Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

0

mysql id problem

Started by hk_, Jul 17 2007 09:04 PM

You cannot reply to this topic
Go to first unread post

2 replies to this topic

#1 hk_

Young Padawan

Members
52 posts

Gender:Male
Location:lost

Posted 17 July 2007 - 09:04 PM

i have this form

<form method="post" action="singup.php">
<input type="hidden" name="id" value="null" />
User <input type="text" name="user" /><br />
Contact <input type="text" name="mail" /><br />
Password <input type="text" name="pass" /><br />
Retype password<input type="text" name="pass1" /><br />
<input type="submit" name="send" value="Enviar" />
</form>

when i submit it it displays the following

Incorrect integer value: 'null' for column 'id' at row 1

singup.php

<?php

$host= "localhost";
$dbuser = "user";
$dbpass = "pass";
$db = " databse";
$table = "blok";
$id = $_POST['id'];
$user = $_POST['user'];
$mail = $_POST['contact'];
$passwd = $_POST['pass'];
$passwd1= $_POST['pass1];

if($passwd !== $passwd1){
echo('<font color="red">The passwords doesn't match! Try again.</font>');
exit();
}

mysql_connect("$host","$dbuser","$dbpass") or die(mysql_error());
mysql_select_db("$db") or die(mysql_error());

$query = "insert into $table values('$id','$user','$mail','$pass') or die(mysql_error());
mysql_query($query) or die(mysql_error());

mysql_close();

?>

the mysql table

create table members(
id int not null auto_increment,
username varchar(30),
contact varchar(30),
password varchar(100),
primary key (id));

hope u could help me out!
thank by the way

Edited by hk_, 17 July 2007 - 09:12 PM.

Back to top

#2 Demonslay

P2L Jedi

Members
970 posts

Gender:Male
Location:A strange world where water falls out of the sky... for no reason.
Interests:Graphic Design, Coding, Splinter Cell, Cats

Posted 17 July 2007 - 10:30 PM

[quote name='hk_' post='227756' date='Jul 17 2007, 09:04 PM'][quote]<form method="post" action="singup.php">
<input type="hidden" name="[b]id[/b]" value="null" />
User <input type="text" name="user" /><br />
Contact <input type="text" name="mail" /><br />
Password <input type="text" name="pass" /><br />
Retype password<input type="text" name="pass1" /><br />
<input type="submit" name="send" value="Enviar" />
</form>[/quote]

...

[quote]create table members(
id int not null auto_increment,
username varchar(30),
contact varchar(30),
password varchar(100),
primary key (id));[/quote]
[/quote]

You aren't allowed to place the into that column.
You need to place either an integer, or the actual value of NULL, not a string.
In other words, don't rely on a field in the form. Simply change your query to insert NULL (without quotes).

I'm also surprised you haven't gotten a parser error with this...

Also read this article on [url="http://us2.php.net/manual/en/security.database.sql-injection.php"]SQL Injection[/url]. I seriously get sick of telling people this over and over...