PHPmyadmin and PHP problems

[Evil Beejeebers]

Hi guys and girls,

I have a project from college which has been surprisingly hard to do despite having all the source code I can't quite get my thing to work as it should. I was wondering if I were to throw you my code if you could point out what I might be missing or what I have misspelled?

the basic gist of it is to have, a user log in area where they can review things and an admin log in area where they can add things.

 

[Mr.WorldWide]

Where is the code atm anyway?

 

[Evil Beejeebers]

Where is the code atm anyway?

The code sir I will put it quotes to make things neater and smaller.

insert form

Spoiler :

<html>
<body bgcolor="#C5E3BF">
<div Align="center"><font size="24" face="arial">Ayrshire Holidays</font></div>
<div Align="center">
<form name ="insert" action="insert_process.php" method="post">
Resort:
<input type="text" name="resort">
<br>
Hotel:
<input type="text" name="hotel">
<br>
length of holiday:
<input type ="text" name="duration">
<br>
Departure Airport:
<input type ="text" name="airport">
<br>
Image:
<input type ="text" name="img">
<br>
<input type="submit" value="Submit">
</form>
</div>
</body>
</html>

insert process

Spoiler :

<?php
//import the database connection file
include("connect.php");

mysql_query("INSERT INTO holiday (resort, hotel, duration, airport,img) VALUES
('".$_POST ['resort']."','".$_POST['hotel']."','".$_POST['duration']."','".$_POST['airport']."','".$_POST['img']."')");

echo "INSERT INTO holiday (resort, hotel, duration, airport,img) VALUES
('".$_POST ['resort']."','".$_POST['hotel']."','".$_POST['duration']."','".$_POST['airport']."','".$_POST['img']."')";


echo "<p> <a href=holiday.php> View database</a>";

//release connection from database
mysql_close($dbconnection);
?>

holiday.php

Spoiler :

<html>
<head><title>Holidays </title></head>
<body>
<?php
//import the database connection file
include("connect.php");
Print "<H1>Holidays</H1!>";

$sql = "SELECT * FROM holiday";
$query = mysql_query ( $sql ) or die (mysql_error());

While ($row = mysql_fetch_array($query))
{
echo "<table width='75%' border='1'>";
echo "<td width =15%>";
echo $row['resort']; //display the Movie name from database
echo "</td>";
echo "<td width 15%>";
echo $row['hotel']; // display the diretors name from da database
echo "</td>";
echo "<td width =15%>";
echo $row['duration']; //display the cash made
echo "</td>";
echo "<td width =15%>";
echo $row['airport']; //display the cash made
echo "</td>";

// check wether an image is availsble for the record chosen
if ( $row['img_name'] )
{
// create a variable which holds the data from the image folder
$imageDir = "images/";
//create a second variable which holds the vaule of the image linked to the record selected
$img = $imageDir . $row['img_name'];
echo "<td width = 15%>";
// display the image
echo "<left><img src='$img'>";
echo "</td></tr>";
}
echo "</table>";
//echo <"br />"; //display a line break
}// end of while loop
//release connection from database
mysql_close($dbconnection);
?>

that is the inserts I found that the airport would not be taken into my database I know the image won't go in with that code but that does not matter.

 

[warpus]

So what is the problem, exactly?

 

[Evil Beejeebers]

AsI said the problem seems to be getting the "airport" to be taken into the database I can't see anything wrong with the code but it seems to still be wrong.

 

[UsrBinSomething]

What are you typing into the airport field? If it has special characters such as $ / ' " etc, you then need to do something like:
$airport = addSlashes($_POST['airport']);

then add the cleaned up input into the database, using curly braces.
INSERT INTO holiday (resort, hotel, duration, airport,img) VALUES
('".$_POST ['resort']."','".$_POST['hotel']."','".$_POST['duration']."',{$airport},'".$_POST['img']."')";

I always clean up the user's input that way, to save on errors and malicious code.