imdead Posted April 30, 2008 Share Posted April 30, 2008 Hey guys i've been doing a clients website and im on the last part, building them a client testimonials page. <? $action = $_GET["action"]; if ($action == "delete"){ $delid = $_GET['delid']; $query = "DELETE FROM testimonials WHERE id=".$delid." LIMIT 1"; $sql = mysql_query($query); echo("Testimonial succesfully deleted! [ <a href='testimonials_edit.php'>Back</a> ]"); $delid = $_GET['delid']; } if ($action == "add"){ $add = $_GET['add']; $text = $_GET['text']; $query = "INSERT INTO testimonials SET text = '$text'"; $sql = mysql_query($query); if($sql) { $success = TRUE; } else { $success = FALSE; } } print("<strong>Add A New Testimonial!</strong>"); print("<br />"); print("<br />"); echo("<form name='form1' method='get' action='?action=add'>"); echo("<table class=main cellspacing=0 cellpadding=5 width=50%>"); echo("<tr><td>Testimonial: </td><td align='right'><input type='text' size=50 name='text'></td></tr>"); echo("<tr><td></td><td><div align='right'><input type='Submit'></div></td></tr>"); echo("</table>"); if($success == TRUE) { print("<strong>Success!</strong>"); } echo("<br>"); echo("</form>"); print("<strong>Existing testimonials:</strong>"); print("<br />"); print("<br />"); echo("<table class=main cellspacing=0 cellpadding=5>"); echo("<td>ID:</td><td>Text:</td><td>Delete:</td>"); $query = "SELECT * FROM testimonials WHERE 1=1"; $sql = mysql_query($query); while ($row = mysql_fetch_array($sql)) { $id = $row['id']; $text = $row['text']; echo("<tr><td><strong>$id</strong></td><td><strong>$text</strong></td><td><a href='testimonials_edit.php?action=delete&delid=$id'>Delete</a></td></tr>"); } ?> Everything there works although the only thing that doesnt work atm is the Add. i cant seem to get it to work, any chance you guys could give it ago? Quote Link to comment https://forums.phpfreaks.com/topic/103623-solved-client-testimonials/ Share on other sites More sharing options...
DarkWater Posted April 30, 2008 Share Posted April 30, 2008 1) Don't let anyone delete testimonials just by passing an ID... 2) Change: $sql = mysql_query($query); To: $sql = mysql_query($query) OR die (mysql_error()); Tell us the output (if any). Quote Link to comment https://forums.phpfreaks.com/topic/103623-solved-client-testimonials/#findComment-530630 Share on other sites More sharing options...
revraz Posted April 30, 2008 Share Posted April 30, 2008 You are using UPDATE parameters with a INSERT command. Quote Link to comment https://forums.phpfreaks.com/topic/103623-solved-client-testimonials/#findComment-530637 Share on other sites More sharing options...
DarkWater Posted April 30, 2008 Share Posted April 30, 2008 Ah, I didn't even notice that! @_@ I didn't read thoroughly enough I guess. $query = "INSERT INTO testimonials (text) VALUES ('$text')"; >_> Quote Link to comment https://forums.phpfreaks.com/topic/103623-solved-client-testimonials/#findComment-530644 Share on other sites More sharing options...
imdead Posted May 1, 2008 Author Share Posted May 1, 2008 ok code updated to <?php include'modules/sides/header.php'; include"modules/sides/database.php"; ?> <table cellpadding="0" cellspacing="0" width="100%" id="mainTable"> <tr> <td class="left"> <?php include'modules/sides/left.php';?> </td> <td id="centercolumn"> <table class="cont" cellspacing="0"> <tr> <td id="centerCcolumn"> <div class="block"> <?php if(session_is_registered('username')){ if ($userlevel == '2'){ ?> <div class="blockTitle">Administration - Add/Remove Testimonials</div> <div class="blockContent"> <? $action = $_GET["action"]; if ($action == "delete"){ $delid = $_GET['delid']; $query = "DELETE FROM testimonials WHERE id=".$delid." LIMIT 1"; $sql = mysql_query($query); echo("Testimonial succesfully deleted! [ <a href='testimonials_edit.php'>Back</a> ]"); $delid = $_GET['delid']; } if ($action == "add"){ $add = $_GET['add']; $text = $_GET['text']; $query = "INSERT INTO testimonials (text) VALUES ('$text')"; $sql = mysql_query($query) or die (mysql_error()); } print("<strong>Add A New Testimonial!</strong>"); print("<br />"); print("<br />"); echo("<form name='form1' method='get' action='?action=add'>"); echo("<table class=main cellspacing=0 cellpadding=5 width=50%>"); echo("<tr><td>Testimonial: </td><td align='right'><input type='text' size=50 name='text'></td></tr>"); echo("<tr><td></td><td><div align='right'><input type='Submit'></div></td></tr>"); echo("</table>"); if($success == TRUE) { print("<strong>Success!</strong>"); } echo("<br>"); echo("</form>"); print("<strong>Existing testimonials:</strong>"); print("<br />"); print("<br />"); echo("<table class=main cellspacing=0 cellpadding=5>"); echo("<td>ID:</td><td>Text:</td><td>Delete:</td>"); $query = "SELECT * FROM testimonials WHERE 1=1"; $sql = mysql_query($query); while ($row = mysql_fetch_array($sql)) { $id = $row['id']; $text = $row['text']; echo("<tr><td><strong>$id</strong></td><td><strong>$text</strong></td><td><a href='testimonials_edit.php?action=delete&delid=$id'>Delete</a></td></tr>"); } ?></p></table> </div> </div> <?php }}else{echo'Stop hacking';}?> </td> </tr> </table> <td class="right"> <?php include"modules/sides/right.php"; ?> </td> </tr> </table> <?php include'modules/sides/footer.php';?> Although its not print anything out with any errors, and still need inserting any data. Also is it possible to update it to a POST not GET so if its long it doesnt ruin the URL Quote Link to comment https://forums.phpfreaks.com/topic/103623-solved-client-testimonials/#findComment-531212 Share on other sites More sharing options...
revraz Posted May 1, 2008 Share Posted May 1, 2008 Do you have short tags enabled? If not, change <? to <?php (which you should do anyways to keep it all consistant). Quote Link to comment https://forums.phpfreaks.com/topic/103623-solved-client-testimonials/#findComment-531232 Share on other sites More sharing options...
imdead Posted May 1, 2008 Author Share Posted May 1, 2008 oh i just realised the error is when i click submit it loads testimonials_edit.php?text=ssssss insted of testimonials_edit.php?action=add&text=ssssss Anyway to fix? also i updated the code <?php include'modules/sides/header.php'; include"modules/sides/database.php"; ?> <table cellpadding="0" cellspacing="0" width="100%" id="mainTable"> <tr> <td class="left"> <?php include'modules/sides/left.php';?> </td> <td id="centercolumn"> <table class="cont" cellspacing="0"> <tr> <td id="centerCcolumn"> <div class="block"> <?php if(session_is_registered('username')){ if ($userlevel == '2'){ ?> <div class="blockTitle">Administration - Add/Remove Testimonials</div> <div class="blockContent"> <?php $action = $_GET["action"]; if ($action == "delete"){ $delid = $_GET['delid']; $query = "DELETE FROM testimonials WHERE id=".$delid." LIMIT 1"; $sql = mysql_query($query); echo("Testimonial succesfully deleted! [ <a href='testimonials_edit.php'>Back</a> ]"); $delid = $_GET['delid']; } if ($action == "add"){ $add = $_GET['add']; $text = $_GET['text']; $id = mysql_insert_id(); $query = "INSERT INTO testimonials (id, text) VALUES ('$id', '$text')"; $sql = mysql_query($query) or die (mysql_error()); } print("<strong>Add A New Testimonial!</strong>"); print("<br />"); print("<br />"); echo("<form name='add' method='get' action='?action=add'>"); echo("<table class=main cellspacing=0 cellpadding=5 width=50%>"); echo("<tr><td>Testimonial: </td><td align='right'><input type='text' size=50 name='text'></td></tr>"); echo("<tr><td></td><td><div align='right'><input type='Submit'></div></td></tr>"); echo("</table>"); if($success == TRUE) { print("<strong>Success!</strong>"); } echo("<br>"); echo("</form>"); print("<strong>Existing testimonials:</strong>"); print("<br />"); print("<br />"); echo("<table class=main cellspacing=0 cellpadding=5>"); echo("<td>ID:</td><td>Text:</td><td>Delete:</td>"); $query = "SELECT * FROM testimonials WHERE 1=1"; $sql = mysql_query($query); while ($row = mysql_fetch_array($sql)) { $id = $row['id']; $text = $row['text']; echo("<tr><td><strong>$id</strong></td><td><strong>$text</strong></td><td><a href='testimonials_edit.php?action=delete&delid=$id'>Delete</a></td></tr>"); } ?></p></table> </div> </div> <?php }}else{echo'Stop hacking';}?> </td> </tr> </table> <td class="right"> <?php include"modules/sides/right.php"; ?> </td> </tr> </table> <?php include'modules/sides/footer.php';?> Quote Link to comment https://forums.phpfreaks.com/topic/103623-solved-client-testimonials/#findComment-531248 Share on other sites More sharing options...
revraz Posted May 1, 2008 Share Posted May 1, 2008 Could try adding a hidden input field with action=add instead of using it as a Form Action. Quote Link to comment https://forums.phpfreaks.com/topic/103623-solved-client-testimonials/#findComment-531255 Share on other sites More sharing options...
imdead Posted May 1, 2008 Author Share Posted May 1, 2008 Hey, i've changed it to below the url im getting now is testimonials_edit.php?%3Faction%3Dadd=&text=test is there anyway it can be changed to testimonials_edit.php?action=add and have the &text=test stored in POST? <?php include'modules/sides/header.php'; include"modules/sides/database.php"; ?> <table cellpadding="0" cellspacing="0" width="100%" id="mainTable"> <tr> <td class="left"> <?php include'modules/sides/left.php';?> </td> <td id="centercolumn"> <table class="cont" cellspacing="0"> <tr> <td id="centerCcolumn"> <div class="block"> <?php if(session_is_registered('username')){ if ($userlevel == '2'){ ?> <div class="blockTitle">Administration - Add/Remove Testimonials</div> <div class="blockContent"> <?php $action = $_GET["action"]; if ($action == "delete"){ $delid = $_GET['delid']; $query = "DELETE FROM testimonials WHERE id=".$delid." LIMIT 1"; $sql = mysql_query($query); echo("Testimonial succesfully deleted! [ <a href='testimonials_edit.php'>Back</a> ]"); $delid = $_GET['delid']; } if ($action == "add"){ $add = $_GET['add']; $text = $_GET['text']; $id = mysql_insert_id(); $query = "INSERT INTO testimonials (id, text) VALUES ('$id', '$text')"; $sql = mysql_query($query) or die (mysql_error()); } print("<strong>Add A New Testimonial!</strong>"); print("<br />"); print("<br />"); echo("<form name='add' method='get' action='?action=add'>"); echo("<input type='hidden' name='?action=add'>"); echo("<table class=main cellspacing=0 cellpadding=5 width=50%>"); echo("<tr><td>Testimonial: </td><td align='right'><input type='text' size=50 name='text'></td></tr>"); echo("<tr><td></td><td><div align='right'><input type='Submit'></div></td></tr>"); echo("</table>"); if($success == TRUE) { print("<strong>Success!</strong>"); } echo("<br>"); echo("</form>"); print("<strong>Existing testimonials:</strong>"); print("<br />"); print("<br />"); echo("<table class=main cellspacing=0 cellpadding=5>"); echo("<td>ID:</td><td>Text:</td><td>Delete:</td>"); $query = "SELECT * FROM testimonials WHERE 1=1"; $sql = mysql_query($query); while ($row = mysql_fetch_array($sql)) { $id = $row['id']; $text = $row['text']; echo("<tr><td><strong>$id</strong></td><td><strong>$text</strong></td><td><a href='testimonials_edit.php?action=delete&delid=$id'>Delete</a></td></tr>"); } ?></p></table> </div> </div> <?php }}else{echo'Stop hacking';}?> </td> </tr> </table> <td class="right"> <?php include"modules/sides/right.php"; ?> </td> </tr> </table> <?php include'modules/sides/footer.php';?> Quote Link to comment https://forums.phpfreaks.com/topic/103623-solved-client-testimonials/#findComment-531258 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.