Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 02-28-2006, 05:42 PM
error_22 error_22 is offline
 
Join Date: Nov 2004
Location: Stockholm, Sweden
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default <select> problem

HTML Code:
<form action="new_isy.php" method="POST">
First name:<br>
<input type="text" name="fname"><br>
Last name:<br>
<input type="text" name="lname"><br>
Email:<br>
<input type="text" name="email"><br>
Head<br>
<input type="text" name="head"><br>
Message<br>
<textarea name="message" cols="30" rows="8"></textarea><br>
<select name="category">
<option>option1</option>
<option>option2</option>
<option>option3</option>
<option>option4</option>
</select><br><br>
<input type="submit" value="Send"></form>
new_isy.php:
PHP Code:
$date date("Y-m-d H:i:s");
    
$sql "INSERT INTO `ads` 
            (
            `fname`, 
            `lname`, 
            `email`, 
            `head`, 
            `message`, 
            `category`, 
            `date`
            )
    VALUES     (
            '
{$_POST['fname']}', 
            '
{$_POST['lname']}', 
            '
{$_POST['email']}', 
            '
{$_POST['head']}', 
            '
{$_POST['message']}', 
            '
{$_POST['category']}', 
            '
$date'
            )"
;

mysql_query($sql) or die("SQL: $sql ".mysql_error());

// ##### Back to main page #####
header ("Location: index.php");
exit; 
Ok so i want option1/option2/option3/option4 to be saved in the field called "category". The point is that people can choose a category and that category should be saves in the db. What am i doing wrong?

Thanks in advance
Niklas
Reply With Quote
  #2  
Old 02-28-2006, 05:44 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Give each option a "value" attribute.

Also, perish the thought of using raw user data in queries. Escape it always.
Reply With Quote
  #3  
Old 02-28-2006, 05:57 PM
error_22 error_22 is offline
 
Join Date: Nov 2004
Location: Stockholm, Sweden
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

HTML Code:
<form action="new_isy.php" method="POST">
First name:<br>
<input type="text" name="fname"><br>
Last name:<br>
<input type="text" name="lname"><br>
Email:<br>
<input type="text" name="email"><br>
Head<br>
<input type="text" name="head"><br>
Message<br>
<textarea name="message" cols="30" rows="8"></textarea><br>
<select name="category">
<option value="option1">option1</option>
<option value="option2">option2</option>
<option value="option3">option3</option>
<option value="option4">option4</option>
</select><br><br>
<input type="submit" value="Send"></form>
Like that you mean? its still not working

And what do you mean by "raw user data in queries"?

Thanks
Reply With Quote
  #4  
Old 03-06-2006, 07:28 PM
error_22 error_22 is offline
 
Join Date: Nov 2004
Location: Stockholm, Sweden
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

anyone?
Reply With Quote
  #5  
Old 03-06-2006, 08:39 PM
Princeton's Avatar
Princeton Princeton is offline
 
Join Date: Nov 2001
Location: Vineland, NJ
Posts: 6,693
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
And what do you mean by "raw user data in queries"?
what he means is that you should make sure that all data is checked/cleaned before saving it into the database

(security risk)
Reply With Quote
  #6  
Old 03-06-2006, 09:08 PM
error_22 error_22 is offline
 
Join Date: Nov 2004
Location: Stockholm, Sweden
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by princeton
what he means is that you should make sure that all data is checked/cleaned before saving it into the database

(security risk)
and how do i do that?
Reply With Quote
  #7  
Old 03-21-2006, 04:16 PM
error_22 error_22 is offline
 
Join Date: Nov 2004
Location: Stockholm, Sweden
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

bump
Reply With Quote
  #8  
Old 03-21-2006, 09:40 PM
Xenon's Avatar
Xenon Xenon is offline
 
Join Date: Oct 2001
Location: Bavaria
Posts: 12,878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

take a look into a general vb-file, especially how they user $vbulletin->gpc and these parts of code
Reply With Quote
  #9  
Old 03-23-2006, 09:02 AM
error_22 error_22 is offline
 
Join Date: Nov 2004
Location: Stockholm, Sweden
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

hmmm how would that string of code help me when I have no idea what any of you are talking about? I think you have forgotten what its like to not understand
Reply With Quote
  #10  
Old 03-23-2006, 08:00 PM
Xenon's Avatar
Xenon Xenon is offline
 
Join Date: Oct 2001
Location: Bavaria
Posts: 12,878
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

well, sorry but we can't teach you coding by posting on this forum.

we can just give you examples of how good code looks like, and i said, you should take any vb-file as an example, and will see that nowhere a $_POST is entered directly into the db, but all results are sanitized by the $vbulletin->gpc_cleaner
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:28 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06288 seconds
  • Memory Usage 2,269KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_html
  • (1)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete