The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
How 2 Insert Data Into Forum's Database Via A Form
Hello there
Actually I've been trying to code some modification, which requires member to fill a form in a vbulletin powered page, this form collects data & inserts it in the database. However it turned out that I'm not qualified enough to bring my idea to life So I had to ignore lots of quality standards such as normalization, & other security issues, & I couldn't, finally I thought that best way to get started by making a very simple version of my idea, hence I created a very simple table called testtable with just 2 columns one was id, & the other was: testcoulmn id column was the primary key & auto incremented, the other (i.e., testcolumn) was varchar with length of 100 and I made my page as explained here in vb.org, and here is my code: PHP Code:
associated with this template called TEST HTML Code:
$stylevar[htmldoctype] <html dir="$stylevar[textdirection]" lang="$stylevar[languagecode]"> <head> <title>$vboptions[bbtitle]</title> $headinclude </head> <body> $header $navbar <table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center"> <tr> <td class="tcat">Title</td> </tr> <tr> <td class="alt1"><form name="someform" method="POST" action="test.php?do=save"> <table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center"> <tr> <td class="alt2" align="center">The Test Form</td> <td class="alt2" align="center"> <input size="20" name="testform" dir="rtl"></td> </tr> <tr> <td cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]"colspan="2" class="tfoot" align="center"> <input type="submit" value="Submit"></td> </tr> </table> </form></td> </tr> </table> $footer </body> </html> Conclusion: I hope to get help in inserting data through a form into data base, just like what I'm trying to do. waiting for your help, guys thanks in advanced |
#2
|
|||
|
|||
Is my question this much difficult or is it constructed wrong or in inappropriate forum??
any way is it related to the data manger?? so data can't be inserted without datamanger techniques??? any hint please?? |
#3
|
||||
|
||||
You need to do your inserting before any print_output() calls. print_output() will immediately end the execution of the script.
Also, your script will be vulnerable to SQL injection attacks. You must escape any data inserted into a database with escape_string() (except for confirmed integers). |
#4
|
|||
|
|||
well, I'm not concerned about any injections threats right now, so let us concentrate on the simple inserting process only
I wonder how can I bring the form template into my custom page without print_output() function of course the inserting is going to be after hitting the submit button, but the submit button & its form won't be shown without fetching its template by calling the print_output() function --------------- Added [DATE]1252135692[/DATE] at [TIME]1252135692[/TIME] --------------- I managed to change this fragment: PHP Code:
PHP Code:
and of course the action of the form is test.php?do=save should not show any template but every time I try to insert data it gives me sql syntax error if you have any idea about how to come over it |
#5
|
||||
|
||||
If you want to show the form after they hit save, then don't put the do==add around that eval statement and put it at the end of the page, after the do==save part.
As for the mysql error, if you don't tell us what it is, we can't help you with it. |
#6
|
|||
|
|||
Well I think of making a template that tells the user that his input has been inserted into the database
so let's say this template has the name test_user_message then after query insert statement I'd put this statement PHP Code:
here is the error message it shows me: Code:
Database error in vBulletin 3.8.4: Invalid SQL: INSERT INTO testtable(testcolumn) VALUES (How could it work); MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'could it work)' at line 1 Error Number : 1064 |
#7
|
||||
|
||||
I think you need quotes around your string that your are inserting.
|
#8
|
|||
|
|||
beautiful, Lynne data has been inserted now
after changing this: PHP Code:
PHP Code:
|
#9
|
||||
|
||||
Again - I'll stress that security should not be an afterthought, you should be applying it while programming. Your script is still vulnerable to SQL injections.
|
#10
|
|||
|
|||
thanks for your care, but did you notice that I used this function:
PHP Code:
PHP Code:
PHP Code:
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|