eaglelegend Posted March 5, 2009 Share Posted March 5, 2009 hey i get this when i enter information and submit... Error Your title or content is blank. This is not allowed. Please go back and correct this. here is the code of the page im submitting it from... <?php session_start(); include ("../inc/config.php"); if(isset($_SESSION['password'])){ if ($_SESSION['password'] != $apass){ session_destroy(); die ("Hacking Attempt!"); } } else { die("Hacking Attempt!"); } //Let's output the website listing //First connect to the DB $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ("Cannot Connect to Database"); mysql_select_db($dbname); //Get the input $page = $_POST["page"]; $title = $_POST["title"]; $content = $_POST["content"]; //Clean our input $page = preg_replace("/[^a-zA-Z0-9s]/", "", $page); $title = mysql_real_escape_string($title); $content = mysql_real_escape_string($content); //Make sure input isn't blank if ($title == "" or $content == ""){ include "header.php"; echo "<h2>Error</h2>"; echo "Your title or content is blank. This is not allowed. Please <a href='pages.php?page=".$page."'>go back</a> and correct this."; include "footer.php"; die(); } $query = "UPDATE article_content SET title='".$title."' WHERE page='".$page."'"; mysql_query($query); $query = "UPDATE article_content SET content='".$content."' WHERE page='".$page."'"; mysql_query($query); $date = date('Y m d'); $query = "UPDATE article_content SET date='".$date."' WHERE page='".$page."'"; mysql_query($query); include "header.php"; echo "<h2>Completed</h2>"; echo "Done! Your page has been updated! <a href='pages.php'>Go back to the page editor.</a>"; include "footer.php"; ?> I really dont understand whats going on, if you can help that would be great! thanks in advance Quote Link to comment Share on other sites More sharing options...
ILMV Posted March 5, 2009 Share Posted March 5, 2009 Have you got the code of the form? Quote Link to comment Share on other sites More sharing options...
ScotDiddle Posted March 5, 2009 Share Posted March 5, 2009 eaglelegend, I ran your code through my Zend debugger, and found no syntax errors... It must be that your posted values are not coming in correctly... Before your error handler, add the following: <?php if (!isset($_POST["content"])) { echo "\$_POST[\"content\"] is not set"; } if ($_POST["content"] == NULL) { echo "\$_POST[\"content\"] is null"; } if (!isset($_POST["title"])) { echo "\$_POST[\"title\"] is not set"; } if ($_POST["title"] == NULL) { echo "\$_POST[\"title\"] is null"; } foreach ($_POST as $IDX => $postedItem) { echo "\$IDX :: $IDX :: || \$postedItem :: $postedItem ::" . "<br /> <br /> \n"; } exit; //Make sure input isn't blank if ($title == "" or $content == ""){ ... ... ?> and review the results. Scot L. Diddle, Richmond VA Quote Link to comment Share on other sites More sharing options...
eaglelegend Posted March 5, 2009 Author Share Posted March 5, 2009 this is where the form is located on this form - pages.php <?php session_start(); include ("../inc/config.php"); if(isset($_SESSION['password'])){ if ($_SESSION['password'] != $apass){ session_destroy(); die ("Hacking Attempt!"); } } else { die("Hacking Attempt!"); } //Let's output the website listing //First connect to the DB $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ("Cannot Connect to Database"); mysql_select_db($dbname); //Now we can get the page $page = $_GET['page']; $page = preg_replace("/[^a-zA-Z0-9s]/", "", $page); if($page == "" or $page == NULL){ include "header.php"; echo " <h2>Editting Pages (LIST)</h2> <p><u><strong>Please choose a page to edit the content:</strong></u></p> <p><a href='pages.php?page=index'>Index Page</a><br> <a href='pages.php?page=tos'>Terms of Service Page</a><br> <a href='pages.php?page=extra'>Extra Page</a></p> "; include "footer.php"; } else if($page == "index" || $page == "tos" || $page == "extra"){ // We are editing a page $query = "SELECT * FROM article_content WHERE page = '".$page."'"; $result = mysql_query($query); $num = mysql_numrows($result); //Loop out code $i=0; while ($i < 1) { $article_title=mysql_result($result,$i,"title"); $article_date=mysql_result($result,$i,"date"); $article_content=mysql_result($result,$i,"content"); $i++; } $article_title = stripslashes($article_title); $article_content = stripslashes($article_content); include "header.php"; echo " <h2>Edit Page (".$page.")</h2> <p><u><strong>Page Editor:</strong></u></p> <p><strong>You are editing page: ".$page."</strong> (<a href='pages.php'>Change Page</a>) </p> <form name='form1' method='post' action='modifypage.php'> <p><u>Page Title:</u></p> <p> <input name='title' type='text' id='title' value='".$article_title."'> </p> <p><u>Page Content:</u></p> <p>"; ?> <script type="text/javascript" src="tiny_mce/tiny_mce.js"></script> <script type="text/javascript"> tinyMCE.init({ // General options mode : "textareas", theme : "advanced", plugins : "safari,spellchecker,pagebreak,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template,imagemanager,filemanager", // Theme options theme_advanced_buttons1 : "bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,|fontselect,fontsizeselect,|,forecolor,backcolor", theme_advanced_buttons2 : "search,replace,|,bullist,numlist,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview", theme_advanced_buttons3 : "moveforward,movebackward,absolute,|,styleprops,spellchecker,|,visualchars,nonbreaking,template,blockquote,pagebreak,|,insertfile,insertimage,|,hr,|,sub,sup,|,charmap,emotions,advhr,|,ltr,rtl", theme_advanced_toolbar_location : "top", theme_advanced_toolbar_align : "left", theme_advanced_statusbar_location : "bottom", theme_advanced_resizing : true, // Drop lists for link/image/media/template dialogs template_external_list_url : "js/template_list.js", external_link_list_url : "js/link_list.js", external_image_list_url : "js/image_list.js", media_external_list_url : "js/media_list.js", }); </script> <textarea width="100%"> <?php echo "$article_content </textarea> <input name='page' type='hidden' id='page' value='".$page."'> </p> <p> <input type='submit' name='Submit' value='Submit'> </p> </form> <p>You can use BBCODE in the editor. </p> "; include "footer.php"; } else { die("You did not enter in a valid page. Please go back and try again."); } ?> Quote Link to comment Share on other sites More sharing options...
George Botley Posted March 5, 2009 Share Posted March 5, 2009 Very unusal.... You could try using an empty query instead of the simple if to check if they are blank. Try changing this.... //Make sure input isn't blank if ($title == "" or $content == ""){ include "header.php"; echo "<h2>Error</h2>"; echo "Your title or content is blank. This is not allowed. Please <a href='pages.php?page=".$page."'>go back</a> and correct this."; include "footer.php"; die(); } To this... //Make sure input isn't blank if (empty($title) || empty($content)) { include "header.php"; echo "<h2>Error</h2>"; echo "Your title or content is blank. This is not allowed. Please <a href='pages.php?page=".$page."'>go back</a> and correct this."; include "footer.php"; die(); } That might solve the error.. Sometimes does for me.. Although I would recommend using the empty querys. Quote Link to comment Share on other sites More sharing options...
kickstart Posted March 5, 2009 Share Posted March 5, 2009 Hi Presume the textarea should have a name and it should be "content". Also you are missing the end php escape from the line <?php echo "$article_content All the best Keith Quote Link to comment Share on other sites More sharing options...
eaglelegend Posted March 5, 2009 Author Share Posted March 5, 2009 george - after your mod same thing came up scot - what did you mean by error handler?, where? Quote Link to comment Share on other sites More sharing options...
George Botley Posted March 5, 2009 Share Posted March 5, 2009 Error Handler... Find: <?php echo "$article_content </textarea> <input name='page' type='hidden' id='page' value='".$page."'> </p> Replace with <?php echo "$article_content"; </textarea> <input name='page' type='hidden' id='page' value='".$page."'> </p> When you echo, print or die and text or html you need to close it with a " or ' and then the trailing semi-colon. Hope that helps Quote Link to comment Share on other sites More sharing options...
George Botley Posted March 5, 2009 Share Posted March 5, 2009 Actually.... Add the " to that edit but don't add a trailing ; I just realised there was more below. wait a second... I will try and create another fix. Quote Link to comment Share on other sites More sharing options...
George Botley Posted March 5, 2009 Share Posted March 5, 2009 Now looking at it... I can't see why that $article_content would cause a problem. Sorry for my stupidity there. Quote Link to comment Share on other sites More sharing options...
kickstart Posted March 5, 2009 Share Posted March 5, 2009 Hi Try this. Changes all at the bottom. <?php session_start(); include ("../inc/config.php"); if(isset($_SESSION['password'])){ if ($_SESSION['password'] != $apass){ session_destroy(); die ("Hacking Attempt!"); } } else { die("Hacking Attempt!"); } //Let's output the website listing //First connect to the DB $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ("Cannot Connect to Database"); mysql_select_db($dbname); //Now we can get the page $page = $_GET['page']; $page = preg_replace("/[^a-zA-Z0-9s]/", "", $page); if($page == "" or $page == NULL){ include "header.php"; echo " <h2>Editting Pages (LIST)</h2> <p><u><strong>Please choose a page to edit the content:</strong></u></p> <p><a href='pages.php?page=index'>Index Page</a><br> <a href='pages.php?page=tos'>Terms of Service Page</a><br> <a href='pages.php?page=extra'>Extra Page</a></p> "; include "footer.php"; } else if($page == "index" || $page == "tos" || $page == "extra"){ // We are editing a page $query = "SELECT * FROM article_content WHERE page = '".$page."'"; $result = mysql_query($query); $num = mysql_numrows($result); //Loop out code $i=0; while ($i < 1) { $article_title=mysql_result($result,$i,"title"); $article_date=mysql_result($result,$i,"date"); $article_content=mysql_result($result,$i,"content"); $i++; } $article_title = stripslashes($article_title); $article_content = stripslashes($article_content); include "header.php"; echo " <h2>Edit Page (".$page.")</h2> <p><u><strong>Page Editor:</strong></u></p> <p><strong>You are editing page: ".$page."</strong> (<a href='pages.php'>Change Page</a>) </p> <form name='form1' method='post' action='modifypage.php'> <p><u>Page Title:</u></p> <p> <input name='title' type='text' id='title' value='".$article_title."'> </p> <p><u>Page Content:</u></p> <p>"; ?> <script type="text/javascript" src="tiny_mce/tiny_mce.js"></script> <script type="text/javascript"> tinyMCE.init({ // General options mode : "textareas", theme : "advanced", plugins : "safari,spellchecker,pagebreak,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template,imagemanager,filemanager", // Theme options theme_advanced_buttons1 : "bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,|fontselect,fontsizeselect,|,forecolor,backcolor", theme_advanced_buttons2 : "search,replace,|,bullist,numlist,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview", theme_advanced_buttons3 : "moveforward,movebackward,absolute,|,styleprops,spellchecker,|,visualchars,nonbreaking,template,blockquote,pagebreak,|,insertfile,insertimage,|,hr,|,sub,sup,|,charmap,emotions,advhr,|,ltr,rtl", theme_advanced_toolbar_location : "top", theme_advanced_toolbar_align : "left", theme_advanced_statusbar_location : "bottom", theme_advanced_resizing : true, // Drop lists for link/image/media/template dialogs template_external_list_url : "js/template_list.js", external_link_list_url : "js/link_list.js", external_image_list_url : "js/image_list.js", media_external_list_url : "js/media_list.js", }); </script> <textarea width="100%" name="content" > <?php echo $article_content ?> </textarea> <input name='page' type='hidden' id='page' value='".$page."'> </p> <p> <input type='submit' name='Submit' value='Submit'> </p> </form> <p>You can use BBCODE in the editor. </p> <?php include "footer.php"; } else { die("You did not enter in a valid page. Please go back and try again."); } ?> Basically give the textarea a name All the best Keith Quote Link to comment Share on other sites More sharing options...
eaglelegend Posted March 5, 2009 Author Share Posted March 5, 2009 Thanks Keith, after entering test into the textbox, it gave me this "Completed Done! Your page has been updated! Go back to the page editor." - thats a good thing, however it hasnt inputted the information to the database Quote Link to comment Share on other sites More sharing options...
kickstart Posted March 5, 2009 Share Posted March 5, 2009 Hi I can't see anything in that script to insert anything to a table (or put out the message you have), hence I suspect the error is in a different script, or something included. All the best Keith Quote Link to comment Share on other sites More sharing options...
eaglelegend Posted March 5, 2009 Author Share Posted March 5, 2009 I believe, the below page (modifypage.php) is the file which sends the information to the database... What I dont understand now is why nothing is going in now :/ <?php session_start(); include ("../inc/config.php"); if(isset($_SESSION['password'])){ if ($_SESSION['password'] != $apass){ session_destroy(); die ("Hacking Attempt!"); } } else { die("Hacking Attempt!"); } //Let's output the website listing //First connect to the DB $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ("Cannot Connect to Database"); mysql_select_db($dbname); //Get the input $page = $_POST["page"]; $title = $_POST["title"]; $content = $_POST["content"]; //Clean our input $page = preg_replace("/[^a-zA-Z0-9s]/", "", $page); $title = mysql_real_escape_string($title); $content = mysql_real_escape_string($content); //Make sure input isn't blank if ($title == "" or $content == ""){ include "header.php"; echo "<h2>Error</h2>"; echo "Your title or content is blank. This is not allowed. Please <a href='pages.php?page=".$page."'>go back</a> and correct this."; include "footer.php"; die(); } $query = "UPDATE article_content SET title='".$title."' WHERE page='".$page."'"; mysql_query($query); $query = "UPDATE article_content SET content='".$content."' WHERE page='".$page."'"; mysql_query($query); $date = date('Y m d'); $query = "UPDATE article_content SET date='".$date."' WHERE page='".$page."'"; mysql_query($query); include "header.php"; echo "<h2>Completed</h2>"; echo "Done! Your page has been updated! <a href='pages.php'>Go back to the page editor.</a>"; include "footer.php"; ?> Quote Link to comment Share on other sites More sharing options...
alphanumetrix Posted March 5, 2009 Share Posted March 5, 2009 You should probably add your form, too. It might not be a PHP error so much as an error in variables between the form and script. In the meantime, you should probably change this line to what's below: if ( empty($title) || empty($content) ){ it's more proper that way. Quote Link to comment Share on other sites More sharing options...
kickstart Posted March 5, 2009 Share Posted March 5, 2009 I believe, the below page (modifypage.php) is the file which sends the information to the database... What I dont understand now is why nothing is going in now :/ That looks like it. Quick look and all I can suggest is that there are errors in the generated sql. Possibly the page field is numeric, possibly there are some quotes in the passed data. I would be tempted to echo each of the $query SQL statements and then try them in phpmyadmin. You are also using a regular expression to change any character or numeric in $page to nothing. Which (unless $page is something very strange) is probably blanking it out, which is unfortunate as it is the key. All the best Keith Quote Link to comment Share on other sites More sharing options...
eaglelegend Posted March 5, 2009 Author Share Posted March 5, 2009 hmm... I thought pages.php was the form?... Quote Link to comment Share on other sites More sharing options...
kickstart Posted March 5, 2009 Share Posted March 5, 2009 hmm... I thought pages.php was the form?... Hi The original php (prsume that was pages.php) generates the form, but when the form is submitted it calls modifypage.php ( <form name='form1' method='post' action='modifypage.php'>). All the best Keith Quote Link to comment Share on other sites More sharing options...
eaglelegend Posted March 5, 2009 Author Share Posted March 5, 2009 I still don't understand what I must do to fix this issue of getting what I have typed in to go straight into the database... where its supposed to be going... Quote Link to comment Share on other sites More sharing options...
kickstart Posted March 5, 2009 Share Posted March 5, 2009 Hi Echo the variable $query for each update and check the contents. As mentioned above I suspect the issue is that the script has wiped out the key field. All the best Keith Quote Link to comment Share on other sites More sharing options...
eaglelegend Posted March 5, 2009 Author Share Posted March 5, 2009 remind me how do I echo again please? was it echo $article_content and where do I echo it? Quote Link to comment Share on other sites More sharing options...
kickstart Posted March 5, 2009 Share Posted March 5, 2009 Hi Yep, change the bit that does the inserts as follows:- $query = "UPDATE article_content SET title='".$title."' WHERE page='".$page."'"; mysql_query($query); echo "$query <br />"; $query = "UPDATE article_content SET content='".$content."' WHERE page='".$page."'"; mysql_query($query); echo "$query <br />"; $date = date('Y m d'); $query = "UPDATE article_content SET date='".$date."' WHERE page='".$page."'"; mysql_query($query); echo "$query <br />"; exit; Then check what is output (I have put the exit there just to stop execution at that point, just incase anything following it might have managed to hide the echoed details). All the best Keith Quote Link to comment Share on other sites More sharing options...
eaglelegend Posted March 5, 2009 Author Share Posted March 5, 2009 oh right, I just quickly put the echo in the "completed" bit, and I put in the echo bit. and this is what I got - "page page, title Welcome to Eagle Legend!, content: test 123 - testing the content" however I think "page should be index I think... or at least the page im editing Quote Link to comment Share on other sites More sharing options...
eaglelegend Posted March 5, 2009 Author Share Posted March 5, 2009 OK, this is what I got from your test... UPDATE article_content SET title='Welcome to Eagle Legend!' WHERE page='page' UPDATE article_content SET content=' Testing Page ' WHERE page='page' UPDATE article_content SET date='2009 03 05' WHERE page='page' Quote Link to comment Share on other sites More sharing options...
eaglelegend Posted March 5, 2009 Author Share Posted March 5, 2009 So any ideas, was I right about the pages thing? do you know a possible fix for it? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.