bradkenyon Posted August 26, 2008 Share Posted August 26, 2008 I have a page that allows you to update entries, but it checks to make sure you're the author of that entry. <?php $id = $_GET['id']; $author = $HTTP_SESSION_VARS['valid_username']; $sql = "SELECT * FROM calendar_items WHERE id = $id AND author = '$author'"; if($result = mysql_query($sql)) { if(mysql_num_rows($result)) { if(!$_POST) { $queryupd = "select * from calendar_items where id = $id"; $resultupd=mysql_query($queryupd); ?> <div class="details"> <?php while($rowupd = mysql_fetch_array($resultupd)) { ?> <form enctype="multipart/form-data" method="post" action="<?=$_SERVER["PHP_SELF"]?>"> <?php print '<input type="hidden" name="id" value="'.$rowupd['id'].'">'; print '<h3>Event Title</h3>'; print '<input type="text" name="subj" size="60" value="'.htmlentities($rowupd['subj']).'">'; print '<p><input type="Submit" value="Submit" name="Submit"> <a href="/cms/">Cancel</a> </form>'; } } else { $id=$HTTP_POST_VARS['id']; $subj=addslashes($HTTP_POST_VARS['subj']); $result = mysql_query("UPDATE calendar_items SET subj='$subj' WHERE id=$id") or die(mysql_error()); } } else { // display your unauthorised message print ' <div class="alert"> To update, you need to be author of event. </div>'; } } ?> When I hit submit, it does not work. I think the if(!$_POST) might be the problem. The way it should work: if the form was not posted, then display the form w/ the current data, if it was posted, then grab the values within the form fields and update them in the db table, then display the form w/ the updated values. Quote Link to comment Share on other sites More sharing options...
Mchl Posted August 26, 2008 Share Posted August 26, 2008 Try if(empty($_POST)) {} Or maybe count values in $_POST array and compare to 0 ? Quote Link to comment Share on other sites More sharing options...
bradkenyon Posted August 26, 2008 Author Share Posted August 26, 2008 if(empty($_POST)) {} did not work. i have a feeling when i hit submit for the update form, it loops back around and checks to see if you're the author of the event you're trying to update and craps out. or something w/ the queries. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.