Jump to content

Recommended Posts

Hi. Another problem for all of you smarties  :shrug:

 

So here's list_comments.php, it lists all the user's comments from the DB:

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Comments</title>
</head>

<body>
<?php

//DB connection
mysql_connect("localhost", "jeidinger_jake", "jak20a") or die(mysql_error());
mysql_select_db("jeidinger_site") or die(mysql_error());

include_once ("auth.php");
include_once ("authconfig.php");
include_once ("check.php");

	if ($check['level'] > 5)
	{

print "<font face='Arial' size='5' color='#FF0000'>";
print "<b>Illegal Access</b>";
print "</font><br>";
print "<font face='Verdana' size='2' color='#000000'>";
print "<b>You do not have permission to view this page.</b></font>";
		exit;	// Stop script execution
	}


$username=$_COOKIE['USERNAME'];

$return = mysql_query("SELECT * FROM stored_comments WHERE user_id='$username'") or die(mysql_error());

echo'<table width="60%" border="1" cellspacing="0" cellpadding="0" bordercolor="#000000">
  <tr> 
    <td height="22" colspan="2" bgcolor="#CCCC00"> 
      <div align="center"><b><font face="Arial, Helvetica, sans-serif" size="3">Comments</font></b></div>
    </td>
  </tr>';



   while($row = mysql_fetch_array($return))
{
echo '<form action="edit_comment.php" method="post">';
echo'<tr valign="top"> 
    <td width="16%" bgcolor="#CCCCCC"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="2"> ';

$student=$row['student_id'];
echo $student;


echo '<td width="84%"><font face="Verdana, Arial, Helvetica, sans-serif" size="2">';

$comment=$row['stored_comment'];
echo $comment;



echo '<input type="hidden" name="comment_id" value="'.$row['comment_id'].'" />
<input type="hidden" name="comment" value="'.$row['stored_comment'].'" />
<input type="hidden" name="student" value="'.$row['student_id'].'" />';

echo '</font></td>';

echo '<td><font face="Verdana, Arial, Helvetica, sans-serif" size="2">';
echo '<input type="submit" name="submit" value="Edit" />';
echo '</font></td></tr>';
echo '</form>';

}

echo'</table>';

?>

<h5><a href=/members/index.php>Back to Swim Zone</a></h5>
  </body>
</html>
   

 

When you click the EDIT button next to a comment, it takes you to edit_comment.php, where the user can edit the comment and save it back to the DB.

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Comments</title>
</head>

<body>
<?php

//DB connection
mysql_connect("localhost", "jeidinger_jake", "jak20a") or die(mysql_error());
mysql_select_db("jeidinger_site") or die(mysql_error());

include_once ("auth.php");
include_once ("authconfig.php");
include_once ("check.php");

	if ($check['level'] > 5)
	{

print "<font face='Arial' size='5' color='#FF0000'>";
print "<b>Illegal Access</b>";
print "</font><br>";
print "<font face='Verdana' size='2' color='#000000'>";
print "<b>You do not have permission to view this page.</b></font>";
		exit;	// Stop script execution
	}
$username=$_COOKIE['USERNAME'];

if(isset($_POST['submit2']))
{

$newcomment=$_POST['new_comment'];
$commentid=$_POST['commentid'];

$query = mysql_query("UPDATE stored_comments SET stored_comment='$newcomment' WHERE comment_id='$commentid'") or die(mysql_error());

echo '<h2> Comment Edited </h2>
<h4><a href=list_comments.php>Return to List Comments</a><br /><br />
<a href=/members/index.php>Return to Swim Zone</a></h4>';	
}
else
{

echo '<h2>Comment Editor</h2>
<h5>Comment ID:</h5>';
echo $_POST['comment_id'];

echo '<br /><br /> <h5>Student Name:</h5>';

echo $_POST['student']; ?>

<form action= <?php echo $_SERVER['PHP_SELF']; ?> method="post">
<textarea name="new_comment" cols="100" rows="15">
<?php
echo $_POST['comment'];
echo'</textarea>';
echo'<input type="hidden" name="commentid" value="$_POST[comment_id]" />';
echo'
<br /><br />
<input type="submit" name="submit2" value="Edit!" />
</form>';

}

?>
</body>
</html>

 

No errors, but when I save it, no changes are made to the DB. Why is this?

Link to comment
https://forums.phpfreaks.com/topic/176351-solved-weirdnot-updating/
Share on other sites

Also, if you do a "view source" of the edit form in your browser, you will find that in the following line, $_POST[comment_id] did not get replaced with the actual value because the overall string is using single-quotes and variables are not parsed when in a single-quoted string -

   echo'<input type="hidden" name="commentid" value="$_POST[comment_id]" />';

You need to change your code so that the UPDATE query string is being built in a variable (then just put that variable into the mysql_query() statement) so that you can echo out the actual query after it has been populated with the variables so that you can see exactly what it contains.

 

Your code produced the expected query when I tried it, however I faked the values from the database. It might be that your actual values contain something that is preventing them from working after they have been passed through two different forms...

 

You also need to use mysql_real_escape_string() on each piece of string data being put into every query to prevent any special characters in the data from breaking the syntax of the query and to help prevent sql injection.

Try that please......

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Comments</title>
</head>

<body>
<?php

//DB connection
$db=mysql_connect("localhost", "jeidinger_jake", "jak20a") or die(mysql_error());
$res=mysql_select_db("jeidinger_site",$db) or die(mysql_error());

include_once ("auth.php");

include_once ("authconfig.php");

include_once ("check.php");

      if ($check['level'] > 5)
      {
         
print "<font face='Arial' size='5' color='#FF0000'>";
print "<b>Illegal Access</b>";
print "</font><br>";
print "<font face='Verdana' size='2' color='#000000'>";
print "<b>You do not have permission to view this page.</b></font>";
         exit;   // Stop script execution
      }
      
$username=$_COOKIE['USERNAME'];

if(isset($_POST['submit2']))
{
   
$newcomment=mysql_real_escape_string($_POST['new_comment']);
$commentid=mysql_real_escape_string($_POST['commentid']);

$sql= "UPDATE stored_comments SET stored_comment='$newcomment' WHERE comment_id='$commentid'";

$res1=mysql_query($sql) or die(mysql_error());
   
echo "<h2> Comment Edited </h2>
<h4><a href='list_comments.php'>Return to List Comments</a><br /><br />
<a href=/members/index.php>Return to Swim Zone</a></h4>";   
   }
else
{
   
echo "<h2>Comment Editor</h2>
<h5>Comment ID:</h5>";

echo $_POST['comment_id'];

echo "<br /><br /> <h5>Student Name:</h5>";

   echo $_POST['student']; ?>

   <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
   <textarea name="new_comment" cols="100" rows="15">
<?php
   echo $_POST['comment'];
   echo"</textarea>";
   echo"<input type='hidden' name='commentid' value='{$_POST['comment_id']}' />";
   echo"
<br /><br />
<input type='submit' name='submit2' value='Edit!' />
   </form>";
   
   }

?>
</body>
</html>

 

solved dam i was getting there lol

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.