visibly displays to you when you‘re entering text? Or the site's php error log (php_error.log, unless you've renamed it) shows nothing for the relevant time period? This frankly surprises me, as my impression was that if you so much as look at the monitor cross-eyed, the php log will find something to complain about.
3:33 am on May 14, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


an apostrophe in the original text that caused everything to fail. The word Okanagan's in the second example screwed everything up. Not sure how to fix it
I think bhukkel gave you the solution:
You must use the escape
7:07 am on May 14, 2018 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Mar 25, 2018
posts:500
votes: 101



I think bhukkel gave you the solution:

You must use the escape



So I did.

you must use mysqli_escape_string each time you insert string into a MySQL database.
2:03 pm on May 14, 2018 (gmt 0)

New User

joined:May 13, 2018
posts:11
votes: 2


Thanks for the responses.However you are all assuming a level of knowledge that I do not posses :). I understand I need to use an escape. But I just don't know where I am supposed to put it in my code above. I have only been learning php for less than a month and honestly it feels like my head is going to explode.
5:59 pm on May 14, 2018 (gmt 0)

New User

joined:Nov 15, 2015
posts:39
votes: 2


Hi swelch15,

The quick and dirty answer is to replace the line of code

$PlayerWriteUp = $_POST['PlayerWriteUp']; 


with

$PlayerWriteUp = mysql_real_escape_string($_POST['PlayerWriteUp']);


The long and clean answer is -

All string variables that have user input values should be wrapped by this function.

[php.net ]

I recommend reading this and learning more - only this will prevent the 'head explosion' experiences.

As an aside, after almost 40 years of developing, I have found that the 'head explosions' continue, but my ability to clean up the mess has improved :-)

Hope all this helps

John
7:48 pm on May 14, 2018 (gmt 0)

New User

joined:May 13, 2018
posts:11
votes: 2


I just wanted to thank everyone for the help you gave me in particular John who was able to dumb it down enough for me to understand it. Your suggestions worked!
8:52 pm on May 14, 2018 (gmt 0)

New User

joined:Nov 15, 2015
posts:39
votes: 2


Not a problem :-)
11:20 pm on May 14, 2018 (gmt 0)

New User

joined:May 13, 2018
posts:11
votes: 2


Turns out it did not work. The form submits but all variables that put the escape on do not get copied to the database. :(
12:05 am on May 15, 2018 (gmt 0)

New User

joined:Nov 15, 2015
posts: 39
votes: 2


(I assume the record was inserted without values in the escaped fields)

Well, you need to start debugging now.
Try something like this to show a before and after value

echo $_POST['PlayerWriteUp'];
echo mysql_real_escape_string($_POST['PlayerWriteUp']);

Also in your original code you do have error code at the end of the php code, did that show anything?
12:39 am on May 15, 2018 (gmt 0)

New User

joined:May 13, 2018
posts:11
votes: 2


I checked the error log file and had the following error:
[15-May-2018 00:34:43 UTC] PHP Deprecated: mysql_real_escape_string(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/cerbback/public_html/SubmitPlayer.php on line 27
[15-May-2018 00:34:43 UTC] PHP Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in /home/cerbback/public_html/SubmitPlayer.php on line 27
[15-May-2018 00:34:43 UTC] PHP Warning: mysql_real_escape_string(): A link to the server could not be established in /home/cerbback/public_html/SubmitPlayer.php on line 27
[15-May-2018 00:34:43 UTC] PHP Deprecated: mysql_real_escape_string(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/cerbback/public_html/SubmitPlayer.php on line 34
[15-May-2018 00:34:43 UTC] PHP Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in /home/cerbback/public_html/SubmitPlayer.php on line 34
[15-May-2018 00:34:43 UTC] PHP Warning: mysql_real_escape_string(): A link to the server could not be established in /home/cerbback/public_html/SubmitPlayer.php on line 34
[15-May-2018 00:34:43 UTC] PHP Deprecated: mysql_real_escape_string(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/cerbback/public_html/SubmitPlayer.php on line 49
[15-May-2018 00:34:43 UTC] PHP Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in /home/cerbback/public_html/SubmitPlayer.php on line 49
[15-May-2018 00:34:43 UTC] PHP Warning: mysql_real_escape_string(): A link to the server could not be established in /home/cerbback/public_html/SubmitPlayer.php on line 49
[15-May-2018 00:34:43 UTC] PHP Deprecated: mysql_real_escape_string(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/cerbback/public_html/SubmitPlayer.php on line 61
[15-May-2018 00:34:43 UTC] PHP Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in /home/cerbback/public_html/SubmitPlayer.php on line 61
[15-May-2018 00:34:43 UTC] PHP Warning: mysql_real_escape_string(): A link to the server could not be established in /home/cerbback/public_html/SubmitPlayer.php on line 61
[15-May-2018 00:34:43 UTC] PHP Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /home/cerbback/public_html/SubmitPlayer.php on line 68
[15-May-2018 00:34:43 UTC] PHP Warning: mysql_errno() expects parameter 1 to be resource, boolean given in /home/cerbback/public_html/SubmitPlayer.php on line 87
[15-May-2018 00:34:43 UTC] PHP Warning: mysql_error() expects parameter 1 to be resource, boolean given in /home/cerbback/public_html/SubmitPlayer.php on line 87
[15-May-2018 00:34:43 UTC] PHP Deprecated: mysql_real_escape_string(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/cerbback/public_html/SubmitPlayer.php on line 105
[15-May-2018 00:34:43 UTC] PHP Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in /home/cerbback/public_html/SubmitPlayer.php on line 105
[15-May-2018 00:34:43 UTC] PHP Warning: mysql_real_escape_string(): A link to the server could not be established in /home/cerbback/public_html/SubmitPlayer.php on line 105
12:44 am on May 15, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Seems you're using code that's no longer supported: mysql_real_escape_string
Find the new code that replaces it.
1:13 am on May 15, 2018 (gmt 0)

New User

joined:Nov 15, 2015
posts: 39
votes: 2


Try this

[php.net ]