This was reposted from dba.stackexchange.
Sorry for such an amateur question, but I have no idea why this does not work. I have a "add.php" to connect to the MySQL server.
/add.php
<?php
include("connect.php");
$link=Connection();
$ID1=$_POST["ID1"];
$ID2=$_POST["ID2"];
$ID3=$_POST["ID3"];
$ID4=$_POST["ID4"];
$ID5=$_POST["ID5"];
$query = "INSERT INTO Battery (ID01, ID02, ID03, ID04, ID05)
VALUES ('".$ID1."','".$ID2.",'".$ID3.",'".$ID4."','".$ID5."')";
mysql_query($query,$link);
mysql_close($link);
header("Location: index.php");
?>
connect.php
<?php
function Connection(){
$server="mysql.randomserver.com";
$user="random";
$pass="1234";
$db="random_1234";
$connection = mysql_connect($server, $user, $pass);
if (!$connection) {
die('MySQL ERROR: ' . mysql_error());
}
mysql_select_db($db) or die( 'MySQL ERROR: '. mysql_error() );
return $connection;
}
?>
I use a simple HTTP 1.1 protocol:
GET /add.php?ID1=1int&ID2=2char&ID3=3char&ID4=4int&ID5=2015-04-13 01:00:00 HTTP/1.1 myhost Content-Type: application/x-www-form-urlencoded Connection:close
where ID1,ID4 is int; ID2, ID3 char; ID5 Datetime (SQL)
The host throw me this error:
+IPD,168:<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>hosting</center>
</body>
</html>
If anyone have any idea for me to try out, I would be grateful! I'm really clueless...
Fixed: (moskito-x) '".$ID3.", to '".$ID3."',
Ok, I tried this and it works on my Main page: Index.php (just copy the whole /add.php code into /index.php)
$query= "INSERT INTO Battery (ID01,ID02,ID03,ID04,ID05)
VALUES ('1int','2char','3char','4int','2015-04-22 17:20:28')";
$result = mysqli_query($link, $query)
But if I replace it into the add.php, no row is inserted.
I changed add.php as other have suggested:
add.php
<?php
$link=Connection();
$server="mysql.myhost.com";
$user="randomUser";
$pass="randomPwd";
$db="radomdb";
$link=mysqli_connect($server, $user, $pass, $db);
$query = "INSERT INTO Battery (ID01,ID02,ID03,ID04,ID05)
VALUES ('1int','2char','3char','4int','2015-04-22 17:20:28')";
mysqli_query($link, $query)
mysqli_close($link);
header("Location: index.php");
?>
Important part $link=Connection();
Connection();http GET so $ID1=$_POST["ID1"]; is wrong to.'".$ID1."','".$ID2.",'".$ID3.",'".$ID4."','".$ID5."')";
// | |
// |_________|____ here forget '
$query = "INSERT INTO Battery (ID01, ID02, ID03, ID04, ID05)
VALUES ('".$ID1."','".$ID2."','".$ID3."','".$ID4."','".$ID5."')";
EDIT
Now we can see in your Edited question
where ID1,ID4 is int; ID2, ID3 char; ID5 TimeStamp
Query should be (assume TimeStamp ="20150421225300") string format.
$query = "INSERT INTO Battery (ID01, ID02, ID03, ID04, ID05)
VALUES (".$ID1.",'".$ID2."','".$ID3."',".$ID4.",'".$ID5."')";
Your http request as you shown in your post (_ stands for an empty line) :
GET /add.php?ID1=1int&ID2=2char&ID3=3char&ID4=4int&ID5=2015-04-13 01:00:00 HTTP/1.1
myhost
Content-Type: application/x-www-form-urlencoded
Connection:close
_
_
_
It is indeed a bad request because (a) you have unescaped white space characters in the URI and (b) the second line reads just myhost when you probably meant Host: myhost (c) you have extra (not likely to cause troubles though), so something like that:
POST /add.php?ID1=1int&ID2=2char&ID3=3char&ID4=4int&ID5=2015-04-13+01:00:00 HTTP/1.1
Host: myhost
Content-Type: application/x-www-form-urlencoded
Connection:close
_
_
And of course what other said about SQL injections applies.