Php mysql query works in chrome but not firefox/IE

Question

I am just finishing up my university assignment and it is working perfectly in google chrome, unfortunately when I went to test it in firefox and IE there are a few mysql querys that just aren't working. The one below is for adding a song to a database, it does this in Chrome, but when trying to do the same in firefox/IE the page just refreshes and nothing happens. I've tried searching for the past hour but haven't been able to come up with a solution. Any help would be appreciated.

The form and inputs

if (!$edit) { 
?>    

<form class="inline" method="post" action="dataGridAdmin.php">
<td><input type="text" name="song" size="20"></td>
<td><input type="text" name="artist" size="20"></td>
<td>

<?php 
if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
"<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
"<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
}
?>  

<input type="image" src="add.png" name="addTrack" value="yes"></td>
<td><input type="image" src="search.png" name="searchMusic" value="yes"></td>
</form>

<?php
}
?>  

</table>

The php and mysql

// do we want to add a new track?
if (isset($_POST["addTrack"]) && $_POST["addTrack"]=="yes") {
    $dbQuery="insert into music values (NULL, '".$_POST["song"]."','".$_POST["artist"]."', 'Y')";
    $dbResult=mysql_query($dbQuery);
}

FULL FILE:

<html>
<head>
  <title>Music Database Editor</title>

<link rel="stylesheet" type="text/css" href="style.css" />

</head>

<body>


<?php

include "dbConnect.php";

session_start();
   if (!(isset($_SESSION["currentUser"]))) header ("Location: adminLogin.php");
   $currentUser=$_SESSION["currentUser"];
   $currentUserID=$_SESSION["currentUserID"];

   $dbQuery="select * from users where id='$currentUserID'";
   $dbResult=mysql_query($dbQuery);
   $dbRow=mysql_fetch_array($dbResult);
   $adminPriv=$dbRow["admin"];
   if ($adminPriv=='N') {
    header ("Location: adminLogin.php");
  }

  // print_r($_POST); // this line can be removed after debugging

  // set up page size and current page
  $pageSize=10;
  if (isset($_POST["thisPage"])) $thisPage=$_POST["thisPage"];
  else if (isset($_GET["page"])) $thisPage=$_GET["page"];
  else $thisPage=1;

  // now check for database activity

  // do we want to add a new track?
  if (isset($_POST["addTrack"]) && $_POST["addTrack"]=="yes") {
     $dbQuery="insert into music values (NULL, '".$_POST["song"]."','".$_POST["artist"]."', 'Y')";
     $dbResult=mysql_query($dbQuery);
  }

  // do we want to modify an existing track?
  if (isset($_POST["updateData"]) && $_POST["updateData"]=="yes") {
     $dbQuery="update music set ".
              "song='".$_POST["newSong"]."', ".
              "artist='".$_POST["newArtist"]."' ".
              "where id=".$_POST["id"];
     $dbResult=mysql_query($dbQuery);  
  }

  // do we want to delete a track?
  if (isset($_POST["deleteTrack"]) && $_POST["deleteTrack"]=="yes") {
     $dbQuery="delete from music where id=".$_POST["id"];
     $dbResult=mysql_query($dbQuery);  
  }

  // have we clicked on the edit icon?
  if (isset($_POST["editTrack"]) && $_POST["editTrack"]=="yes") {
      $edit=true;

      $dbQuery="select * from music where id=".$_POST["id"];
      $dbResult=mysql_query($dbQuery);
      $dbRow=mysql_fetch_array($dbResult);

      // set up the values that will appear in the edit form
      $editId=$dbRow["id"];
      $editSong=$dbRow["song"];
      $editArtist=$dbRow["artist"];
  } 
  else $edit=false;

  // how many tracks are in the table?
  if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") 
     $dbQuery="select count(id) from music where song like '%".$_POST["song"]."%' and got='Y'";
  else
     $dbQuery="select count(id) from music where got='Y'";

  $dbResult=mysql_query($dbQuery);
  $dbRow=mysql_fetch_array($dbResult);
  $totalRows=$dbRow[0];
  // adjust $thisPage if we have just deleted the only track on the previous page
  if (($thisPage*$pageSize)-($pageSize-1)>$totalRows) $thisPage--;

  // do we want to search for a track? track name
  if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
     if (isset($_POST["song"]) && $_POST["song"]!="")
         $likeStr="where song like '%".$_POST["song"]."%'";
     if (isset($_POST["artist"]) && $_POST["artist"]!="")        
        $likeStr="where artist like '%".$_POST["artist"]."%'";
     if (isset($_POST["song"]) && $_POST["song"]!="" && isset($_POST["artist"]) && $_POST["artist"]!="")
         $likeStr="where song like '%".$_POST["song"]."%' and artist like '%".$_POST["artist"]."%'";    
  } else $likeStr="";   

  if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {  // are the tracks sorted?
        $dbQuery="select * from music $likeStr " .
                 " order by ".$_POST["sortField"]." ".$_POST["sortDirection"].
                 " limit $pageSize offset " . ($thisPage-1)*$pageSize;
  } else $dbQuery="select * from music $likeStr where got='Y' limit $pageSize offset ".($thisPage-1)*$pageSize;

  $dbResult=mysql_query($dbQuery);
  $numResults=mysql_num_rows($dbResult);



  // which tracks are we currently displaying?
  if ($numResults==0) {
     $first=0; $last=0; 
  } else {   
     $first=(($thisPage-1)*$pageSize)+1;
     if ($thisPage<$totalRows/$pageSize) $last=$first+($pageSize-1); else $last=$totalRows;
  }

  $prevPage=$thisPage-1;
  $nextPage=$thisPage+1;



echo "<hr width='1300'>";
echo "<br>";
  echo "<h3>Music Database Editor</h3>";

    // echo "<p>$dbQuery</p>";
  // display button link to previous page
  if ($thisPage>1) {
     echo "<form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
          "<input type=\"hidden\" name=\"thisPage\" value=\"$prevPage\">";
     if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
        echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
             "<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
             "<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
     }        
     if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
        echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
             "<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">"; 
     }
     echo "<input type=\"image\" src=\"previous.png\" alt=\"Previous page\">".
          "</form> ";
  } else echo "<img src=\"previous.png\"> ";

  echo "Displaying tracks $first-$last of $totalRows ";
  if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") 
     echo "containing '".$_POST["song"]."".$_POST["artist"]."' ";

  // display button link to next page
  if ($thisPage<$totalRows/$pageSize) {
     echo "<form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
          "<input type=\"hidden\" name=\"thisPage\" value=\"$nextPage\">";
     if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
        echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
             "<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
             "<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
     }        
     if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
        echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
             "<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">"; 
     }
     echo "<input type=\"image\" src=\"next.png\" alt=\"Next page\">".
          "</form> ";
  } else echo "<img src=\"next.png\"> ";  

  if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
     echo "<form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">";
     if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
        echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
             "<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
             "<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
     }        
     echo "<input type=\"image\" src=\"showAll.png\" alt=\"Show All\">".
          "</form> ";     
  }   
?>

  <!-- now the current page of tracks -->
  <table cellspacing="5">
  <tr>

 <!-- Sort song name -->
    <th><form class="inline" method="post" action="dataGridAdmin.php">
           <input type="hidden" name="sort" value="yes">
           <input type="hidden" name="sortField" value="song">
           <input type="hidden" name="sortDirection" value="asc">
           <input type="hidden" name="thisPage" value="<?php echo $thisPage; ?>">
<?php
     if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
        echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
             "<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">"; 
     }
?>
           <input type="image" src="sort_ascend.png" alt="Sort A-Z">
        </form>   
       Song
        <form class="inline" method="post" action="dataGridAdmin.php">
           <input type="hidden" name="sort" value="yes">
           <input type="hidden" name="sortField" value="song">
           <input type="hidden" name="sortDirection" value="desc">
           <input type="hidden" name="thisPage" value="<?php echo $thisPage; ?>">
<?php
     if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
        echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
             "<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">"; 
     }
?>
           <input type="image" src="sort_descend.png" alt="Sort Z-A">
        </form></th>

<!-- Sort artist name -->

<th><form class="inline" method="post" action="dataGridAdmin.php">
           <input type="hidden" name="sort" value="yes">
           <input type="hidden" name="sortField" value="artist">
           <input type="hidden" name="sortDirection" value="asc">
           <input type="hidden" name="thisPage" value="<?php echo $thisPage; ?>">
<?php
     if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
        echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
             "<input type=\"hidden\" name=\"artist\" value=\"".$_POST["artist"]."\">"; 
     }
?>
           <input type="image" src="sort_ascend.png" alt="Sort A-Z">
        </form>   
       Artist
        <form class="inline" method="post" action="dataGridAdmin.php">
           <input type="hidden" name="sort" value="yes">
           <input type="hidden" name="sortField" value="artist">
           <input type="hidden" name="sortDirection" value="desc">
           <input type="hidden" name="thisPage" value="<?php echo $thisPage; ?>">
<?php
     if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
        echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
             "<input type=\"hidden\" name=\"artist\" value=\"".$_POST["artist"]."\">"; 
     }
?>
           <input type="image" src="sort_descend.png" alt="Sort Z-A">
        </form></th><th></th><th></th></tr>

<?php
  while ($dbRow=mysql_fetch_array($dbResult)) {

    $id=$dbRow["id"];
    $song=$dbRow["song"];
    $artist=$dbRow["artist"];

    // are we editing a track? If so, display the form
    if ($edit) { 
       if ($id==$_POST["id"]) {
         echo "<tr><form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
              "<input type=\"hidden\" name=\"updateData\" value=\"yes\">".
              "<input type=\"hidden\" name=\"id\" value=\"$editId\">".              
              "<td><input type=\"text\" name=\"newSong\" value=\"$editSong\"></td>".
              "<td><input type=\"text\" name=\"newArtist\" value=\"$editArtist\"></td>".
              "    <input type=\"hidden\" name=\"thisPage\" value=\"$thisPage\">";
         if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
           echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
                "<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
                "<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
         }
         if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
            echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
                 "<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">"; 
         }
         echo "<input type=\"image\" src=\"edit.png\"></td>".
              "<td></td></form></tr>";
       } else {
          echo "<tr><td>$song</td><td>$artist</td><td></td><td></td>";
       }   
    }  
    // not editing, so display the tracks as text
    else {
       echo "<tr><td width='300'>$song</td><td width='300'>$artist</td>";
       echo "<td><form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
            "    <input type=\"hidden\" name=\"editTrack\" value=\"yes\">".
            "    <input type=\"hidden\" name=\"id\" value=\"$id\">".
            "    <input type=\"hidden\" name=\"thisPage\" value=\"$thisPage\">";
       if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
           echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
                "<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
                "<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
       } 
       if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
          echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
               "<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">"; 
       }
       echo "    <input type=\"image\" src=\"edit.png\" alt=\"Edit track\">".
            "    </form></td>".
            "<td><form class=\"inline\" method=\"post\" action=\"dataGridAdmin.php\">".
            "    <input type=\"hidden\" name=\"deleteTrack\" value=\"yes\">".
            "    <input type=\"hidden\" name=\"id\" value=\"$id\">".
            "    <input type=\"hidden\" name=\"thisPage\" value=\"$thisPage\">";
       if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
           echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
                "<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
                "<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
       }   
       if (isset($_POST["searchMusic"]) && $_POST["searchMusic"]=="yes") {
          echo "<input type=\"hidden\" name=\"searchMusic\" value=\"yes\">".
               "<input type=\"hidden\" name=\"song\" value=\"".$_POST["song"]."\">"; 
       }
       echo "    <input type=\"image\" src=\"delete.png\" alt=\"Delete track\">".
            "    </form></td>".
            "</tr>";
    }   
  }

   // only display the "add track" form if we are NOT currently editing
   if (!$edit) { 
?>  

<tr>
  <form class="inline" method="post" action="dataGridAdmin.php">
    <td><input type="text" name="song" size="20"></td>
    <td><input type="text" name="artist" size="20"></td>
    <td>    
<?php 
  if (isset($_POST["sort"]) && $_POST["sort"]=="yes") {
     echo "<input type=\"hidden\" name=\"sort\" value=\"yes\">".
          "<input type=\"hidden\" name=\"sortField\" value=\"".$_POST["sortField"]."\">".
          "<input type=\"hidden\" name=\"sortDirection\" value=\"".$_POST["sortDirection"]."\">";
  }
?>  
        <input type="image" src="add.png" name="addTrack" value="yes"></td>
    <td><input type="image" src="search.png" name="searchMusic" value="yes"></td>
  </form>
</tr>  

<?php
  }
?>  

</table>

<p></br>&nbsp <a href="adminLogin.php">Logout</a>


</body>

</html>

If it helps, this is what it looks like: http://i57.tinypic.com/2hpmzbt.jpg

That is strange. Nothing wrong with this script. Who knows, maybe it's something you left outside? Say, on same page there can be another form.... or, say, there's something messing with the variables? — Oleg Dubas, May 07 '14 at 13:18

score 0 · Answer 1 · edited May 23 '17 at 12:05

0

First off, your insert has absolutely no protection against SQL injection. There's a running joke thanks to XKCD about Bobby Tables you can see that explains the whole problem in detail.

Second, I can't tell where the problem is because you're not showing the code that does the output, just the code that does the submission. Is your PHP block on the same page you're submitting to or a separate page? Are you using a redirect?

edited May 23 '17 at 12:05

Community

1
1

answered May 07 '14 at 13:17

Machavity

30,841
27
92
100

I'll have a look into the sql injection, but this is not intended for any real world application, although I understand it's bad practise. I will update with the output, but there's a lot. It is all on the same page no redirect. – May 07 '14 at 14:18

score 0 · Answer 2 · answered May 07 '14 at 13:19

0

Try upgrading you php and mysql version. As Abhik Chakraborty said PHP Mysql has nothing to do with the browser !! .

answered May 07 '14 at 13:19

Skyyy

1,539
2
23
60

This is ran on a university server and so I don't have access to upgrade the php or mysql – May 07 '14 at 14:19
Try running your project on local server (in your pc) and check if the problem still exists. – Skyyy May 07 '14 at 14:46
ran it on a local server and still the same problems in firefox, still works in chrome.. what a nightmare – May 07 '14 at 15:14
what is the php/mysql version you are using and the versions your university is using? are both the same try using a newer version of it or maybe lower version. Some times it happens with particular version. I think its a bug.. with the version. Or try it on some other machine like mobile or someone else pc.. try everything that's possible. – Skyyy May 07 '14 at 16:35
The university server is running PHP 5.4.4, MySQL 5.5.25a. On my own computer I am running PHP 5.4.24, MySQL 5.6.15. I discovered the error on another machine as it didn't have chrome. Will try going newer on my version, but it's looking fairly hopeless unfortunately. Thanks for your replies. – May 07 '14 at 18:11
There are no errors whatsoever, I added in a check to look for a MySQL error and it doesn't even register back that the query took place, so I'm assuming that the button is just not running the code (although the page still refreshes when it is clicked) – May 07 '14 at 23:34
report about this to php and give them your code... they must have some solution... they can surely help you report it as a bug over here https://bugs.php.net/ .. – Skyyy May 21 '14 at 05:58

score 0 · Answer 3 · answered May 07 '14 at 13:24

The input type 'image' does not support a value field. See: http://www.w3.org/TR/html4/interact/forms.html#h-17.4.1

Instead the value of an 'image' input is the coordinates where the user clicked on the image. Try to check if addTrack.x is set instead:

// do we want to add a new track?
if (isset($_POST["addTrack"]) && isset($_POST["addTrack.x"])) {
    $dbQuery="insert into music values (NULL, '".$_POST["song"]."','".$_POST["artist"]."', 'Y')";
    $dbResult=mysql_query($dbQuery);
}

As other people states you should also read up on SQL injections.

Thank you for your answer, unfortunately it is still doing the same thing. What's weird is I have a delete query that uses an image input and it works :s — , May 07 '14 at 14:15

score 0 · Answer 4 · answered May 07 '14 at 13:33

I see a couple things that could cause issues. First thing, like the guy before me said you have this open for SQL injection, the least you want to do is filter the $_POST data. Also you have no database provided for your query

<?php

     // do we want to add a new track?
     if (isset($_POST["addTrack"]) && $_POST["addTrack"]=="yes") {
       $db_connection = mysqli_connect("myhost","myuser","mypassw","mydb") or die("Error " . mysqli_error($link));  

      //Clean the data and get it ready
       $addTrack=mysqli_real_escape_string(strip_tags($db_connection,$_POST['addTrack']));
       $song=mysqli_real_escape_string($db_connection,strip_tags($_POST['song']));
       $artist=mysqli_real_escape_string($db_connection,strip_tags($_POST['artist']));
       $dbQuery="insert into music (NULL, '$song','$artist', 'Y')";
       $dbResult=mysqli_query($db_connection,$dbQuery);
       if($dbResult){
           //Your query worked!!
       }
     }


?>

thanks for your reply, tried the above but still no success, also the connection to the database is there in the file `include "dbConnect.php";` (sorry for not including in original submission) — , May 07 '14 at 14:19

Php mysql query works in chrome but not firefox/IE

4 Answers4