stublackett Posted July 29, 2008 Share Posted July 29, 2008 Hi Guys, I've got a Content Management System setup, Which allows users to add to the directory, Edit The Directory and Delete Directory Items I'm putting in the data fine on my machine, If my colleague tries to enter it, He is getting SQL Errors on both the Adding Of Data and the Editing Of Data, Why would this be? My PHP Code is : adddirectory.php <?php // create flag(s) for validation errors - $errors = array(); // an array is generally used for this, where the index name would relate each error element to the field it corresponds to (should you want to individually output errors next to the field) // check if the form has been submitted if(isset($_POST['submit'])) { //Collect Form Vars $title = $_POST['title']; $description = $_POST['description']; $category = $_POST['category']; $address = $_POST['address']; $postcode = $_POST['postcode']; $telephone = $_POST['telephone']; $email = $_POST['email']; $website = $_POST['website']; $info = $_POST['info']; $info = addslashes($info); $img1 = $_FILES['image1']['name']; $img2 = $_FILES['image2']['name']; //Set Images Upload Directory $uploaddir = "../directoryimages"; //Check Forms' Post Vars if (!empty($_POST['title'])) { $title = $_POST['title']; }else{ $title = NULL; $errors['title'] = '<p><font color="red">You need to enter a title for this item</font></p>'; } if (!empty($_POST['address'])) { $address = $_POST['address']; }else{ $address = NULL; $errors['address'] = '<p><font color="red">You need to enter an address for the directory</font></p>'; } if (!empty($_POST['postcode'])) { $postcode = $_POST['postcode']; }else{ $postcode = NULL; $errors['postcode'] = '<p><font color="red">You need to enter an postcode for the directory</font></p>'; } if (!empty($_POST['telephone'])) { $telephone = $_POST['telephone']; }else{ $telephone = NULL; $errors['telephone'] = '<p><font color="red">You need to enter an telephone number for this directory item</font></p>'; } if (!empty($_POST['info'])) { $info = mysql_real_escape_string($info); }else{ $info = NULL; $errors['info'] = '<p><font color="red">You need to enter info for this directory item</font></p>'; } //Handle the Image // Upload Part if(is_uploaded_file($_FILES['image1']['tmp_name'])) { move_uploaded_file($_FILES['image1']['tmp_name'],$uploaddir.'/'.$_FILES['image1']['name']); } $img1 = $uploaddir."/".$img1; if(is_uploaded_file($_FILES['image2']['tmp_name'])) { move_uploaded_file($_FILES['image2']['tmp_name'],$uploaddir.'/'.$_FILES['image2']['name']); } $img2 = $uploaddir."/".$img2; // If everything is filled out print the message. if(empty($errors)) { // If all is ok, Insert into DB $sql = "INSERT INTO $db_table2(title, category, address, postcode, telephone, email, website, info, image1, image2) values ('$title','$category','$address','$postcode','$telephone','$email','$website','$info','$img1','$img2')"; // Incase needed($result = mysql_query($sql ,$db)); ($result = mysql_query($sql ,$db) or die(mysql_error())); echo "Thank you! Directory item has been added to the site!<br>You'll be redirected to the content management page in (5) Seconds"; echo "<br />"; echo "<meta http-equiv=Refresh content=5;url=index.html>"; exit; } } // if the form was not submitted or there were validation errors, display the form - if(!isset($_POST['submit']) || !empty($errors)) { ?> <div id="php-errors"> <?php // check for any errors and display - if(!empty($errors)) { foreach($errors as $key => $error) { echo "<b>Form Errors</b> : "; echo "The $key field, contains this error: $error"; } } ?> editdirectoryitem.php <?php //Collect New Post Vars $title = $_POST['title']; $address = $_POST['address']; $postcode = $_POST['postcode']; $telephone = $_POST['telephone']; $email = $_POST['email']; $website = $_POST['website']; $info = $_POST['info']; $info = addslashes($info); $category = $_POST['category']; $id = $_GET['id']; if(isset($_POST['submit'])) { // Set global variables to easier names // and prevent sql injection and apostrophe to break the db. $sql = ("UPDATE directory SET title='$title', address ='$address', postcode ='$postcode', telephone='$telephone', email='$email', website='$website', info='$info', category='$category' WHERE id='$_GET[id]'"); $result = mysql_query($sql) or die (mysql_error()); echo "Thank you! Directory Item has modified on the site!<br>You'll be redirected to the content management page in (5) Seconds"; echo "<br><br>"; echo "<meta http-equiv=Refresh content=5;url=index.html>"; } elseif(isset($_GET['id'])) { $result = mysql_query("SELECT * FROM $db_table2 WHERE id='$_GET[id]'"); while($myrow = mysql_fetch_assoc($result)) { $title = $myrow['title']; $address = $myrow['address']; $postcode = $myrow['postcode']; $telephone = $myrow['telephone']; $email = $myrow['email']; $website = $myrow['website']; $info = $myrow['info']; $category = $myrow['category']; $id = $_GET['id']; } ?> <div id="php-errors"> <?php // check for any errors and display - if(!empty($errors)) { foreach($errors as $key => $error) { echo "<b>Form Errors</b> : "; echo "The $key field, contains this error: $error"; } } ?> Why would this work for me, But not my colleague ??? Quote Link to comment Share on other sites More sharing options...
Wolphie Posted July 29, 2008 Share Posted July 29, 2008 What are the errors? Quote Link to comment Share on other sites More sharing options...
stublackett Posted July 29, 2008 Author Share Posted July 29, 2008 Its mainly SQL Syntax Errors You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's organisation in the UK. It exists to educate women to enable t I'm trying addslashes when inserting and when pulling through the data I'm then stripping those slashes He's been telling me about these errors, I've seen them myself, Went to work on the page and had no problems Could it be that the pages are cached? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.