- Impact
- 2
have been looking at this problem for 2 hours, and can't figure it out
i have a problem inserting data to my database
it's for a pm system
Database
even this won't work, with fixed values
i have a problem inserting data to my database
it's for a pm system
Database
Code:
CREATE TABLE IF NOT EXISTS `private` (
`id` int(11) NOT NULL auto_increment,
`to` varchar(100) NOT NULL,
`from` varchar(100) default NULL,
`subject` varchar(100) default NULL,
`message` longtext,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
PHP:
<?php include ("../includes/db_connect.php") ; ?>
<?php
if (isset($_POST['submit'])) {
// check if username exists in database.
if (!get_magic_quotes_gpc()) {
$_POST['sendto'] = addslashes($_POST['sendto']);
}
$qry = "SELECT username FROM users WHERE username = '".$_POST['sendto']."'";
$name_check = $db_object->query($qry);
if (DB::isError($name_check)) {
die($name_check->getMessage());
}
$name_checkk = $name_check->numRows();
if ($name_checkk = 0) {
header('Location: compose.php?error=Sorry, the user: <strong>'.$_POST['sendto'].'</strong>'
. ' does not exist.');
exit;
}
// no HTML tags in username, website, location, password
$_POST['sendto'] = strip_tags($_POST['sendto']);
$_POST['from'] = strip_tags($_POST['from']);
$_POST['subject'] = strip_tags($_POST['subject']);
$_POST['message'] = strip_tags($_POST['message']);
if (!get_magic_quotes_gpc()) {
$_POST['subject'] = addslashes($_POST['subject']);
$_POST['message'] = addslashes($_POST['message']);
}
$insert = "INSERT INTO pm (
from,
to,
subject,
message)
VALUES (
'$_POST['from']',
'$_POST['sendto']',
'$_POST['subject']',
'$_POST['message']')";
$send_message = $db_object->query($insert);
if (DB::isError($send_message)) {
die($send_message->getMessage());
}
$db_object->disconnect();
header('Location: ../index.php');
}
?>
even this won't work, with fixed values
PHP:
<?php require('db_connect.php'); ?>
<?php
$insert = "INSERT INTO pm ( from, sendto, subject, message)
VALUES ( '1', '2', 'test', 'message')";
$send_message = $db_object->query($insert);
if (DB::isError($send_message)) {
die($send_message->getMessage());
}
$db_object->disconnect();
header('Location: ../index.php');
?>