2

I want to make a 2 field input form to my MySQL database. I connect to the database with no problem and even can post if I want, but the form is giving an error. (I'm already connected to the database at this point and I can test that is working)

This is the form:

<form action="insert.php" method="post">
Title: <input type="text" name="title" />
Privacy: <select type="text" name="privacy" />
  <option value="public">Publico</option>
  <option value="private">Privado</option>
</select>
<input type="submit" />
</form>

This is the insert.php file:

<?  
mysql_select_db("copoetry", $con);
$sql="INSERT INTO Poems (Title, Privacy)
VALUES
('$_POST[title]','$_POST[privacy]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";
mysql_close($con)
?>

When I press submit I get this error:

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/content/02/6945202/html/copoetry/insert.php on line 2

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/content/02/6945202/html/copoetry/insert.php on line 7
Error:

What am I doing wrong? Thanks

Improve this question
4
  • 1
    where do you connect to the DB? Commented Jul 27, 2011 at 9:07
  • 1
    In addition to the DB connection missing the query string isn't correct: do echo $sql; to see why. Don't forget to sanitize your input too. Commented Jul 27, 2011 at 9:11
  • $con is defined on my header, putting the PHP code directly in the file writes a blank row in the database so the connection works. However when put on a different file, I get this error. Commented Jul 27, 2011 at 9:20
  • 1
    You're not including the header file anywhere. Commented Jul 27, 2011 at 9:24

4 Answers 4

Reset to default
2

Your $con variable should hold a connection to the database with mysql_connect();, you appear to removed this line at some point.

EG:

$con = mysql_connect('host', 'user', 'pass') or die(mysql_error());

Once you have done this successfully all your mysql_* calls will use that connection, so you could get rid of the $con variable anyway.

ALSO Don't forget to escape your inputs so that are safe, inserting a $_POST, $_GET or $_REQUEST variable straight into mysql is very unsafe. Make at the very least you run mysql_real_escape_string(); on each and every input you get from a form or cookie.

EG

// Create a shortcut function somewhere early in your script
function mes($input) { 
    return mysql_real_escape_string($input);
}

// SQL Example
$sql = "INSERT INTO Poems (Title, Privacy) VALUES ('".mes($_POST['title'])."','".mes($_POST['privacy'])."')";

Note the string concatenation (using fullstop) to separate the strings/variables.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I had defined $con in the header, I didn't realize I had to define it again in the insert file. Thanks
Also thanks for the info, could you tell me where should I add mysql_real_escape_string(); ? I have no idea in which part of the code it should be. Thanks
@Liso22 updates my answer. You shouldn't need to redefine $con, my guess is it's just not available to this script for whatever reason.
1

You're missing mysql_connect(). Try adding this. Also it's very unsafe to run a query with whatever comes from $_GET/$_POST/$_REQUEST.

Improve this answer

Comments

0

There's no connexion to your DB ;-)

Improve this answer

Comments

0

I think you have forgotten to specify mysql_connect() command.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.