Jump to content

[SOLVED] Weird...not updating...

Jakebert

By Jakebert
in PHP Coding Help

 Share

Recommended Posts

Jakebert Member

Jakebert

Posted
Posted

Hi. Another problem for all of you smarties  :shrug:

 

So here's list_comments.php, it lists all the user's comments from the DB:

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Comments</title>
</head>

<body>
<?php

//DB connection
mysql_connect("localhost", "jeidinger_jake", "jak20a") or die(mysql_error());
mysql_select_db("jeidinger_site") or die(mysql_error());

include_once ("auth.php");
include_once ("authconfig.php");
include_once ("check.php");

	if ($check['level'] > 5)
	{

print "<font face='Arial' size='5' color='#FF0000'>";
print "<b>Illegal Access</b>";
print "</font><br>";
print "<font face='Verdana' size='2' color='#000000'>";
print "<b>You do not have permission to view this page.</b></font>";
		exit;	// Stop script execution
	}


$username=$_COOKIE['USERNAME'];

$return = mysql_query("SELECT * FROM stored_comments WHERE user_id='$username'") or die(mysql_error());

echo'<table width="60%" border="1" cellspacing="0" cellpadding="0" bordercolor="#000000">
  <tr> 
    <td height="22" colspan="2" bgcolor="#CCCC00"> 
      <div align="center"><b><font face="Arial, Helvetica, sans-serif" size="3">Comments</font></b></div>
    </td>
  </tr>';



   while($row = mysql_fetch_array($return))
{
echo '<form action="edit_comment.php" method="post">';
echo'<tr valign="top"> 
    <td width="16%" bgcolor="#CCCCCC"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"> ';

$student=$row['student_id'];
echo $student;


echo '<td width="84%"><font face="Verdana, Arial, Helvetica, sans-serif" size="2">';

$comment=$row['stored_comment'];
echo $comment;



echo '<input type="hidden" name="comment_id" value="'.$row['comment_id'].'" />
<input type="hidden" name="comment" value="'.$row['stored_comment'].'" />
<input type="hidden" name="student" value="'.$row['student_id'].'" />';

echo '</font></td>';

echo '<td><font face="Verdana, Arial, Helvetica, sans-serif" size="2">';
echo '<input type="submit" name="submit" value="Edit" />';
echo '</font></td></tr>';
echo '</form>';

}

echo'</table>';

?>

<h5><a href=/members/index.php>Back to Swim Zone</a></h5>
  </body>
</html>
 

 

When you click the EDIT button next to a comment, it takes you to edit_comment.php, where the user can edit the comment and save it back to the DB.

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Comments</title>
</head>

<body>
<?php

//DB connection
mysql_connect("localhost", "jeidinger_jake", "jak20a") or die(mysql_error());
mysql_select_db("jeidinger_site") or die(mysql_error());

include_once ("auth.php");
include_once ("authconfig.php");
include_once ("check.php");

	if ($check['level'] > 5)
	{

print "<font face='Arial' size='5' color='#FF0000'>";
print "<b>Illegal Access</b>";
print "</font><br>";
print "<font face='Verdana' size='2' color='#000000'>";
print "<b>You do not have permission to view this page.</b></font>";
		exit;	// Stop script execution
	}
$username=$_COOKIE['USERNAME'];

if(isset($_POST['submit2']))
{

$newcomment=$_POST['new_comment'];
$commentid=$_POST['commentid'];

$query = mysql_query("UPDATE stored_comments SET stored_comment='$newcomment' WHERE comment_id='$commentid'") or die(mysql_error());

echo '<h2> Comment Edited </h2>
<h4><a href=list_comments.php>Return to List Comments</a><br /><br />
<a href=/members/index.php>Return to Swim Zone</a></h4>';	
}
else
{

echo '<h2>Comment Editor</h2>
<h5>Comment ID:</h5>';
echo $_POST['comment_id'];

echo '<br /><br /> <h5>Student Name:</h5>';

echo $_POST['student']; ?>

<form action= <?php echo $_SERVER['PHP_SELF']; ?> method="post">
<textarea name="new_comment" cols="100" rows="15">
<?php
echo $_POST['comment'];
echo'</textarea>';
echo'<input type="hidden" name="commentid" value="$_POST[comment_id]" />';
echo'
<br /><br />
<input type="submit" name="submit2" value="Edit!" />
</form>';

}

?>
</body>
</html>

 

No errors, but when I save it, no changes are made to the DB. Why is this?

Link to comment
Share on other sites
Amtran Newbie

Amtran

Posted
Posted 

   <form action= <?php echo $_SERVER['PHP_SELF']; ?> method="post">
   <textarea name="new_comment" cols="100" rows="15">

 

Needs to be...

 

   <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
   <textarea name="new_comment" cols="100" rows="15">

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Also, if you do a "view source" of the edit form in your browser, you will find that in the following line, $_POST[comment_id] did not get replaced with the actual value because the overall string is using single-quotes and variables are not parsed when in a single-quoted string -

   echo'<input type="hidden" name="commentid" value="$_POST[comment_id]" />';

Link to comment
Share on other sites
Jakebert Member

Jakebert

Posted
  • Author
Posted

Hmmm.... pretty such I fixed both of those problems, the comment_id is parsing fine (at least it's echoing on the edit page) but the changes still aren't registering in the DB. The code hasn't changed apart from the two minor changes already noted.

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

You need to change your code so that the UPDATE query string is being built in a variable (then just put that variable into the mysql_query() statement) so that you can echo out the actual query after it has been populated with the variables so that you can see exactly what it contains.

 

Your code produced the expected query when I tried it, however I faked the values from the database. It might be that your actual values contain something that is preventing them from working after they have been passed through two different forms...

 

You also need to use mysql_real_escape_string() on each piece of string data being put into every query to prevent any special characters in the data from breaking the syntax of the query and to help prevent sql injection.

Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

Try that please......

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Comments</title>
</head>

<body>
<?php

//DB connection
$db=mysql_connect("localhost", "jeidinger_jake", "jak20a") or die(mysql_error());
$res=mysql_select_db("jeidinger_site",$db) or die(mysql_error());

include_once ("auth.php");

include_once ("authconfig.php");

include_once ("check.php");

      if ($check['level'] > 5)
      {
         
print "<font face='Arial' size='5' color='#FF0000'>";
print "<b>Illegal Access</b>";
print "</font><br>";
print "<font face='Verdana' size='2' color='#000000'>";
print "<b>You do not have permission to view this page.</b></font>";
         exit;   // Stop script execution
      }
      
$username=$_COOKIE['USERNAME'];

if(isset($_POST['submit2']))
{
   
$newcomment=mysql_real_escape_string($_POST['new_comment']);
$commentid=mysql_real_escape_string($_POST['commentid']);

$sql= "UPDATE stored_comments SET stored_comment='$newcomment' WHERE comment_id='$commentid'";

$res1=mysql_query($sql) or die(mysql_error());
   
echo "<h2> Comment Edited </h2>
<h4><a href='list_comments.php'>Return to List Comments</a><br /><br />
<a href=/members/index.php>Return to Swim Zone</a></h4>";   
   }
else
{
   
echo "<h2>Comment Editor</h2>
<h5>Comment ID:</h5>";

echo $_POST['comment_id'];

echo "<br /><br /> <h5>Student Name:</h5>";

   echo $_POST['student']; ?>

   <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
   <textarea name="new_comment" cols="100" rows="15">
<?php
   echo $_POST['comment'];
   echo"</textarea>";
   echo"<input type='hidden' name='commentid' value='{$_POST['comment_id']}' />";
   echo"
<br /><br />
<input type='submit' name='submit2' value='Edit!' />
   </form>";
   
   }

?>
</body>
</html>

 

solved dam i was getting there lol

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.