Function Not Working In Sending Inboxes [RESOLVED]

Place for questions and answers for all newcomers and new coders. This is a free for all forum, no question is too stupid and to noob.
Post Reply
User avatar
Epiales
Posts: 1119
Joined: Thu Aug 15, 2013 1:38 am

Function Not Working In Sending Inboxes [RESOLVED]

Post by Epiales »

Okay, I've messed with this all day and can't figure out what is going on. If I use the below code WITHOUT the function and ENT, then it sends the message and puts it into the database and I'm able to recall the messages from the database. But if I use a function with it (any function), it will not put the pid, suject, or message into the database... When I check the database, it only shows the date, randid, and the other fields are blank, thus not allowing the messages to be viewed in the inbox. What's wrong?

Code: Select all

if(isset($_POST['sendmessage'])) {

$message =  protect($_POST["message"], ENT_QUOTES);
$subject = protect($_POST["subject"], ENT_QUOTES);
$sendto = protect($_POST["sendto"], ENT_QUOTES);
$randid = rand(999,9999999);

$sql = "INSERT INTO `messages` (`pid`,`sender`,`message`,`subject`,`randid`) VALUES ('".$sendto."','".$user_username."','".$message."','".$subject."','".$randid."')";
$user_query3 = mysqli_query($db_conx, $sql); 
It doesn't matter if I use my custom function or even use mysql_real_escape_string before it, it won't work. The only thing I"ve been able to use is htmlentities... is that enough?
Last edited by Epiales on Thu Oct 02, 2014 11:29 am, edited 1 time in total.
Nothing fancy, but a work in progress!

http://gameplaytoday.net
User avatar
KyleMassacre
Posts: 573
Joined: Wed Nov 27, 2013 12:42 pm

Re: Function Not Working In Sending Inboxes

Post by KyleMassacre »

I have been taught by people and everywhere else on the web that you should try to keep your data as raw as possible when inserting to the db. Now this is always open to multiple point of views, some may agree and others may not. But what I think 99% of people can agree on is that your html*() functions are best used on your output.
You can do some validations before your input to make sure your data is good to go then sanitize your output.
Sim
Posts: 412
Joined: Sat Dec 26, 2009 5:37 pm

Re: Function Not Working In Sending Inboxes

Post by Sim »

#1: Your form text fields are not named the same as your $_POST['names'] in the php file

#2: Your form text fields are outside your form in your HTML file resulting in it not being sent to the php file at all..

#3: Your database field could not be VARCHAR or BLOG or TEXT or whatever you have it set as. Could be an INT, LONGINT
(not sure if this would convert the first letter of the string to an integer or just leave it blank. I don't think I have ever done this)
I would start with #1 ad #2
oRPG Creator - Make Your Own Browser Game
oRPG Creator on Facebook
User avatar
Epiales
Posts: 1119
Joined: Thu Aug 15, 2013 1:38 am

Re: Function Not Working In Sending Inboxes

Post by Epiales »

Sim wrote:#1: Your form text fields are not named the same as your $_POST['names'] in the php file

#2: Your form text fields are outside your form in your HTML file resulting in it not being sent to the php file at all..

#3: Your database field could not be VARCHAR or BLOG or TEXT or whatever you have it set as. Could be an INT, LONGINT
(not sure if this would convert the first letter of the string to an integer or just leave it blank. I don't think I have ever done this)
I would start with #1 ad #2
Here is all the code for it. As I stated earlier, if I remove the functions then it WILL send to the database, so the text names are working and do match one another. It's working, but not working with function before them. It works with htmlentities, but nothing else, not even the mysql_real_escape_string works wih it. The code below is working, but is the htmlentities enough to help keep it safe?

Code: Select all

<?php

$bypass = 0;

if(isset($_POST['sendmessage'])) {

$message =  htmlentities($_POST["message"], ENT_QUOTES);
$subject = htmlentities($_POST["subject"], ENT_QUOTES);
$sendto = htmlentities($_POST["sendto"], ENT_QUOTES);
$randid = rand(999,9999999);

$sql = "INSERT INTO `messages` (`pid`,`sender`,`message`,`subject`,`randid`) VALUES ('".$sendto."','".$user_username."','".$message."','".$subject."','".$randid."')";
$user_query3 = mysqli_query($db_conx, $sql);

echo "<br /><span id='errormess'><big><b><center><font color='red'>Message Sent Successfully!</font></center></b></big></span><br />";

}

echo "<b>----------------------Send Private Message ---------------------</b>";
echo "<div style='width:402px'>";
echo "<br><form method ='post' action = 'mafiawarskingdom.php?messages=1'>";
echo "Send To:  <input type = 'text' name = 'sendto' size = '25'>";
echo "</div>";    

echo "<div>";
echo "Subject:    <input type = 'text' name = 'subject' size = '25' maxlength='40'><br><br>";
echo "</div>";

echo "<div style='vertical-align: top';>";    
echo "Content:<textarea rows='15' cols='60' maxlength = '600' name = 'message'>";
echo "</textarea><br>";
echo "</div>";

echo "<input type = 'hidden' name = 'sendmessage' value = '1'>";
echo "<center>";
echo "<input type = 'submit' name = 'sendmessage' id = 'sendmessage' value = 'Send Message'>";
echo "</form>";

?>
Nothing fancy, but a work in progress!

http://gameplaytoday.net
Sim
Posts: 412
Joined: Sat Dec 26, 2009 5:37 pm

Re: Function Not Working In Sending Inboxes

Post by Sim »

post your protect function.
oRPG Creator - Make Your Own Browser Game
oRPG Creator on Facebook
User avatar
Epiales
Posts: 1119
Joined: Thu Aug 15, 2013 1:38 am

Re: Function Not Working In Sending Inboxes

Post by Epiales »

Sim wrote:post your protect function.

Code: Select all

<?php

function protect($i) {
    $i = trim($i);
    $i = stripslashes($i);
    $i = htmlentities($i, ENT_COMPAT, 'UTF-8');
    $i = mysql_real_escape_string($i);
    
    return $i;
}
?>
Nothing fancy, but a work in progress!

http://gameplaytoday.net
User avatar
KyleMassacre
Posts: 573
Joined: Wed Nov 27, 2013 12:42 pm

Re: Function Not Working In Sending Inboxes

Post by KyleMassacre »

Epiales wrote:
Sim wrote:post your protect function.

Code: Select all

<?php

function protect($i) {
    $i = trim($i);
    $i = stripslashes($i);
    $i = htmlentities($i, ENT_COMPAT, 'UTF-8');
    $i = mysql_real_escape_string($i);
    
    return $i;
}
?>
mysql_real_escape_string requires parameter 2 to be your connection string. Try adding that and see if it works. I personally don't like this function because of what I said above about the htmlentities which is generally used for output.

You can try something like this:

Code: Select all

<?php

function protect($i,$output=true) {
    global $conn;
    $i = trim($i);
    $i = stripslashes($i);
    if($output == true) {
        $i = htmlentities($i, ENT_COMPAT, 'UTF-8');
    }
    $i = mysqli_real_escape_string($i,$conn);
    
    return $i;
}

echo protect($var);
?>
Last edited by KyleMassacre on Wed Oct 01, 2014 10:34 pm, edited 1 time in total.
User avatar
Epiales
Posts: 1119
Joined: Thu Aug 15, 2013 1:38 am

Re: Function Not Working In Sending Inboxes

Post by Epiales »

Okay, I used it and got this error... BUT

Code: Select all

 Parse error: syntax error, unexpected 'global' (T_GLOBAL), expecting '{' in C:\xampp\htdocs\login2\includes\functions.php on line 46
I added the { and it blocked my send message text boxes so I can't send message lol
Last edited by Epiales on Wed Oct 01, 2014 10:34 pm, edited 1 time in total.
Nothing fancy, but a work in progress!

http://gameplaytoday.net
User avatar
KyleMassacre
Posts: 573
Joined: Wed Nov 27, 2013 12:42 pm

Re: Function Not Working In Sending Inboxes

Post by KyleMassacre »

My bad post updated
User avatar
Epiales
Posts: 1119
Joined: Thu Aug 15, 2013 1:38 am

Re: Function Not Working In Sending Inboxes

Post by Epiales »

KyleMassacre wrote:My bad post updated
Okay, I added u're changes and I get this now:

Code: Select all

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\login2\includes\functions.php on line 48

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\login2\includes\functions.php on line 48

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\login2\includes\functions.php on line 48
Nothing fancy, but a work in progress!

http://gameplaytoday.net
Post Reply

Return to “Beginner Help and Support”