Help with a simple news script.

[pocobueno1388]

I am having some troubles with my news script. What the script is supposed to do is let you fill out a form that asks for the posters name and then they can type out the body of the message and when they submit it it is supposed to add the information to the database then display it to the screen.

Here is the URL to the uploaded script I have so far:
[a href=\"http://northlakestables.com/dog/news.php\" target=\"_blank\"]http://northlakestables.com/dog/news.php[/a]

The problems I am having:

1) Every time you go to that URL above it will add a blank row to the database. I assume I have to exit something in the script, but I am not sure where to do that.

2) When the user uses the form to add news, no matter what they type it, it submits a blank row to the database.

3) Everything in the database is added twice to the screen, I am completely lost on how to stop this.

Here is the code I am using.

[code]
<?

include 'config.php';
include 'header.php';

//Get info from the database to post news

$sql = "SELECT * FROM news";
$result = mysql_query($sql);

//Post the news to the screen

while ($row = mysql_fetch_assoc($result)){
    print "<br>";
    foreach ($row as $col=>$val){

        print "<b>$row[poster]</b><p>";
        print "$row[body]<hr>";
        

}
}

//Print form to add news

print<<<HERE
    <p><br><br><br>

<center><h2>Add News</h2></center>
<form action="news.php">
<table border=1>
        <td>Username:
        <input type = "text"
               name = "poster" maxlength=20><p></td>
<tr>
        <td>Message:<br>
<tr>
        <td><textarea wrap=virtual rows=12 cols=35 name="body"></textarea></td><br>
<tr>
        <td align="center"><input type ="submit" valu="Submit"></td>

</table>
</form>

HERE;

//Insert post to the database.

mysql_query("INSERT INTO news (poster, body)
        VALUES ('$poster', '$body')")
        or die(mysql_error());


?>
[/code]

If anyone can 'fix up' my script or just let me know what to do with it that would be great. I am fairly new to programming, so I am not even sure if I displayed the data to the screen the right way.

If I forgot to add anything, just let me know what information you need and I will get it to you asap.

Thanks in advance! =D Hopefully I am not asking for too much.

[AndyB]

Change:
[code]<form action="news.php">[/code]
to
[code]<form action = "news.php" method = "post">[/code]

And change the form submit input as below, plus check whether the form has been submitted - also see below.

[code]<td align="center"><input type ="submit" value="Submit" name="submit"></td>

</table>
</form>

HERE;

//Insert post to the database - if the form was submitted

if (isset($_POST['submit'])) {
    $poster = trim(strip_tags($_POST['poster'])); // remove unwanted stuff
    $body = trim(strip_tags($_POST['body']));
    // did they enter something?
    if (($poster=="") || ($body=="") {
        echo "No blanks, thanks";
    } else {
        mysql_query("INSERT INTO news (poster, body)
        VALUES ('$poster', '$body')")
        or die(mysql_error());
    }
}
?>[/code]

[pocobueno1388]

AndyB - I just get a blank page when I add what you told me to :/ Here is the code after I added what you told me to:

[code]
<?

include 'config.php';
include 'header.php';

$sql = "SELECT * FROM news";
$result = mysql_query($sql);


while ($row = mysql_fetch_assoc($result)){
    print "<br>";
    foreach ($row as $col=>$val){

        print "<b>$row[poster]</b><p>";
        print "$row[body]<hr>";
        

}
}

print<<<HERE
    <p><br><br><br>

<center><h2>Add News</h2></center>
<form action = "news.php" method = "post">
<table border=1>
        <td>Username:
        <input type = "text"
               name = "poster" maxlength=20><p></td>
<tr>
        <td>Message:<br>
<tr>
        <td><textarea wrap=virtual rows=12 cols=35 name="body"></textarea></td><br>
<tr>
        <td align="center"><input type ="submit" value="Submit" name="submit"></td>

</table>
</form>

HERE;

//Insert post to the database - if the form was submitted

if (isset($_POST['submit'])) {
    $poster = trim(strip_tags($_POST['poster'])); // remove unwanted stuff
    $body = trim(strip_tags($_POST['body']));
    // did they enter something?
    if (($poster=="") || ($body=="") {
        echo "No blanks, thanks";
    } else {
        mysql_query("INSERT INTO news (poster, body)
        VALUES ('$poster', '$body')")
        or die(mysql_error());
    }
}
?>
[/code]

I really appreciate all your help =D

[benjrox]

It's becasue of this:
[code]    } else {
        mysql_query("INSERT INTO news (poster, body)
        VALUES ('$poster', '$body')")
        or die(mysql_error());
    }[/code]
It's actually working fine =)
try adding something like echo "It works!";
after [code]        or die(mysql_error());[/code]
Hope it continues to go well :)
Happy coding
Benj

EDIT: Actually, I may be wrong, please tell me if it doesn't work :)

[pocobueno1388]

Nope, that didn't work either. Still a blank screen :/

[AndyB]

[code]    if (($poster=="") || ($body=="") {[/code]

My mistake, that should be:

[code]    if (($poster=="") || ($body=="")) {[/code]

With that change, it works for me - I assume that the config file does all the database connection/selection stuff.

[AndyB]

[code]//Insert post to the database - if the form was submitted

if (isset($_POST['submit'])) {
    $poster = trim(strip_tags($_POST['poster'])); // remove unwanted stuff
    $body = trim(strip_tags($_POST['body']));
    // did they enter something?
    if (($poster=="") || ($body=="")) {
        echo "No blanks, thanks";
    } else {
        mysql_query("INSERT INTO news (poster, body)
        VALUES ('$poster','$body')")
        or die(mysql_error());
    }

}[/code]
Move all that from the end of the file to immediately after the header and config includes.

The page logic would then become:
connect to database
did someone post something?
if so, add it to database
then display the news (including the latest post)
then display the form

[pocobueno1388]

Okay, most of it is working now. The only thing not working is it is posting everything from the database twice..? Any ideas on how to fix this?

Thank you everyone who has helped, it is GREATLY appreciated.

[AndyB]

When you moved what I suggested to the near to top, you did remove that code from the end of the script, right?

[pocobueno1388]

Yes, I deleted it from the end of the script after I moved it.

[pocobueno1388]

Hmm...this is interesting. I deleted all the posts from the database and then I tried posting again and I got this error:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 't post twice =(')' at line 2[/quote]

I see the words 'Post Twice' in there. How do I change this?
Also, I wonder why it only gives me that error when there is nothing in the database. I had to manually add the first post to make it so you can post with no error.

[pocobueno1388]

Hmmm...I still don't have it figured out.

[AndyB]

[!--quoteo(post=388071:date=Jun 26 2006, 10:29 AM:name=Colin1388)--][div class=\'quotetop\']QUOTE(Colin1388 @ Jun 26 2006, 10:29 AM) [snapback]388071[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Hmmm...I still don't have it figured out.
[/quote]

I strongly suspect that error results from trying to post a message containing ' as in ... please don't post twice. Those characters need to be "handled" before attempting input to the database. Before fixing it, try a couple of very simple plain text posts to be sure the everything else in the script is working, and then check the manual for the addslashes function to see how to resolve the ' issue (and stripslashes later).

[pocobueno1388]

Okay, I will see what happens when I do the addslashes function.