Function Not Working In Sending Inboxes [RESOLVED]

Place for questions and answers for all newcomers and new coders. This is a free for all forum, no question is too stupid and to noob.

Function Not Working In Sending Inboxes [RESOLVED]

Postby Epiales » Tue Sep 30, 2014 7:48 pm

Okay, I've messed with this all day and can't figure out what is going on. If I use the below code WITHOUT the function and ENT, then it sends the message and puts it into the database and I'm able to recall the messages from the database. But if I use a function with it (any function), it will not put the pid, suject, or message into the database... When I check the database, it only shows the date, randid, and the other fields are blank, thus not allowing the messages to be viewed in the inbox. What's wrong?
Code: Select all
if(isset($_POST['sendmessage'])) {

$message =  protect($_POST["message"], ENT_QUOTES);
$subject = protect($_POST["subject"], ENT_QUOTES);
$sendto = protect($_POST["sendto"], ENT_QUOTES);
$randid = rand(999,9999999);

$sql = "INSERT INTO `messages` (`pid`,`sender`,`message`,`subject`,`randid`) VALUES ('".$sendto."','".$user_username."','".$message."','".$subject."','".$randid."')";
$user_query3 = mysqli_query($db_conx, $sql); 


It doesn't matter if I use my custom function or even use mysql_real_escape_string before it, it won't work. The only thing I"ve been able to use is htmlentities... is that enough?
Last edited by Epiales on Thu Oct 02, 2014 6:29 am, edited 1 time in total.
Nothing fancy, but a work in progress!

http://gameplaytoday.net
User avatar
Epiales
 
Posts: 1119
Joined: Wed Aug 14, 2013 8:38 pm
Has thanked: 62 times
Been thanked: 6 times

Re: Function Not Working In Sending Inboxes

Postby KyleMassacre » Tue Sep 30, 2014 10:30 pm

I have been taught by people and everywhere else on the web that you should try to keep your data as raw as possible when inserting to the db. Now this is always open to multiple point of views, some may agree and others may not. But what I think 99% of people can agree on is that your html*() functions are best used on your output.
You can do some validations before your input to make sure your data is good to go then sanitize your output.
Skype: KyleMassacre
My NWE Modules
User avatar
KyleMassacre
 
Posts: 572
Joined: Wed Nov 27, 2013 7:42 am
Has thanked: 19 times
Been thanked: 36 times

Re: Function Not Working In Sending Inboxes

Postby Sim » Wed Oct 01, 2014 12:59 am

#1: Your form text fields are not named the same as your $_POST['names'] in the php file

#2: Your form text fields are outside your form in your HTML file resulting in it not being sent to the php file at all..

#3: Your database field could not be VARCHAR or BLOG or TEXT or whatever you have it set as. Could be an INT, LONGINT
(not sure if this would convert the first letter of the string to an integer or just leave it blank. I don't think I have ever done this)
I would start with #1 ad #2
oRPG Creator - Make Your Own Browser Game
oRPG Creator on Facebook
Sim
 
Posts: 412
Joined: Sat Dec 26, 2009 12:37 pm
Location: Baltimore
Has thanked: 39 times
Been thanked: 13 times
Blog: View Blog (1)

Re: Function Not Working In Sending Inboxes

Postby Epiales » Wed Oct 01, 2014 6:21 am

Sim wrote:#1: Your form text fields are not named the same as your $_POST['names'] in the php file

#2: Your form text fields are outside your form in your HTML file resulting in it not being sent to the php file at all..

#3: Your database field could not be VARCHAR or BLOG or TEXT or whatever you have it set as. Could be an INT, LONGINT
(not sure if this would convert the first letter of the string to an integer or just leave it blank. I don't think I have ever done this)
I would start with #1 ad #2


Here is all the code for it. As I stated earlier, if I remove the functions then it WILL send to the database, so the text names are working and do match one another. It's working, but not working with function before them. It works with htmlentities, but nothing else, not even the mysql_real_escape_string works wih it. The code below is working, but is the htmlentities enough to help keep it safe?

Code: Select all
<?php

$bypass 
= 0;

if(isset(
$_POST['sendmessage'])) {

$message =  htmlentities($_POST["message"], ENT_QUOTES);
$subject = htmlentities($_POST["subject"], ENT_QUOTES);
$sendto = htmlentities($_POST["sendto"], ENT_QUOTES);
$randid = rand(999,9999999);

$sql = "INSERT INTO `messages` (`pid`,`sender`,`message`,`subject`,`randid`) VALUES ('".$sendto."','".$user_username."','".$message."','".$subject."','".$randid."')";
$user_query3 = mysqli_query($db_conx, $sql);

echo "<br /><span id='errormess'><big><b><center><font color='red'>Message Sent Successfully!</font></center></b></big></span><br />";

}

echo "<b>----------------------Send Private Message ---------------------</b>";
echo "<div style='width:402px'>";
echo "<br><form method ='post' action = 'mafiawarskingdom.php?messages=1'>";
echo "Send To: &nbsp;<input type = 'text' name = 'sendto' size = '25'>";
echo "</div>";    

echo 
"<div>";
echo "Subject:&nbsp;&nbsp; &nbsp;<input type = 'text' name = 'subject' size = '25' maxlength='40'><br><br>";
echo "</div>";

echo "<div style='vertical-align: top';>";    
echo 
"Content:<textarea rows='15' cols='60' maxlength = '600' name = 'message'>";
echo "</textarea><br>";
echo "</div>";

echo "<input type = 'hidden' name = 'sendmessage' value = '1'>";
echo "<center>";
echo "<input type = 'submit' name = 'sendmessage' id = 'sendmessage' value = 'Send Message'>";
echo "</form>";

?>
Nothing fancy, but a work in progress!

http://gameplaytoday.net
User avatar
Epiales
 
Posts: 1119
Joined: Wed Aug 14, 2013 8:38 pm
Has thanked: 62 times
Been thanked: 6 times

Re: Function Not Working In Sending Inboxes

Postby Sim » Wed Oct 01, 2014 9:50 am

post your protect function.
oRPG Creator - Make Your Own Browser Game
oRPG Creator on Facebook
Sim
 
Posts: 412
Joined: Sat Dec 26, 2009 12:37 pm
Location: Baltimore
Has thanked: 39 times
Been thanked: 13 times
Blog: View Blog (1)

Re: Function Not Working In Sending Inboxes

Postby Epiales » Wed Oct 01, 2014 10:25 am

Sim wrote:post your protect function.


Code: Select all
<?php

function protect($i) {
    
$i trim($i);
    
$i stripslashes($i);
    
$i htmlentities($iENT_COMPAT'UTF-8');
    
$i mysql_real_escape_string($i);
    
    return 
$i;
}
?>
Nothing fancy, but a work in progress!

http://gameplaytoday.net
User avatar
Epiales
 
Posts: 1119
Joined: Wed Aug 14, 2013 8:38 pm
Has thanked: 62 times
Been thanked: 6 times

Re: Function Not Working In Sending Inboxes

Postby KyleMassacre » Wed Oct 01, 2014 5:13 pm

Epiales wrote:
Sim wrote:post your protect function.


Code: Select all
<?php

function protect
($i) {
    $i = trim($i);
    $i = stripslashes($i);
    $i = htmlentities($i, ENT_COMPAT, 'UTF-8');
    $i = mysql_real_escape_string($i);
    
    return $i
;
}
?>

mysql_real_escape_string requires parameter 2 to be your connection string. Try adding that and see if it works. I personally don't like this function because of what I said above about the htmlentities which is generally used for output.

You can try something like this:
Code: Select all
<?php

function protect($i,$output=true) {
    global $conn;
    $i = trim($i);
    $i = stripslashes($i);
    if($output == true) {
        $i = htmlentities($i, ENT_COMPAT, 'UTF-8');
    }
    $i = mysqli_real_escape_string($i,$conn);
   
    return $i;
}

echo protect($var);
?>
Last edited by KyleMassacre on Wed Oct 01, 2014 5:34 pm, edited 1 time in total.
Skype: KyleMassacre
My NWE Modules
User avatar
KyleMassacre
 
Posts: 572
Joined: Wed Nov 27, 2013 7:42 am
Has thanked: 19 times
Been thanked: 36 times

Re: Function Not Working In Sending Inboxes

Postby Epiales » Wed Oct 01, 2014 5:32 pm

Okay, I used it and got this error... BUT

Code: Select all
 Parse error: syntax error, unexpected 'global' (T_GLOBAL), expecting '{' in C:\xampp\htdocs\login2\includes\functions.php on line 46


I added the { and it blocked my send message text boxes so I can't send message lol
Last edited by Epiales on Wed Oct 01, 2014 5:34 pm, edited 1 time in total.
Nothing fancy, but a work in progress!

http://gameplaytoday.net
User avatar
Epiales
 
Posts: 1119
Joined: Wed Aug 14, 2013 8:38 pm
Has thanked: 62 times
Been thanked: 6 times

Re: Function Not Working In Sending Inboxes

Postby KyleMassacre » Wed Oct 01, 2014 5:33 pm

My bad post updated
Skype: KyleMassacre
My NWE Modules
User avatar
KyleMassacre
 
Posts: 572
Joined: Wed Nov 27, 2013 7:42 am
Has thanked: 19 times
Been thanked: 36 times

Re: Function Not Working In Sending Inboxes

Postby Epiales » Wed Oct 01, 2014 5:36 pm

KyleMassacre wrote:My bad post updated


Okay, I added u're changes and I get this now:

Code: Select all
Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\login2\includes\functions.php on line 48

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\login2\includes\functions.php on line 48

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\login2\includes\functions.php on line 48
Nothing fancy, but a work in progress!

http://gameplaytoday.net
User avatar
Epiales
 
Posts: 1119
Joined: Wed Aug 14, 2013 8:38 pm
Has thanked: 62 times
Been thanked: 6 times

Next

Return to Beginner Help and Support

Who is online

Users browsing this forum: No registered users and 1 guest

x