Jump to content

Confusion With Inserting & Modifying Form Information

stublackett

By stublackett
in PHP Coding Help

 Share

Recommended Posts

stublackett Advanced Member

stublackett

Posted
Posted

Hi Guys,

 

I've got a Content Management System setup, Which allows users to add to the directory, Edit The Directory and Delete Directory Items

 

I'm putting in the data fine on my machine, If my colleague tries to enter it, He is getting SQL Errors on both the Adding Of Data and the Editing Of Data, Why would this be?

 

My PHP Code is :

 

adddirectory.php

                  <?php 
// create flag(s) for validation errors -
$errors = array(); // an array is generally used for this, where the index name would relate each error element to the field it corresponds to (should you want to individually output errors next to the field)

// check if the form has been submitted
if(isset($_POST['submit']))
{
//Collect Form Vars
$title = $_POST['title'];
$description = $_POST['description'];
$category = $_POST['category'];
$address = $_POST['address'];
$postcode = $_POST['postcode'];
$telephone = $_POST['telephone'];
$email = $_POST['email'];
$website = $_POST['website'];
$info = $_POST['info'];
$info = addslashes($info);
$img1 = $_FILES['image1']['name'];
$img2 = $_FILES['image2']['name'];
//Set Images Upload Directory
$uploaddir = "../directoryimages"; 

//Check Forms' Post Vars
  
if (!empty($_POST['title'])) {
	$title = $_POST['title'];
}else{
	$title = NULL;
	$errors['title'] = '<p><font color="red">You need to enter a title for this item</font></p>';
}
if (!empty($_POST['address'])) {
	$address = $_POST['address'];
}else{
	$address = NULL;
	$errors['address'] = '<p><font color="red">You need to enter an address for the directory</font></p>';
}
if (!empty($_POST['postcode'])) {
	$postcode = $_POST['postcode'];
}else{
	$postcode = NULL;
	$errors['postcode'] = '<p><font color="red">You need to enter an postcode for the directory</font></p>';
}
if (!empty($_POST['telephone'])) {
	$telephone = $_POST['telephone'];
}else{
	$telephone = NULL;
	$errors['telephone'] = '<p><font color="red">You need to enter an telephone number for this directory item</font></p>';
}
if (!empty($_POST['info'])) {
	$info = mysql_real_escape_string($info);
}else{
	$info = NULL;
	$errors['info'] = '<p><font color="red">You need to enter info for this directory item</font></p>';
}

//Handle the Image

// Upload Part
if(is_uploaded_file($_FILES['image1']['tmp_name']))
{
move_uploaded_file($_FILES['image1']['tmp_name'],$uploaddir.'/'.$_FILES['image1']['name']);
}
$img1 = $uploaddir."/".$img1;

if(is_uploaded_file($_FILES['image2']['tmp_name']))
{
move_uploaded_file($_FILES['image2']['tmp_name'],$uploaddir.'/'.$_FILES['image2']['name']);
}
$img2 = $uploaddir."/".$img2;

// If everything is filled out print the message.
if(empty($errors))
{
	// If all is ok, Insert into DB
	$sql = "INSERT INTO $db_table2(title, category, address, postcode, telephone, email, website, info, image1, image2) values ('$title','$category','$address','$postcode','$telephone','$email','$website','$info','$img1','$img2')"; 
	// Incase needed($result = mysql_query($sql ,$db));
	($result = mysql_query($sql ,$db) or die(mysql_error()));

	echo "Thank you! Directory item has been added to the site!<br>You'll be redirected to the content management page in (5) Seconds";
	echo "<br />";

	echo "<meta http-equiv=Refresh content=5;url=index.html>";
	exit;
}
}

// if the form was not submitted or there were validation errors, display the form -
if(!isset($_POST['submit']) || !empty($errors))
{
?>
                    
                    <div id="php-errors">
<?php
// check for any errors and display -
if(!empty($errors))
{
foreach($errors as $key => $error)
{
	echo "<b>Form Errors</b> : ";
	echo "The $key field, contains this error: $error";
}
}
?>

 

editdirectoryitem.php

<?php
//Collect New Post Vars

$title = $_POST['title'];
$address = $_POST['address'];
$postcode = $_POST['postcode'];
$telephone = $_POST['telephone'];
$email = $_POST['email'];
$website = $_POST['website'];
$info = $_POST['info'];
$info = addslashes($info);
$category = $_POST['category'];
$id = $_GET['id'];

if(isset($_POST['submit']))

  {
     // Set global variables to easier names
     // and prevent sql injection and apostrophe to break the db.

$sql =  ("UPDATE directory SET title='$title', address ='$address', postcode ='$postcode', telephone='$telephone', email='$email', website='$website', info='$info', category='$category' WHERE id='$_GET[id]'");

$result = mysql_query($sql) or die (mysql_error());

echo "Thank you! Directory Item has modified on the site!<br>You'll be redirected to the content management page in (5) Seconds";
echo "<br><br>";
echo "<meta http-equiv=Refresh content=5;url=index.html>";
}

elseif(isset($_GET['id']))

{
        $result = mysql_query("SELECT * FROM $db_table2 WHERE id='$_GET[id]'");
        while($myrow = mysql_fetch_assoc($result))

             {

                $title = $myrow['title'];
			$address = $myrow['address'];
			$postcode = $myrow['postcode'];
			$telephone = $myrow['telephone'];
			$email = $myrow['email'];
			$website = $myrow['website'];
			$info = $myrow['info'];
			$category = $myrow['category'];
			$id = $_GET['id'];             
		}   
?>
                
                <div id="php-errors">
<?php
// check for any errors and display -
if(!empty($errors))
{
foreach($errors as $key => $error)
{
	echo "<b>Form Errors</b> : ";
	echo "The $key field, contains this error: $error";
}
}
?>

 

Why would this work for me, But not my colleague ???

Link to comment
Share on other sites
stublackett Advanced Member

stublackett

Posted
  • Author
Posted

Its mainly SQL Syntax Errors

 

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's organisation in the UK. It exists to educate women to enable t

 

I'm trying addslashes when inserting and when pulling through the data I'm then stripping those slashes

 

He's been telling me about these errors, I've seen them myself, Went to work on the page and had no problems

Could it be that the pages are cached?

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.