I’m making a simple program to interact with a database. I have taken a username variable from the user in a file called “connect_database.php” and called it $un. I then try to access that variable in another file where I have to submit the username to a database with a query. Every variable in the query has gone through except the username so I concluded it was due to my use of the include(). Any help?
include ("connect_database.php");
mysql_query("INSERT INTO `my_proj`. `inci` (
`type`, `date`, `time`, `reporter`, `ID`, `desc`)
VALUES ('$typeinc', CURDATE(), CURTIME(), '$un' ,NULL, '$text');"
) or die(mysql_error());
You might want to re-read the documentation on
includeand its brothers. They don’t behave like you’d expect; instead of resolving the include path relative to the current file (the one you’re looking at), they use the current working directory and the include path, which can be anything, depending on the OS, the web server, the PHP configuration files, and anything that has been executed before the include happens. Usingrequireinstead ofinclude, like others have suggested, will not solve your problem, but it will tell you whether the include did infact fail.You can solve your include problem through two means: Either control the current working directory and the include path and apply code discipline to make sure they don’t change; or use absolute includes – the
__FILE__constant combined withdirnamecan be used to emulate the behavior which should have been the default.On side note, the way you concatenate strings into queries is an SQL injection attack waiting to happen. You better step away from the mysql_XXXX() API now and use something that supports parametrized queries (PDO is great, mysqli also works).