Hi,
I'm new to php and just trying to make sense of things by trying stuff. I'm trying to make a very rudimentary CMS where form values are added to a mysql database. One of the inputs in the form ($body) is a textarea. I've messed around with this but there's a glitch somewhere-when I press the submit button I just get a blank page (the page for the form processing script). My guess is there's something not right with the "safety measures" I'm taking: trim,stripslashes,etc. Any help would be appreciated
<?phpsession_start();if(!isset($_POST['Submit'])){header("Location: home_manage.php");exit();}else{$headline=$_POST['headline'];$author=$_POST['author'];$body=$_POST['body'];$headline=trim($headline);$author=trim($author);$body=trim($body);$message=array(); if((strlen($headline)!=0)&&(strlen($author)!=0)&&(strlen($body)!=0)){ $time=time(); $date=date('Y-m-d H:i:s',$time); $headline=strip_tags($headline); $author=strip_tags($author); $body="<p>".$body."</p>"; $order=array("\r\n", "\n", "\r"); $replace='</p><p>'; $body=str_ireplace($order,$replace,$body); $body=strip_tags($body,'<p><br />'); if(get_magic_quotes_gpc()) { $headline=stripslashes($headline); $author=stripslashes($author); $body=stripslashes($body); } $headline=htmlentities(mysql_real_escape_string($headline)); $author=htmlentities(mysql_real_escape_string($author)); $body=htmlentities(mysql_real_escape_string($body)); require('storage.inc'); $link = mysql_connect($host,$user,$db_password); $db = mysql_select_db($post_database,$link); $query= "INSERT INTO entry (entry_date,entry_head,entry_author,entry_text) VALUES ('$date','$headline','$author','$body')"; mysql_query($query); $message[]="<p class='announce'><b>Post titled ".$headline." has been added to the database.</b></p>"; }else{if(strlen($headline)<1){$message[]="<p class='announce'><b>You must include a headline for this post.</b></p>";}if(strlen($author)<1){$message[]="<p class='announce'><b>You must include an author name for this post.</b></p>";}if(strlen($body)<1){$message[]="<p class='announce'><b>You must include some body text for this post.</b></p>";}}$_SESSION['msg']['up_err']=implode($message);header("Location: home_manage.php");exit();}?>