0

I have php form submission code to enter data into phpmyadmin. While I try to executed my code, I see my data was inserted into my table. But when I reload my browser (I'm using chrome and mozilla, and I cleared coockies of both chrome and mozilla), I lost my data in my table.

My problem is what is causing my data lost in my table? is there any problem with my code or there is any problem in server?

note: I worked online, not on my local server (XAMPP)

and here is my code:

// Insert
if ($menu=='news' AND $submit=='input'){
$file_loc    = $_FILES['upload']['tmp_name']
$file_type   = $_FILES['upload']['type'];
$file_name   = $_FILES['upload']['name'];
$rand        = rand(1,99);
$unique_file = $rand.$file_name;


// If any image uploaded
if (!empty($file_loc)){
if ($file_type != "image/jpeg" AND $file_type != "image/pjpeg"){
echo "<script>alert('Upload failed. Be sure your image is JPEG
format.');window.history.go(-1);</script>"; 
} else {
mysql_query("INSERT INTO news (title, category_name, news_content, date, time, image) VALUES ('$_POST['title']', '$_POST['category_name']','$_POST['news_content']', '$date', '$time', '$_POST['tag']', '$unique_file')");
    header('location:../../media.php?menu='.$menu);
    }
  }
}

Thanks for any advice and guidance

Marc Delisle
  • 8,879
  • 3
  • 29
  • 29
learn4life
  • 77
  • 1
  • 8
  • 4
    Nobody will be able to help you as long as you don't provide the relevant code – Gerald Schneider Oct 06 '13 at 09:18
  • 5
    You're not "inserting into phpmyadmin"! phpMyAdmin is not your database. MySQL is. phpMyAdmin is only a graphical tool making it easy to see what's in your database. – deceze Oct 06 '13 at 09:25
  • @jomblo paste your code in order to help you. About phpmyadmin, it is just a front end, I mean, this is a tool you for manage your database, my questions is about how you are using the phpmyadmin, remember is just a frontend, and probably you just doing changes on queries, for exmaple just edit result, but it is not been saved on database. But if you are writing an application that is saving something and you see it is being savin on table on myadmin, and when you reload the page that you ceate there is no result, probably you have a reset table line in your code – Carlos Oct 06 '13 at 09:43
  • Updated question. I provided my code. Thanks a alot to @GeraldSchneider and Carlos :) – learn4life Oct 06 '13 at 09:53
  • 1
    Your code is vulnerable to [SQL injections](http://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work). – Guillaume Poussel Oct 06 '13 at 09:53
  • 1
    [The fine manual tells you everything that's wrong with `mysql_query`](http://www.php.net/manual/en/function.mysql-query.php): *Warning This extension is deprecated as of PHP 5.5.0, and will be removed in the future.* – ta.speot.is Oct 06 '13 at 09:55
  • Hi Guillaume Poussel, excuse me to ask you where is that vulnerable located? :) – learn4life Oct 06 '13 at 09:56
  • @jomblo See [this question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Sumurai8 Oct 06 '13 at 09:59
  • Here's the vulnerability explained: http://bobby-tables.com Please learn from `Robert'); DROP TABLE Students;--` – CSᵠ Oct 06 '13 at 09:59
  • To Carlos: After inspected that code, could you tell me what is causing data lost when I reload my browser? I'm sure that before I reload my browser, my data wes entered in the table – learn4life Oct 06 '13 at 10:00

0 Answers0