Script wont work 1

[je150]

Ive been toying with this script for quite some time now, i am trying to not only timestamp incoming data to MySQL but also assign a random variable. What's wrong with this...

<?

/* declare some relevant variables */

$hostname = &quot;localhost&quot;;
$username = &quot;root&quot;;
$dbName = &quot;drs&quot;;
$userstable = &quot;document&quot;;

/* make connection to database */
mysql_connect($hostname,$username,$password) or die(&quot;Unable to connect to database&quot;

@mysql_select_db(&quot;$dbName&quot or die(&quot;Unable to select database&quot;

print &quot;<center>&quot;;
print &quot;Data is Being Processed, please wait....&quot;;
print &quot;</center>&quot;;



/* Insert information into table */
$today= date(&quot;m-d-Y&quot;
$query = &quot;insert into $userstable ( id, subject,importance, comment, time )&quot; .
&quot;values (&quot;
&quot;'&quot; . mt_rand (10000, 999999) . &quot;',&quot; .
&quot;'&quot; . $_post['subject'] . &quot;',&quot; .
&quot;'&quot; . $_post['importance'] . &quot;',&quot; .
&quot;'&quot; . $_post['comment'] . &quot;',&quot; .
&quot;'&quot; . $today . &quot;',&quot; .
&quot&quot;;


$result = mysql_query($query);


/* Close the database connection */
mysql_close();
?>

 

[DRJ478]

Here are some ideas to check out what's happening:

You have no error checking on your SQL statement. By the first look it appears that you have an empty and superfluous parameter in the VALUES clause. This is because you add a comma after $today:

&quot;'&quot; . $today . &quot;',&quot; .

Add the error test:

$result = mysql_query($query) OR die(mysql_error());

That will tell you why it fails.

Also:
It's advisable to create another user than 'root' and restrict it to the databases it's supposed to use. This will make sure that nobody can actually change anything in the access privileges database.
Use that user exclusively to access the data from web applications.

 

[je150]

Tried that, but still came up wit the error


Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /var/

http://www/html/submit.php

on line 32

I know about the root thing but this is just a test box, so for now theres no access to it anyway and security is the least of my worries but thanx for the tip... code now reads..

/* Insert information into table */
$today= date(&quot;m-d-Y&quot;
$query = &quot;insert into $userstable ( id, subject,importance, comment, time )&quot; .
&quot;values (&quot;
&quot;'&quot; . mt_rand (10000, 999999) . &quot;',&quot; .
&quot;'&quot; . $_post['subject'] . &quot;',&quot; .
&quot;'&quot; . $_post['importance'] . &quot;',&quot; .
&quot;'&quot; . $_post['comment'] . &quot;',&quot; .
&quot;'&quot; . $today . &quot;'&quot; .
&quot&quot;;

 

[DRJ478]

/* Insert information into table */
$today= date("m-d-Y");
$query = "insert into $userstable ( id, subject,importance, comment, time )" .
    "values ("[\code][b][COLOR=red].[/color][/b][code]
    "'" . mt_rand (10000, 999999)     . "'," .
    "'" . $_post['subject']            . "'," .
    "'" . $_post['importance']        . "'," .
    "'" . $_post['comment']            . "'," .
    "'" . $today                      . "'" .
    ")";

See the red dot?

 

[je150]

That got it, thanks a bundle........ stupid . (dot) i swear, this sntax is driving me crazy on low levels of sleep...