-1

I have a database running on my server with phpmyadmin but I can't connect with it. Here is an example:

$user_name = "xxxxx";
$password = "xxxxx";
$database = "xxxxx";
$host = "db.xxxx.nl";

$db_handle = mysql_connect($host, $user_name, $password);
$db_found = mysql_select_db($database);

But this doesn't seem to work. If I try to insert some values into a table it still stays empty.

$sql = "INSERT INTO tbl_forum 
        ( 
                    title, 
                    name, 
                    content, 
                    lastname, 
                    post_image 
        ) 
        VALUES 
        ( 
                    '{$_POST['contactsubject']}', 
                    '{$_POST['contactname']}', 
                    '{$_POST['contactmessage']}', 
                    '{$_POST['contactlastname']}', 
                    '{$_FILES["contactBrowse"]["name"]}' 
        )";

Am I doing something wrong?

Isaac Bennetch
  • 10,266
  • 2
  • 27
  • 38
Paktwis Homayun
  • 190
  • 1
  • 16
  • put `or die(mysql_error());` at the end of your queries. what does it tell you? – ʰᵈˑ Oct 01 '14 at 10:42
  • 1
    Further, if you have latest PHP then use mysqli_*. because mysql_* is deprecated now. – Naveed Ramzan Oct 01 '14 at 10:43
  • 1
    did you actually run the query, from the `$sql` string? also `mysql_` is waay out of date. use a more modern tutorial search for prepared statements – andrew Oct 01 '14 at 10:44
  • 3
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Oct 01 '14 at 10:46
  • You have a syntax error on your example. On the last value that you are putting on the database, you should have `$_FILES['contactBrowse']['name']` and you have `$_FILES["contactBrowse"]["name"]` instead. – Ismael Miguel Oct 01 '14 at 10:47
  • If I put or die(mysql_error()); at the end I get: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2). Though I'm hosting my database on a remote server – Paktwis Homayun Oct 01 '14 at 10:47
  • Have you granted Remote MySQL Access to the server running the PHP script? Also, with some of the shared hosting companies, you have to email them and ask them to open the MySQL port (mostly port 3306) for that IP as well. – Tibor B. Oct 01 '14 at 10:50
  • Why is it trying to connect to **local** socket when you entered a **remote** IP in mysql_connect,.... is your host `db.~~~~~.nl` maybe pointing to `localhost` through local hosts file (dns) ? – Daniel W. Oct 01 '14 at 11:23
  • I have no idea what you just said – Paktwis Homayun Oct 01 '14 at 11:28
  • I just tested it on the site which hosts the database and it works fine. So how do I grant acces to this (remote) database from the other site? – Paktwis Homayun Oct 01 '14 at 11:38

2 Answers2

0

I'm going to completely rewrite your code. As you are clearly new to databases within PHP, there is absolutely no reason not to use the new mysqli API.

Your connection should look something like this;

$mysqli = new mysqli($host,$user_name,$password,$database);
if ($mysqli->connect_errno) echo "Failed to connect to MySQL: " . $mysqli->connect_error;

This will create a new database object called $mysqli (or you can call it what you like, such as $db).

You can then prepare your SQL statement and execute it. In the code below, we have 5 parameters that are represented in the SQL as ?, and then we bind the variables to those 5 parameters. The first argument in bind_param tells the API the 5 parameters are 5 strings (hence s x5). For integers, use i;

if($query = $mysqli->prepare("INSERT INTO tbl_forum (title,name,content,lastname,post_image) VALUES (?,?,?,?,?)")) {
    $query->bind_param('sssss',$_POST['contactsubject'],$_POST['contactname'],$_POST['contactmessage'],$_POST['contactlastname'],$_FILES["contactBrowse"]["name"]);
    $query->execute();
}
else {
    echo "Could not prepare SQL: " . $mysqli->error;
}

Assuming all your connection information is correct, this will insert your information into the database as required.

Hope this helps.

worldofjr
  • 3,699
  • 8
  • 32
  • 47
-1

I think the last value '{$_FILES["contactBrowse"]["name"]}' has some problem. Try this and get the sql after preparing(echo $sql;) to debug by your self.

$file_name = $_FILES["contactBrowse"]["name"];
$sql = "INSERT INTO tbl_forum 
    ( 
                title, 
                name, 
                content, 
                lastname, 
                post_image 
    ) 
    VALUES 
    ( 
                '{$_POST['contactsubject']}', 
                '{$_POST['contactname']}', 
                '{$_POST['contactmessage']}', 
                '{$_POST['contactlastname']}', 
                '{$file_name}' 
    )";
sumith
  • 129
  • 5