vicdesigns

Hi Barand, Thank you for that. I think you are rigjht. It isn't something I am familiar with but I have given it a shot from what I could find on google. Here is the modified connection.php file. When the form is submitted now it blanks the form and sets all the variables in the actual URL. <?php // Start the session @session_start(); require_once('config.php'); // Protect against MySQL Injection function ExtendedAddslash(&$params) { foreach ($params as &$var) { // check if $var is an array. If yes, it will start another ExtendedAddslash() function to loop to each key inside. is_array($var) ? ExtendedAddslash($var) : $var=addslashes($var); unset($var); } } // Initialize ExtendedAddslash() function for every $_POST variable $id = $_POST['id']; $site_name = $_POST['site_name']; $site_slogan = $_POST['site_slogan']; $admin_email = $_POST['admin_email']; $site_offline = $_POST['site_offline']; $facebook = $_POST['facebook']; $twitter = $_POST['twitter']; $tos = $_POST['tos']; // Setup connection $database_connection = @mysql_connect(DATABASE_HOST, DATABASE_USERNAME, DATABASE_PASSWORD) or die(((SITE_MODE == "development") ? mysql_error() : "An error occured! Please check database connection parameters!")); @mysql_select_db(DATABASE_NAME, $database_connection) or die(((SITE_MODE == "development") ? mysql_error() : "An error occured! Please check your database exists!")); // Retrieve all the data from the "example" table $query = "SELECT * FROM `settings` WHERE `id` = '$id'"; $sqlsearch = mysql_query($query); $resultcount = mysql_numrows($sqlsearch); if ($resultcount > 0) { mysql_query("UPDATE `settings` SET `site_name` = '$site_name', `site_slogan` = '$site_slogan', `admin_email` = '$admin_email', `site_offline` = '$site_offline', `facebook` = '$facebook', `twitter` = '$twitter', `tos` = '$tos' WHERE `id` = '$id'") or die(mysql_error()); } ?> Any guidance is appreciated. Cheers.

Nah that's not it. The settings.php is where the form is located. The connection.php is where the form data is processed through. That file is called in settings.php via require_once() etc. I have also moved the code from connection.php to settings.php to see if it will load from there and same results. Regarding the vulnerabilities, thanks for that. Yep, these will be done. Just developing at this time.

Sure. connection.php as follows: <?php // Start the session @session_start(); require_once('config.php'); // Setup connection $database_connection = @mysql_connect(DATABASE_HOST, DATABASE_USERNAME, DATABASE_PASSWORD) or die(((SITE_MODE == "development") ? mysql_error() : "An error occured! Please check database connection parameters!")); @mysql_select_db(DATABASE_NAME, $database_connection) or die(((SITE_MODE == "development") ? mysql_error() : "An error occured! Please check your database exists!")); // Update Database Tables $result = mysql_query("UPDATE `dev_cms`.`settings` SET `site_name` = '$site_name', `site_slogan` = '$site_slogan', `admin_email` = '$admin_email', `facebook` = '$facebook', `twitter` = '$twitter', `tos` = '$tos' WHERE `settings`.`id` =1;"); // Retrieve all the data from the "example" table $result = mysql_query("SELECT * FROM settings") or die(mysql_error()); // store the record of the settings table into $row $row = mysql_fetch_array( $result ); ?> Thanks.

Hi guys, Been a while since I posted on the forums (if at all). Have an issue that's been biting me for about two days. It's probably staring me in the face though. I can display data from MySQL with PHP on the page just fine. However, updating the database via a form is just not happening. The form just reverts to display the data that was manually entered into the database or the database table is emptied upon submit. Here is the PHP being used to retrieve and update: // Update Database Tables $result = mysql_query("UPDATE `dev_cms`.`settings` SET `site_name` = '$site_name', `site_slogan` = '$site_slogan', `admin_email` = '$admin_email', `facebook` = '$facebook', `twitter` = '$twitter', `tos` = '$tos' WHERE `settings`.`id` =1;"); // Retrieve all the data from the "example" table $result = mysql_query("SELECT * FROM settings") or die(mysql_error()); // store the record of the settings table into $row $row = mysql_fetch_array( $result ); The form: <form action="settings.php" method="post"> <table class="listing form" cellpadding="0" cellspacing="0"> <tr> <th class="full" colspan="2">General Settings</th> </tr> <tr> <td width="172"><strong>Site Name</strong></td> <td><input type="text" name="site_name" class="text" value="<?php echo $row['site_name']; ?>"/> <i>Your website Name</i></td> </tr> <tr> <td><strong>Site Slogan</strong></td> <td><input type="text" name="site_slogan" class="text" value="<?php echo $row['site_slogan']; ?>"/> <i>A catchy slogan</i></td> </tr> <tr> <td><strong>Admin Email</strong></td> <td><input type="text" name="admin_email" class="text" value="<?php echo $row['admin_email']; ?>"/> <i>For outgoing email</i></td> </tr> <tr> <td><strong>Facebook Page</strong></td> <td><input type="text" name="facebook" class="text" value="<?php echo $row['facebook']; ?>"/> <i>Your Facebook address</i></td> </tr> <tr> <td><strong>Twitter ID</strong></td> <td><input type="text" name="twitter" class="text" value="<?php echo $row['twitter']; ?>"/> <i>Your Twitter ID</i></td> </tr> <tr> <td><strong>Terms of Service</strong></td> <td><textarea name="tos" border="0" cols="45" rows="5"><?php echo $row['tos']; ?> </textarea><i>Terms and Conditions</i></td> </tr> <tr> <td> <label> <input type="submit" name="Submit" value="Save" /> </label></td> </tr> </table> </form> If anyone could please, without too much Jargon, have a look and point me in the right direction I would greatly appreciate it. Thanks in advance.

I am still at a complete loss with this. There are two major issues: 1. The form will not display what's in the database 2. The form will not update the database Here is the code: <?php include_once'../includes/english.php'; include_once'../includes/config.php'; // Set the Variables as Defined $site_title = isset($_POST['site_title']) ? $_POST['site_title'] : ''; $site_slogan = isset($_POST['site_slogan']) ? $_POST['site_slogan'] : ''; $footer_text = isset($_POST['footer_text']) ? $_POST['footer_text'] : ''; $keywords = isset($_POST['keywords']) ? $_POST['keywords'] : ''; $email = isset($_POST['email']) ? $_POST['email'] : ''; $first_name = isset($_POST['first_name']) ? $_POST['first_name'] : ''; $last_name = isset($_POST['last_name']) ? $_POST['last_name'] : ''; $con = mysql_connect($dbhost, $dbuser, $dbpass); if (!$con) { die('Could not connect: ' . mysql_error()); } $db = mysql_select_db($dbname, $con); // Get all the data from the tables $qry = "SELECT site_title, site_slogan, footer_text FROM settings"; $qry = "UPDATE settings SET site_slogan = '$site_slogan' WHERE site_title = '$site_title'"; if (!mysql_query($qry,$con)) { die('Error: ' . mysql_error()); } ?> And the form: <p> <form method="post" action=""> <table width="90%" border="0" cellspacing="0" cellpadding="0"> <tr> <td class="label">Site Name:</td> <td><input class="conf-input" name="site_title" id="site_title" type="text" size="35" value="<?php echo isset($_POST['site_title']) ? $_POST['site_title'] : ''; ?>"></td> </tr> <tr> <td class="label">Site Slogan:</td> <td><input class="conf-input" name="site_slogan" id="site_slogan" type="text" size="35" value="<?php echo isset($_POST['site_slogan']) ? $_POST['site_slogan'] : ''; ?>"></td> </tr> <tr> <td class="label">Footer Text:</td> <td><textarea class="conf-input" name="footer_text" id="footer_text" rows="5" cols="50"><?php echo isset($_POST['footer_text']) ? $_POST['footer_text'] : ''; ?></textarea> </td> </tr> <tr> <td><input name="submit" id="submit" type="submit" value="Save"></td> </tr> </table> </form></p> EdwinPaul has been excellent and very patient. But, he said himself that the way I had it was a mess, which I agree. I since then ripped all the php out and re-added it using EdwinPaul's suggestions etc, and following tutorials. I am unable to figure out why the two issues are being caused. It has me baffled. Any help on this is greatly appreciated.

You can just put a blank index.html file in there which will stop the files from being viewed in public.

If you can help I will definitely give you a mention in the script comments. I won't post it all here, but if you inbox me your email I will zip it off to you.

Thank you. Your help is really appreciated. At least you are explaining what changes need to be made, which is helping me understand what each thing is about. But I need to upset you because that didn't work either. Still the same. *runs and hides.

Thank you mate, you are a Gem. However, it is still not working. I think there is something with the form, as I now see, after clearing browser cache etc, the form is not staying updated. All the fields go back blank. Will still fire away with it.

Howdy. Have those issues sorted now. $site_title = isSet($_REQUEST['site_title']) ? $_REQUEST['site_title'] : ''; $site_slogan = isSet($_REQUEST['site_slogan']) ? $_REQUEST['site_slogan'] : ''; $footer_text = isSet($_REQUEST['footer_text']) ? $_REQUEST['footer_text'] : ''; $keywords = isSet($_REQUEST['keywords']) ? $_REQUEST['keywords'] : ''; $email = isSet($_REQUEST['email']) ? $_REQUEST['email'] : ''; $first_name = isSet($_REQUEST['first_name']) ? $_REQUEST['first_name'] : ''; $last_name = isSet($_REQUEST['last_name']) ? $_REQUEST['last_name'] : ''; $con = mysql_connect($dbhost, $dbuser, $dbpass); if (!$con) { die('Could not connect: ' . mysql_error()); } $db = mysql_select_db($dbname, $con); $query = "UPDATE settings SET site_slogan = '$site_slogan' WHERE site_title = 'site_title'"; if (!mysql_query($query,$con)) { die('Error: ' . mysql_error()); } The form: <form name="config" method="POST" action=""> <table width="90%" border="0" cellspacing="0" cellpadding="0"> <tr> <td class="label">Site Name:</td> <td><input class="conf-input" name="site_title" id="site_title" type="text" size="35" value="<?php echo $site_title; ?>"></td> </tr> <tr> <td class="label">Site Slogan:</td> <td><input class="conf-input" name="site_slogan" type="text" size="35" value="<?php echo $site_slogan; ?>"></td> </tr> <tr> <td class="label">Site Keywords:</td> <td><input class="conf-input" name="keywords" type="text" size="35" value="<?php echo $keywords; ?>"></td> </tr> <tr> <td class="label">Your First Name:</td> <td><input class="conf-input" name="first_name" id="first_name" type="text" size="35" value="<?php echo $first_name; ?>"></td> <tr> <td class="label">Your Last Name:</td> <td><input class="conf-input" name="last_name" id="last_name" type="text" size="35" value="<?php echo $last_name; ?>"></td> <tr> <td class="label">Your Email:</td> <td><input class="conf-input" name="email" id="email" type="text" size="35" value="<?php echo $email; ?>"></td> </tr> <tr> <td class="label">Footer Text:</td> <td><textarea class="conf-input" name="footer_text" rows="5" cols="50"><?php echo $footer_text; ?></textarea> </td> </tr> <tr> <td><input type="submit" value="Save"></td> </tr> </table> </form></p> The form updates fine and the variables are kept in the form fields. Only issue is, it is not updating the database. I will keep hammering at it, but if anyone can see where I am screwing up, that would be great.

Hi guys, Okay, this is what I am trying to do. I want to submit a form that will update a table's columns in MySQL with new changes. So, if someone changes the Site Name, it will update the row site_name with the new data. To display the site name on the front end, I am using the following: <?php echo $row['site_name']; ?> Here is what I have in order to try and update the database: $con = mysql_connect($dbhost, $dbuser, $dbpass); if (!$con) { die('Could not connect: ' . mysql_error()); } $db = mysql_select_db($dbname, $con); $SQL = "UPDATE settings SET site_title = '$site_title' WHERE email = '$email'"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } When the form is submitted I now get "Error: Query was empty" along with the following: I am at a complete loss here as I am unable to understand what it means by "Undefined Variable". I am just learning. Any guidance would be grateful.

I have these set in the database tables already and displaying them on the site with, for example: <?php echo $row['site_title']; ?> Now, I am guessing I am doing everything butt ways. But, I really need to get these working. Errs: Any help in the right direction, without too much jargon is greatly appreciated.

I tried with the following but it didn't work either: $SQL = "UPDATE settings SET site_title = '$site_title' WHERE email = '$email'"; Gave the same errors.

Howdy. I am trying to update Database Tables from a form. Obviously doesn't work. I have tried to follow a few tuts on the web but alas, nothing. Here is what the tuts suggested: <?php $SQL = "UPDATE settings SET email = '$email'; SET site_title = '$site_title'"; ?> All I want to do for now is update the settings table as above. But nothing I try works. I keep getting errors saying that email and site_title are undefined. Yet, they work fine as these values are displayed on the site from the database. Any ideas?

If I put them in separate queries, the php does not execute on the page.

Cheers. Basically, there are currently 3 tables in the one database, and more to be added as soon as I can get it working. Users - To display and store user data, such as username, email, password etc Posts - To store and display a post on the frontend Settings - Just basic site settings such as Site Name, Slogan etc. I am pretty new to MySQL/PHP etc so........ :-\ Yeah.

Very strange. The page is blank and all that's in the source is: </html>

Howdy. I have the following, where I want to display data from posts and settings on the same php page. // Get the data $result = mysql_query ("SELECT * FROM posts, settings"); The above seems to work fine. However, if I add the users table as below, it turns the site into a blank white page: // Get the data $result = mysql_query ("SELECT * FROM posts, settings, users"); Can anyone shed some light on this?

Thanks mate.

This one is pretty weird. I hope someone here can shed some light on it because it has me completely baffled. Basically, I want to give the admin the option to disable or enable a footer link. Here is the parameter: $params["show_footer"] = isset($_POST['show_footer']) ? prepare_input($_POST['show_footer']) : $objSettings->GetParameter("show_footer"); The settings code: <tr> <td align="left" width="150px">'._SHOW_FOOTER.':</td> <td align="left" colspan="2"> <select name="show_footer"> <option '.(($params["show_footer"] == "1") ? "selected" : "").' value="1">'._YES.'</option> <option '.(($params["show_footer"] == "0") ? "selected" : "").' value="0">'._NO.'</option> </select> </td> </tr> And, the code to either disable or enable the footer text: if($objSettings->GetParameter("show_footer") != "1"){ echo '<br><br><font color="#FFFFFF">Footer Text Here.';} else { echo '<br><br>';};?> What has me stumped is, in the admin settings, if I select Yes (to allow the footer to be displayed) the footer is disabled. If I select No, it is enabled. I can't for the life of me figure it out. Any help is greatly appreciated.

Silly me. Got it: // Draw RSS & Email if($objSettings->GetParameter("facebook_address") == ""){ $text_align = ($lang_dir == "ltr") ? "text-align: center;" : "text-align: right; padding-right:15px;"; echo "<table class='moduletable' width='100%' border='0' cellspacing='0' cellpadding='0'>"; echo "<tr> <td valign='bottom' style='".$text_align."'> <a href='feeds/rss.xml' title='RSS Feed'><img src='images/rss.png' alt='RSS Feed' border='0'></a> <a href='index.php?page=contact' title='Contact Us'><img src='images/letter.gif' alt='"._EMAIL_ADDRESS."' border='0'></a> </td></tr>"; echo "</table>";} // Draw RSS Facebook & Email else { $text_align = ($lang_dir == "ltr") ? "text-align: center;" : "text-align: right; padding-right:15px;"; echo "<table class='moduletable' width='100%' border='0' cellspacing='0' cellpadding='0'>"; echo "<tr> <td valign='bottom' style='".$text_align."'> <a href='feeds/rss.xml' title='RSS Feed'><img src='images/rss.png' alt='RSS Feed' border='0'></a> <a href='index.php?page=contact' title='Contact Us'><img src='images/letter.gif' alt='"._EMAIL_ADDRESS."' border='0'></a> <a href='http://".$objSettings->GetParameter("facebook_address")."' title='"._FACEBOOK_INVITE."' target='_blank'><img src='images/facebook.png' alt='"._FACEBOOK_INVITE."' border='0'></a> </td></tr>"; echo "</table>";} Note the else statement. Thanks anyways.

Thanks. I tried the following: if ('"<a href='http://".$objSettings->GetParameter("")."'); echo "<tr> <td valign='bottom' style='".$text_align."'> <a href='feeds/rss.xml' title='RSS Feed'><img src='images/rss.png' alt='RSS Feed' border='0'></a> <a href='index.php?page=contact' title='Contact Us'><img src='images/letter.gif' alt='"._EMAIL_ADDRESS."' border='0'></a> </td></tr>"; No goot. Just returned a Parse error: syntax error, unexpected T_STRING I have never tried any of this before so am lost really.

Howdy folks, I have an image to display if a required field is filled in. But what I want to do is if the field is left blank, to hide the image. Here is the code for the field itself: <td align="left" width="150px">'._FACEBOOK_ADDRESS.'<font color="#c13a3a">*</font>: <img class="help" src="images/question_mark.gif" title="'._FACEBOOK_ALERT.'"></td> <td align="left" width="200px"> <input type="text" name="facebook_address" size="30" maxlength="70" value="'.$params['facebook_address'].'"> </td> Here is the working code to display the image: <a href='http://".$objSettings->GetParameter("facebook_address")."' title='"._FACEBOOK_ADDRESS."' target='_blank'><img src='images/facebook.png' alt='"._FACEBOOK_ALERT."' border='0'></a> Here is the parameter: $params["facebook_address"] = isset($_POST['facebook_address']) ? prepare_input($_POST['facebook_address']) : $objSettings->GetParameter("facebook_address"); I am stumped as to how to get the image to vanish if the field is left blank. Any help would be greatly appreciated.

Thank you for you reply. I have checked the Database etc and everything is there.

Howdy folks, I am creating a Facebook app for a bit of fun and practice and getting the following error in index.php: Invalid query -- SELECT * FROM `results` WHERE `resultLow` <= AND `resultHigh`>= -- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND `resultHigh`>=' at line 1 Here is the area: $res = query("SELECT * FROM `results` WHERE `resultLow` <=$user_score AND `resultHigh`>=$user_score"); Any help would be appreciated.