XP is just a number | |
PerlMonks |
Re: Re: Re: Re: Re: Right answer (wrong question...)by jarich (Curate) |
on Feb 24, 2004 at 23:07 UTC ( [id://331545]=note: print w/replies, xml ) | Need Help?? |
Almost right.
You need to make just one or two changes.... needs to become: and you need to move the insertion into the database up into the loop too. Becomes: You'll also need to make some beauty changes... this: should become this: etc. I'll leave any other of these up to you. What I've done, is remove the two newlines which were there so that the sql would be easy to read in the file. I believe that mysql would accept the newlines without a problem, but they're probably best removed. Now while this will PROBABLY solve most of your problems this will NOT make your code in the remotest bit secure. Nothing in this code appears to be able to stop me from adding something like the below into the description field. (quotes included). As far as I understand your code this should result in no errors, but should quietly drop your mysql_db table and lose all its records. This is why we've been recommending placeholders. You can rewrite this code to use place holders in a few ways. You can use the compact version that I suggested in my previous answer (which should work and would look a tonne nicer) or you could work them into this ugly assignment tree. Of course you could just hope that noone's going to be malicious and try to delete your data too.... but I don't recommend it. At the very least you should replace all occurances that look like: to look like: and don't forget to quote $FORM{Description} too. Good luck with all of this. I hope you've learned something. I'm sure that with a little bit more work you could have written your own guestbook script to use the database and do almost everything else you wanted. In fact, I recommend that you give that a go sometime, because it'll probably be a great learning experience. If my suggestions here still don't solve all of your problems then stop and think hard about what the code is actually doing, before you post again. And if you still don't understand what it's doing then AT THE VERY LEAST don't just say "it gives me errors" tell us WHAT errors it gives you. If the errors are on line 8 then tell us what line is line 8. Tell us what you've tried. Tell us what you think is happening. Give us some reason to believe that you're actually investing your own time into this problem rather than just insisting that we invest our own. Hope this helps, jarich
|