Mundo Posted March 2, 2009 Share Posted March 2, 2009 I have made this: http://i41.tinypic.com/2q80gti.png My code: <? session_start(); include "tpl/header.tpl"; include "tpl/navigation.tpl"; mysql_connect("localhost","root",""); mysql_select_db("ncfc"); $username = $_POST['username']; $password = $_POST['password']; $query = mysql_query("SELECT * from users WHERE user_UserName = '$username' and user_Password='$password'"); $result = mysql_fetch_array($query); if($result) { $_SESSION['auth'] = "TRUE"; } $_SESSION['adminmenu'] = $_GET['adminmenu']; $_SESSION['postdata'] = $_GET['postdata']; if($_SESSION['adminmenu'] == "news" && $_SESSION['auth'] == "TRUE") { include "tpl/adminnews.tpl"; mysql_query("INSERT INTO news (news_ID, news_Title, news_Date, news_Entry, news_Picture) VALUES (NULL, '$_POST[title]', '$_POST[date]', '$_POST[content]', '$_POST[picture]')"); include "tpl/adminmenu.tpl"; } else if($_SESSION['adminmenu'] == "history" && $_SESSION['auth'] == "TRUE") { echo "HISTORY!!"; include "tpl/adminmenu.tpl"; } else if($_SESSION['adminmenu'] == "squad" && $_SESSION['auth'] == "TRUE") { echo "SQUAD!!"; include "tpl/adminmenu.tpl"; } else if($_SESSION['adminmenu'] == "results" && $_SESSION['auth'] == "TRUE") { echo "RESULTS!!"; include "tpl/adminmenu.tpl"; } else if($_SESSION['auth'] == "TRUE") { include "tpl/adminmenu.tpl"; } else { include "tpl/logon.tpl"; } include "tpl/footer.tpl"; mysql_close(); ?> How can i make this part only insert the data into the database once the submit button has been pushed? At the moment, it inserts a blank row every time the page is loaded... if($_SESSION['adminmenu'] == "news" && $_SESSION['auth'] == "TRUE") { include "tpl/adminnews.tpl"; mysql_query("INSERT INTO news (news_ID, news_Title, news_Date, news_Entry, news_Picture) VALUES (NULL, '$_POST[title]', '$_POST[date]', '$_POST[content]', '$_POST[picture]')"); include "tpl/adminmenu.tpl"; } Link to comment https://forums.phpfreaks.com/topic/147588-insert-into-once-submit-is-pushed/ Share on other sites More sharing options...
premiso Posted March 2, 2009 Share Posted March 2, 2009 if (isset($_POST['submit'])) { if($_SESSION['adminmenu'] == "news" && $_SESSION['auth'] == "TRUE") { include "tpl/adminnews.tpl"; mysql_query("INSERT INTO news (news_ID, news_Title, news_Date, news_Entry, news_Picture) VALUES (NULL, '$_POST[title]', '$_POST[date]', '$_POST[content]', '$_POST[picture]')"); include "tpl/adminmenu.tpl"; } } Should only run if the submit button (given that its name is "submit") has been pushed. Link to comment https://forums.phpfreaks.com/topic/147588-insert-into-once-submit-is-pushed/#findComment-774808 Share on other sites More sharing options...
phant0m Posted March 2, 2009 Share Posted March 2, 2009 1st) Read about mysql injection! I woulnd't just check for the submit button. I'd check all fields on whether they're valid or not. just check whether $_POST[title], $_POST['title'] etc etc are set and not empty sidenote: you don't have to set news_ID to NULL, and you could use NOW() for the date, instead of passing it per post, if this is wanted. However, this makes you unable to set a date manually. Link to comment https://forums.phpfreaks.com/topic/147588-insert-into-once-submit-is-pushed/#findComment-774809 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.