daebat Posted October 5, 2009 Share Posted October 5, 2009 I am learning PHP and decided to build a really simple CMS from scratch for my company. The CMS simply lets a user log in and fill out and submit a form. I have successfully gotten the log in system to work but now I can't seem to get the form to submit into the database. Here is my code: <? include("../include/session.php"); ?> <?php if ($submit) { $sql = "UPDATE productimages SET title='$title', upjpg='$upjpg', uptiff='$uptiff', uppng='$uppng', chungshi='$chungshi', stretchwalker='$stretch_walker', akaishi='$akaishi', bellamargiano='$bellamargiano', mbt='$mbt', upthumb='$upthumb' where id ='$id'"; $result = mysql_query($sql) or die(mysql_error()); print("Product Added"); } else { $result = mysql_query("SELECT * FROM productimages WHERE id = '$id'"); while ($row=mysql_fetch_array($result)) { $id = $row[id]; $uptiff = $row[uptiff]; $upjpg = $row[upjpg]; $uppng = $row[uppng]; $chungshi = $row[chungshi]; $stretchwalker = $row[stretchwalker]; $akaishi = $row[akaishi]; $bellamargiano = $row[bellamargiano]; $mbt = $row[mbt]; $upthumb = $row[upthumb]; } print (" <form method=post action=../main.php> Product Title:<br> <input type=text name=title size=60><br><br> Choose Categories that this story is relevant to:<br> <input type=checkbox name=chungshi value=1> Chung Shi<br> <input type=checkbox name=stretchwalker value=1> Stretchwalker<br> <input type=checkbox name=akaishi value=1> Akaishi<br> <input type=checkbox name=bellamargiano value=1> Bellamargiano<br> <input type=checkbox name=mbt value=1> MBT<br><br> <table width=500 cellpadding=0 cellspacing=0> <tr><td colspan=2 class=top><strong>Images</strong></td></tr> <tr><td>Upload JPG</td><td><br><input type=file name=upjpg></td></tr> <tr><td colspan=2 class=top> </td></tr> <tr><td>Upload TIFF</td><td><br><input type=file name=uptiff> </td></tr> <tr><td colspan=2 class=top> </td></tr> <tr><td>Upload PNG</td><td><br><input type=file name=uppng> </td></tr> <tr><td colspan=2 class=top> </td></tr> <tr><td>Upload Thumbnail</td><td><br><input type=file name=upthumb> </td></tr> </table> <br> <input type=submit name=submit value=submit><br> <br> </form> "); } ?> EDIT: Should main.php have some sort of special code? I have a feeling that the form action has something to do with this problem. Quote Link to comment Share on other sites More sharing options...
cags Posted October 5, 2009 Share Posted October 5, 2009 Firstly yes, you need to give the form an action. Post sounds most appropriate for this job. So add action="post" as an attribute to your form node. Secondly, you don't appear to set any of your variables anywhere ($submit, $title, $upjpg, etc.) since these are the names of items on the form I'm assuming these should all be $_POST['submit'], $_POST['title'], etc. Quote Link to comment Share on other sites More sharing options...
daebat Posted October 6, 2009 Author Share Posted October 6, 2009 So then how would I declare the variables? Can you edit my code above to show me what you mean? Thanks for all the help. Quote Link to comment Share on other sites More sharing options...
cags Posted October 6, 2009 Share Posted October 6, 2009 No, I will not write your code for you. To fetch variables that have been submitted by a form with the method of post you would do... // if <input type="text" name="username" /> and you want to access the username, you use $_POST['username'] Quote Link to comment Share on other sites More sharing options...
daebat Posted October 6, 2009 Author Share Posted October 6, 2009 what a dick Quote Link to comment Share on other sites More sharing options...
daebat Posted October 6, 2009 Author Share Posted October 6, 2009 I can't seem to get this form to submit to my database: <? include("../include/session.php"); ?> <?php if ($submit) { $sql = "UPDATE productimages SET title='$title', upjpg='$upjpg', uptiff='$uptiff', uppng='$uppng', chungshi='$chungshi', stretchwalker='$stretch_walker', akaishi='$akaishi', bellamargiano='$bellamargiano', mbt='$mbt', upthumb='$upthumb' where id ='$id'"; $result = mysql_query($sql) or die(mysql_error()); print("Product Added"); } else { $result = mysql_query("SELECT * FROM productimages WHERE id = '$id'"); while ($row=mysql_fetch_array($result)) { $id = $row[id]; $uptiff = $row[uptiff]; $upjpg = $row[upjpg]; $uppng = $row[uppng]; $chungshi = $row[chungshi]; $stretchwalker = $row[stretchwalker]; $akaishi = $row[akaishi]; $bellamargiano = $row[bellamargiano]; $mbt = $row[mbt]; $upthumb = $row[upthumb]; } print (" <form method=post action=post> Product Title:<br> <input type=text name=title size=60><br><br> Choose Categories that this story is relevant to:<br> <input type=checkbox name=chungshi value=1> Chung Shi<br> <input type=checkbox name=stretchwalker value=1> Stretchwalker<br> <input type=checkbox name=akaishi value=1> Akaishi<br> <input type=checkbox name=bellamargiano value=1> Bellamargiano<br> <input type=checkbox name=mbt value=1> MBT<br><br> <table width=500 cellpadding=0 cellspacing=0> <tr><td colspan=2 class=top><strong>Images</strong></td></tr> <tr><td>Upload JPG</td><td><br><input type=file name=upjpg></td></tr> <tr><td colspan=2 class=top> </td></tr> <tr><td>Upload TIFF</td><td><br><input type=file name=uptiff> </td></tr> <tr><td colspan=2 class=top> </td></tr> <tr><td>Upload PNG</td><td><br><input type=file name=uppng> </td></tr> <tr><td colspan=2 class=top> </td></tr> <tr><td>Upload Thumbnail</td><td><br><input type=file name=upthumb> </td></tr> </table> <br> <input type=submit name=submit value=submit><br> <br> </form> "); } ?> Quote Link to comment Share on other sites More sharing options...
cags Posted October 6, 2009 Share Posted October 6, 2009 I'm a dick because I won't write your code for you? Fair enough. Quote Link to comment Share on other sites More sharing options...
daebat Posted October 6, 2009 Author Share Posted October 6, 2009 dude this is a help forum. i obviously don't know what I'm doing and am trying to learn. if somebody doesn't know english and says I want to know how to ask a question, you don't just say "you need to put a question mark in there" and hope they know what to do. Quote Link to comment Share on other sites More sharing options...
kickstart Posted October 6, 2009 Share Posted October 6, 2009 You have already been given the answer here:- http://www.phpfreaks.com/forums/index.php/topic,271720.msg1283161.htm Looks like your original coding was front an old php script and relies on register globals being set on:- http://www.php.net/manual/en/security.globals.php Quote Link to comment Share on other sites More sharing options...
cags Posted October 6, 2009 Share Posted October 6, 2009 I understand it's a learning forum, which is why I explained how to solve your problem. If I do it for you then you will have a piece of code that works, but you will have learnt exactly f*ck all and will likely have the same problem the next time you come across a similar situation. The fact is if you don't understand the example you could have asked for clarification but instead you called me a dick. Very mature. If you wish to build a garden wall it's ok to ask somebody how to build a wall, but don't expect them to built it for you. Quote Link to comment Share on other sites More sharing options...
daebat Posted October 6, 2009 Author Share Posted October 6, 2009 ... thanks for all the help php freaks. Quote Link to comment Share on other sites More sharing options...
kickstart Posted October 6, 2009 Share Posted October 6, 2009 Hi OK, from the basics. When you have an HTML page with a form on it with various input fields, submitting the form sends the contents of those fields on to a page mentioned in the form. In this case you have a form sending those fields to the script you have pasted above. There are 2 ways for the fields to be sent. Either GET (ie, you land up with them on the end of the URL, something like http://www.somesite.com/somescript.php?somefield=fred) or POST(where they are not visible in the URL). Php used to ship by default with a setting for register globals such that any field (GET or POST) would become a variable in the script by default. So if you had a field in your form called fred then your php script would land up with a fields called $fred which contained the contents of the form field called fred. This is very unsafe security wise, and the default was changed. You script was probably written before this change. When a php script is fired off the variables passed to it are put into arrays. If they are sent to the script with the GET method then they land up in an array called $_GET. So a form field called fred would land up in $_GET['fred']. If they are sent to the script with the POST method then they land up in an array called $_POST. So a form field called fred would land up in $_POST['fred']. Both are also put into an array called $_REQUEST, so $_REQUEST['fred'] would contain the contents of the form field called fred, irrespective of whether the form was submitted with the GET or POST method. Hence to set up you SQL you would want something like:- $sql = "UPDATE productimages SET title='".$_POST['title']."', upjpg='".$_POST['upjpg']."', uptiff='".$_POST['uptiff']."', uppng='".$_POST['uppng']."', chungshi='".$_POST['chungshi']."', stretchwalker='".$_POST['stretch_walker']."', akaishi='".$_POST['akaishi']."', bellamargiano='".$_POST['bellamargiano']."', mbt='".$_POST['mbt']."', upthumb='".$_POST['upthumb']."' where id ='".$_POST['id']."'"; However you should never really trust user input directly (google for SQL injection for details of why). To help prevent malicious code being entered in a form field and causing problems you use the function mysql_real_escape_string on the $_POST fields when you use them in a piece of SQL, so where id ='".$_POST['id']."'" would become where id ='".mysql_real_escape_string($_POST['id'])."'". Keith Quote Link to comment Share on other sites More sharing options...
daebat Posted October 6, 2009 Author Share Posted October 6, 2009 Wow, thanks Kieth. I am still having some problems but I think I am beginning to understand what I'm doing wrong. So I'm going to post: <? include("../include/session.php"); ?> <?php if ($submit) { $sql = "UPDATE productimages SET title='".$_POST['title']."', upjpg='".$_POST['upjpg']."', uptiff='".$_POST['uptiff']."', uppng='".$_POST['uppng']."', chungshi='".$_POST['chungshi']."', stretchwalker='".$_POST['stretch_walker']."', akaishi='".$_POST['akaishi']."', bellamargiano='".$_POST['bellamargiano']."', mbt='".$_POST['mbt']."', upthumb='".$_POST['upthumb']."' where id ='".mysql_real_escape_string($_POST['id'])."'"; $result = mysql_query($sql) or die(mysql_error()); print("Product Added"); } else { $result = mysql_query("SELECT * FROM productimages WHERE id = '$id'"); while ($row=mysql_fetch_array($result)) { $id = $row[id]; $uptiff = $row[uptiff]; $upjpg = $row[upjpg]; $uppng = $row[uppng]; $chungshi = $row[chungshi]; $stretchwalker = $row[stretchwalker]; $akaishi = $row[akaishi]; $bellamargiano = $row[bellamargiano]; $mbt = $row[mbt]; $upthumb = $row[upthumb]; } print (" <form method=post action=productimages2.php> Product Title:<br> <input type=text name=title size=60><br><br> Choose Categories that this story is relevant to:<br> <input type=checkbox name=chungshi value=1> Chung Shi<br> <input type=checkbox name=stretchwalker value=1> Stretchwalker<br> <input type=checkbox name=akaishi value=1> Akaishi<br> <input type=checkbox name=bellamargiano value=1> Bellamargiano<br> <input type=checkbox name=mbt value=1> MBT<br><br> <table width=500 cellpadding=0 cellspacing=0> <tr><td colspan=2 class=top><strong>Images</strong></td></tr> <tr><td>Upload JPG</td><td><br><input type=file name=upjpg></td></tr> <tr><td colspan=2 class=top> </td></tr> <tr><td>Upload TIFF</td><td><br><input type=file name=uptiff> </td></tr> <tr><td colspan=2 class=top> </td></tr> <tr><td>Upload PNG</td><td><br><input type=file name=uppng> </td></tr> <tr><td colspan=2 class=top> </td></tr> <tr><td>Upload Thumbnail</td><td><br><input type=file name=upthumb> </td></tr> </table> <br> <input type=submit name=submit value=submit><br> <br> </form> "); } ?> and productimages2.php should be (I took this from W3 schools so I'm not sure how right it is): <?php $con = mysql_connect("localhost", "user", "pass"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("databasename", $con); mysql_query("insert into productimages ('$_POST[title]', '$_POST[chungshi]', '$_POST[stretchwalker]', '$_POST[akaishi]', '$_POST[bellamargiano]', '$_POST[mbt]', '$_POST[upjpg]', '$_POST[uptiff]', '$_POST[uppng]', '$_POST[upthumb]')") or die(mysql_error()); echo "The following information was entered into the database<br><br><br>"; echo "<b>Title:</b> $_POST[title]<br>"; echo "Thanks for taking the time to submit your information."; mysql_close($con); ?> My error is You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''asdfaf', '', '', '', '', '1', '', '', '', '')' at line 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.