Jump to content

"INSERT INTO" once "SUBMIT" is pushed

Mundo

By Mundo
in PHP Coding Help

 Share

Recommended Posts

Mundo Member

Mundo

Posted
Posted

I have made this: http://i41.tinypic.com/2q80gti.png

 

My code:

 

<?
session_start();

include "tpl/header.tpl";
include "tpl/navigation.tpl";

mysql_connect("localhost","root","");
mysql_select_db("ncfc");

$username = $_POST['username'];
$password = $_POST['password'];

$query = mysql_query("SELECT * from users WHERE user_UserName = '$username' and user_Password='$password'");
$result = mysql_fetch_array($query);

if($result) {
$_SESSION['auth'] = "TRUE";
}

$_SESSION['adminmenu'] = $_GET['adminmenu'];
$_SESSION['postdata'] = $_GET['postdata'];

if($_SESSION['adminmenu'] == "news" && $_SESSION['auth'] == "TRUE") {
include "tpl/adminnews.tpl";
mysql_query("INSERT INTO news (news_ID, news_Title, news_Date, news_Entry, news_Picture) VALUES (NULL, '$_POST[title]', '$_POST[date]', '$_POST[content]', '$_POST[picture]')");
include "tpl/adminmenu.tpl";
}	
else if($_SESSION['adminmenu'] == "history" && $_SESSION['auth'] == "TRUE") {
echo "HISTORY!!";
include "tpl/adminmenu.tpl";
}
else if($_SESSION['adminmenu'] == "squad" && $_SESSION['auth'] == "TRUE") {
echo "SQUAD!!";
include "tpl/adminmenu.tpl";
}
else if($_SESSION['adminmenu'] == "results" && $_SESSION['auth'] == "TRUE") {
echo "RESULTS!!";
include "tpl/adminmenu.tpl";
}
else if($_SESSION['auth'] == "TRUE") {
include "tpl/adminmenu.tpl";
}
else {
include "tpl/logon.tpl";
}

include "tpl/footer.tpl";
mysql_close();
?>

 

How can i make this part only insert the data into the database once the submit button has been pushed? At the moment, it inserts a blank row every time the page is loaded...

if($_SESSION['adminmenu'] == "news" && $_SESSION['auth'] == "TRUE") {
include "tpl/adminnews.tpl";
mysql_query("INSERT INTO news (news_ID, news_Title, news_Date, news_Entry, news_Picture) VALUES (NULL, '$_POST[title]', '$_POST[date]', '$_POST[content]', '$_POST[picture]')");
include "tpl/adminmenu.tpl";
}

 

 

Link to comment
Share on other sites
premiso Regular Member

premiso

Posted
Posted 

if (isset($_POST['submit'])) {
  if($_SESSION['adminmenu'] == "news" && $_SESSION['auth'] == "TRUE") {
     include "tpl/adminnews.tpl";
     mysql_query("INSERT INTO news (news_ID, news_Title, news_Date, news_Entry, news_Picture) VALUES (NULL, '$_POST[title]', '$_POST[date]', '$_POST[content]', '$_POST[picture]')");
     include "tpl/adminmenu.tpl";
  }
}

 

Should only run if the submit button (given that its name is "submit") has been pushed.

Link to comment
Share on other sites
phant0m Member

phant0m

Posted
Posted

1st) Read about mysql injection!

 

 

I woulnd't just check for the submit button. I'd check all fields on whether they're valid or not.

just check whether $_POST[title], $_POST['title'] etc etc are set and not empty

 

sidenote: you don't have to set news_ID to NULL, and you could use NOW() for the date, instead of passing it per post, if this is wanted. However, this makes you unable to set a date manually.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.