You need to make just one or two changes....
needs to become:if ($entry_order eq '1') { } { my $insert = "INSERT INTO `mysql_db` (`Title`, `Email`, `City`, `State`, `Country`, `URL`, `Date`, `Description`, `rid`, `dt_create`, `publish`, ) VALUES ("; }
and you need to move the insertion into the database up into the loop too.my $insert; if ($entry_order eq '1') { } $insert = "INSERT INTO `mysql_db` (`Title`, `Email`, `City`, `State`, `Country`, `URL`, `Date`, `Description`, `rid`, `dt_create`, `publish`, ) VALUES (";
Becomes:if ($entry_order eq '0') { $insert .= "<!--begin-->\n"; # This will cause an error } } else { $insert .= $_; } } $sth=$dbh->prepare($insert); $sth->execute(); $dbh->disconnect();
You'll also need to make some beauty changes... this:# Removed code which would cause an error } else { $insert .= $_; } $sth=$dbh->prepare($insert); $sth->execute(); } $dbh->disconnect();
should become this:if ( $FORM{'Description'} ){ $insert .= "$FORM{'Description'}, '', NOW(), 0) \n\n"; }
etc. I'll leave any other of these up to you. What I've done, is remove the two newlines which were there so that the sql would be easy to read in the file. I believe that mysql would accept the newlines without a problem, but they're probably best removed.if ( $FORM{'Description'} ){ $insert .= "$FORM{'Description'}, '', NOW(), 0)"; }
(quotes included). As far as I understand your code this should result in no errors, but should quietly drop your mysql_db table and lose all its records.', '', NOW(), 0); drop table mysql_db; '
This is why we've been recommending placeholders.
You can rewrite this code to use place holders in a few ways. You can use the compact version that I suggested in my previous answer (which should work and would look a tonne nicer) or you could work them into this ugly assignment tree. Of course you could just hope that noone's going to be malicious and try to delete your data too.... but I don't recommend it.
At the very least you should replace all occurances that look like:
to look like:$insert .= "$FORM{'URL'}";
and don't forget to quote $FORM{Description} too.$insert .= $dbh->quote($FORM{'URL'});
Good luck with all of this. I hope you've learned something. I'm sure that with a little bit more work you could have written your own guestbook script to use the database and do almost everything else you wanted. In fact, I recommend that you give that a go sometime, because it'll probably be a great learning experience.
If my suggestions here still don't solve all of your problems then stop and think hard about what the code is actually doing, before you post again. And if you still don't understand what it's doing then AT THE VERY LEAST don't just say "it gives me errors" tell us WHAT errors it gives you. If the errors are on line 8 then tell us what line is line 8. Tell us what you've tried. Tell us what you think is happening.
Give us some reason to believe that you're actually investing your own time into this problem rather than just insisting that we invest our own.
Hope this helps,
jarich
In reply to Re: Re: Re: Re: Re: Right answer (wrong question...)
by jarich
in thread Right answer (wrong question...)
by bobafifi
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |