Umm, using mysqli_connect
, only once in the code:
You are right. If you remove that code, it will not work. @jaikrishna.t, where else it is connecting to the database?
The error actually lies on these two sections:
$mysqli=mysqli_connect('sql308.epizy.com','epiz_31263592','*****','epiz_31263592_listecourse');//'serveur','nom d'utilisateur','pass','nom de la table'
if(!$mysqli) {
die("Erreur connection BDD: " . mysqli_connect_error());
//Dans ce script, je pars du principe que les erreurs ne sont pas affichées sur le site, vous pouvez donc voir qu'elle erreur est survenue avec mysqli_error(), pour cela décommentez la ligne suivante:
//echo "<br>Erreur retournée: ".mysqli_error($mysqli);
exit(0);
}
$connection = connect_to_mysqli($mysqlserverhost, $username_mysql, $password_mysql, $database_name);
$firstfield = mysqli_real_escape_string($connection, sanitize($_POST["firstfield"]));
$secondfield = mysqli_real_escape_string($connection, sanitize($_POST["secondfield"]));
$thirdfield = mysqli_real_escape_string($connection, sanitize($_POST["thirdfield"]));
$fourthfield = mysqli_real_escape_string($connection, sanitize($_POST["fourthfield"]));
$sql = "INSERT INTO table_form (dbfield1, dbfield2, dbfield3, dbfield4) VALUES ('$firstfield', '$secondfield', '$thirdfield', '$fourthfield')";
if (mysqli_query($connection, $sql)) {
The first time, you store the connection as $mysqli. Then later, you connect again (This one fails, as those variables do not exist), and try to insert into the database using that second statement (the failing one).
I am not on a desktop, so I cannot test this, but try removing the top line of the second snippet (the one that begins with $connection), and change the last line of the second snippet to read the following:
if (mysqli_query($mysqli, $sql)) {
<?php
/*************************
* Page: espace-membre.php
* Page encodée en UTF-8
**************************/
$mysqli=mysqli_connect('sql308.epizy.com','epiz_31263592','REMOVED','epiz_31263592_listecourse');//'serveur','nom d'utilisateur','pass','nom de la table'
if(!$mysqli) {
die("Erreur connection BDD: " . mysqli_connect_error());
//Dans ce script, je pars du principe que les erreurs ne sont pas affichées sur le site, vous pouvez donc voir qu'elle erreur est survenue avec mysqli_error(), pour cela décommentez la ligne suivante:
echo "<br>Erreur retournée: ".mysqli_error($mysqli);
exit(0);
}
// ------------------------- Do not modify code under this field -------------------------- //
if(isset($_POST["processform"])){
$firstfield = mysqli_real_escape_string($connect, sanitize($_POST["firstfield"]));
$secondfield = mysqli_real_escape_string($connect, sanitize($_POST["secondfield"]));
$thirdfield = mysqli_real_escape_string($connect, sanitize($_POST["thirdfield"]));
$fourthfield = mysqli_real_escape_string($connect, sanitize($_POST["fourthfield"]));
$sql = "INSERT INTO table_form (dbfield1, dbfield2, dbfield3, dbfield4) VALUES ('$firstfield', '$secondfield', '$thirdfield', '$fourthfield')";
if (mysqli_query($mysqli, $sql)) {
echo "<h2><font color=blue>New record added to database.</font></h2>";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($connect);
}
mysqli_close($connect);
}
?>
I have a 500 error again i don’t understand why
Because $connect
doesn’t exist, replace it with $mysqli
or rename $mysqli
with $connect
, anything which suits you.
Ok, I missed something else (Sorry, this time change thing has left me tired and confused). Replace every instance of $connect
in your code with $mysqli
.
Also, replace <form action="contact.php" method="post" name="Form" onsubmit="return validateForm()" id="form">
with <form action="" method="post" name="Form" onsubmit="return validateForm()" id="form">
<?php include('menu.php'); ?>
<?php
/*************************
* Page: espace-membre.php
* Page encodée en UTF-8
**************************/
$mysqli=mysqli_connect('sql308.epizy.com','epiz_31263592','***','epiz_31263592_listecourse');//'serveur','nom d'utilisateur','pass','nom de la table'
if(!$mysqli) {
die("Erreur connection BDD: " . mysqli_connect_error());
//Dans ce script, je pars du principe que les erreurs ne sont pas affichées sur le site, vous pouvez donc voir qu'elle erreur est survenue avec mysqli_error(), pour cela décommentez la ligne suivante:
echo "<br>Erreur retournée: ".mysqli_error($mysqli);
exit(0);
}
// ------------------------- Do not modify code under this field -------------------------- //
if(isset($_POST["processform"])){
$firstfield = mysqli_real_escape_string($mysqli, sanitize($_POST["firstfield"]));
$secondfield = mysqli_real_escape_string($mysqli, sanitize($_POST["secondfield"]));
$thirdfield = mysqli_real_escape_string($mysqli, sanitize($_POST["thirdfield"]));
$fourthfield = mysqli_real_escape_string($mysqli, sanitize($_POST["fourthfield"]));
$sql = "INSERT INTO table_form (dbfield1, dbfield2, dbfield3, dbfield4) VALUES ('$firstfield', '$secondfield', '$thirdfield', '$fourthfield')";
if (mysqli_query($mysqli, $sql)) {
echo "<h2><font color=blue>New record added to database.</font></h2>";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($mysqli);
}
mysqli_close($mysqli);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
p{
text-align: right;
}
#box{
width:955px;
margin:20px auto;
padding-top:20px;
font-family: serif;
}
#form{
border-radius:2px;
padding:20px 30px;
box-shadow:0 0 15px;
font-size:14px;
font-weight:bold;
width:350px;
margin:20px 250px 0 35px;
float:left;
}
h3{
text-align:center;
font-size:20px;
}
input{
width:100%;
height:35px;
margin-top:5px;
margin-bottom: 20px;
border:1px solid #999;
border-radius:3px;
padding:5px;
}
input[type=submit]{
background-color:#ca1e1e;
border:1px solid white;
font-family: serif;
font-Weight:bold;
font-size:18px;
color:white;
}
textarea{
width:100%;
height:80px;
margin-top:5px;
border-radius:3px;
padding:5px;
}
span{
color:red
}
.successMessage{
background-color: #7acc7d;
border: #2b5a2d 1px solid;
padding: 5px 9px;
color: #262b26;
border-radius: 4px;
cursor: pointer;
font-size: 0.9em;
}
.errorMessage{
background-color: #e64141;
border: #da1414 1px solid;
padding: 5px 10px;
color: #fdf7f7;
border-radius: 4px;
}
.info{
font-size: 0.9em;
color: #d67262;
letter-spacing: 2px;
padding-left: 5px;
}
</style>
<script type="text/javascript">
function validateForm() {
var a = document.forms["Form"]["firstfield"].value;
var b = document.forms["Form"]["secondfield"].value;
var c = document.forms["Form"]["thirdfield"].value;
var d = document.forms["Form"]["fourthfield"].value;
if (a == null || a == "", b == null || b == "", c == null || c == "", d == null || d == "") {
alert("Please Fill All Required Field");
return false;
}
}
</script>
</head>
<body>
<div id="box">
<form action="" method="post" name="Form" onsubmit="return validateForm()" id="form"><p>* Champs Requis.</p>
<input type="hidden" name="processform" value="1">
<label for="field">* Nom:</label>
<input type="text" id="field1" name="firstfield" placeholder="Value...">
<label for="field">* Numéro de téléphone:</label>
<input type="text" id="field2" name="secondfield" placeholder="Value...">
<label for="field">* Adresse:</label>
<input type="text" id="field3" name="thirdfield" placeholder="Value...">
<label for="field">* Votre liste de course:</label>
<textarea id="field4" name="fourthfield" placeholder="Value..."></textarea>
<input type="submit" value="Submit">
</form>
</ul>
</body>
</html>
same problem…
Ok, I will test it for you, give me a seccond.
Thanks very much
For some reason, the following lines were causing the problem.
Replacing
mysqli_real_escape_string($mysqli, sanitize())
with
htmlspecialchars()
did the trick.
You can find the working code at: https://aurele-et-hugo-font-vos-courses.great-site.net/contact_testing.php
oh thank very much thank thank thanks. you are the best
Looking at the code, I can’t find any function sanitize
in the official docs. So either it’s a custom function that’s not working or missing entirely.
But if you are going to be escaping variables, I strongly recommend to use escape functions suitable for the use case. So if you are using MySQLi and need to sanitize data, you should use mysqli_real_escape_string
. htmlspecialchars
is for safely encoding HTML, not database queries, and it’s possible that using it instead of mysqli_real_escape_string
still leaves you vulnerable to SQL injection.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.