Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>First things first</p> <ul> <li><strong>Your code is vulnerable to SQL injections.</strong><br> A malicious user could easily wipe out your entire table.</li> <li><strong>You should also always use <code>exit;</code> after a header redirect.</strong><br> When you send a <code>header</code>, the page will still keep executing. Besides, it's only a suggestion to the browser. A malicious user could make his browser ignore the header and load the page anyway.</li> <li><strong>You're making a ton of unnecessary queries.</strong><br> After having added a tag to the database, you're getting the tag ID with another query. The tag ID is already in <code>mysql_insert_id()</code>. No need to query the database.<br> If you want to add 10 articles to the database, you're making 10 queries. This is completely unnecessary. See the MySQL manuals on how to do this using one query.</li> <li><strong>You shouldn't even be using <code>mysql_*</code>!</strong><br> It's deprecated and bad style! Go find a tutorial for <code>mysqli</code> or PDO, don't relay on articles from 2008!</li> </ul> <p><strong>Regarding the actual question</strong>, try some debugging yourself. You're not checking if any of your queries succeed. When you perform a query, <code>mysql_query()</code> returns either a resource or <code>FALSE</code> on failure. Check if this is happening, so you can find out where exactly the error is happening.</p> <p>One thing that might be causing this, is your lack of encapsulation. E.g., you need to replace</p> <pre><code>$sql="INSERT INTO eb_articles SET article_flag=".$_POST['sticky'].", ... </code></pre> <p>with</p> <pre><code>$sql="INSERT INTO eb_articles SET article_flag='".$_POST['sticky']."', ... </code></pre> <p>This goes for everywhere, always encapsulate content with <code>'</code>. That should solve the problem at hand, but you application is still very vulnerable.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload