Where is the mistake in here?

[baris22]

Hello all,

I could not solve this problem. There is a mistake in here but i do not know where.

Please help

{
    $desc = str_replace("[", "\r\n", $_REQUEST['description']);
    $arrayOflinks = explode(";", $_REQUEST['links']);

    // Get Extension of first extry
    $extPos = strrpos($arrayOflinks[0], ".");
    if ($extPos !== false)
    {
        $ext = substr($arrayOflinks[0], $extPos+1);
        $extL = strtolower($ext);
        if (!strcasecmp($extL, "bmp") || !strcasecmp($extL, "jpg") || !strcasecmp($extL, "gif"))
        {
            $imageTag = "<img src='".$arrayOflinks[0]."' border='0'>";
            $arrayOflinks[0]=$imageTag;
        }
    }
    $link = implode("<br>", $arrayOflinks);


    $query = "insert into articles (`id`, `type`, `title`, `description`, `links`) values('0', '".$_REQUEST['type']."','".$_REQUEST['title']."','".$desc."','".$link."')";
    print $query;
    mysql_query($query);
    exit();
}

 

[NewYorkBum]

could you post the error you getting as well ?

 

[baris22]

There is no error. it is just not recording to the database.

If I do like this it works

{ 
    $desc = str_replace("[", "\r\n", $_REQUEST['description']); 
    $link = str_replace(";", "<br>", $_REQUEST['links']);

   
    $query = "insert into articles (`id`, `type`, `title`, `description`, `links`) values('0', '".$_REQUEST['type']."','".$_REQUEST['title']."','".$desc."','".$link."')"; 
    print $query; 
    mysql_query($query); 
    exit(); 
}

 

[silentwind]

Did you use auto-increment and primary key or unique on `id` field? if yes, that would be the problem.
Try using these :

$query = "insert into articles (`type`, `title`, `description`, `links`) values('".$_REQUEST['type']."','".$_REQUEST['title']."','".$desc."','".$link."')";

 

[Matthew.]

edit: Nevermind, re-read OP.

 

[tm]

change

 mysql_query($query);

to

 mysql_query($query) or die(mysql_error());

So we can see the error if there is one.

 

[NetworkTown.Net]

Im sure mysql is case sensitive try changing "insert into" to "INSERT INTO"

 

[Kate]

Im sure mysql is case sensitive try changing "insert into" to "INSERT INTO"

The SQL commands are not case-sensitive

Also the INTO keyword is not needed here, remove it:

$query = "insert articles (`id`, `type`, `title`, `description`, `links`) values('0', '".$_REQUEST['type']."','".$_REQUEST['title']."','".$desc."','".$link."')";

SELECT INTO is used when you want to perform a multiple insert based on another table or query.

Is ID an auto-incremented field or primary key ? If it's an auto-incremented value remove it from your insert statement.

Finally you are performing inserts based on $_REQUEST variables which is dangerous.

1. You need to check the input values, otherwise people can manipulate them and enter anything, including values that will crash your script.
2. You need to check if there are any single quotes (') that need escaping. Have a look at mysql_real_escape_string: http://php.net/mysql_real_escape_string. Again your script could crash if special characters are not properly handled.

My advice would be: at the beginning of your script check the $_REQUEST values and assign them to variables. Then check if they are not empty, have the expected format etc (regular expressions are very helpful for this).

 

[Barrucadu]

Im sure mysql is case sensitive try changing "insert into" to "INSERT INTO"

The case of the commands dosn't matter, its more of a standard to use upper case commands though.

Yes, do as tm said and get the error with mysql_error(); and tell us what it is.

 

[Dan]

    $query = "insert into articles (`id`, `type`, `title`, `description`, `links`) values('0', '".$_REQUEST['type']."','".$_REQUEST['title']."','".$desc."','".$link."')";
    print $query;

Just run the query in phpMyAdmin and it should tell you exactly what the problem is.

 

[DylanButler]

Im sure mysql is case sensitive try changing "insert into" to "INSERT INTO"

Can I put this in my sig?

 

[baris22]

Thanks for help. But the problem is in here. If i do not write this, it works fine but if i write this it does not work.

I do not have a chance to check what is wrong. It is not possible. This page is getting called by a windows application. If the code is wrong , I do not get any error message. If the code is right, it is recording to the database.

Thanks all

$arrayOflinks = explode(";", $_REQUEST['links']); 

    // Get Extension of first extry 
    $extPos = strrpos($arrayOflinks[0], "."); 
    if ($extPos !== false) 
    { 
        $ext = substr($arrayOflinks[0], $extPos+1); 
        $extL = strtolower($ext); 
        if (!strcasecmp($extL, "bmp") || !strcasecmp($extL, "jpg") || !strcasecmp($extL, "gif")) 
        { 
            $imageTag = "<img src='".$arrayOflinks[0]."' border='0'>"; 
            $arrayOflinks[0]=$imageTag; 
        } 
    } 
    $link = implode("<br>", $arrayOflinks);

 

[cef]

try changing this

$link = implode("<br>", $arrayOflinks);

to this

$link = mysql_real_escape_string(implode("<br>", $arrayOflinks));

 

[baris22]

try changing this

$link = implode("<br>", $arrayOflinks);

to this

$link = mysql_real_escape_string(implode("<br>", $arrayOflinks));

Wawwwwww. Thank you very much man. It worked.
I was trying to sort this out for 3 days.

Thanks again.

 

[NetworkTown.Net]

Can I put this in my sig?

Ok i made a mistake no need to take it that far.