Jump to content

[SOLVED] Help With editting and deleting form

netpumber

By netpumber
in PHP Coding Help

 Share

Recommended Posts

seanlim Newbie

seanlim

Posted
Posted

Use mysql_real_escape_string on all the inputs for the mysql_query.

 

$queryb = "UPDATE misc_entries SET title='".mysql_real_escape_string($_POST['title'])."'...

 

Also the link become like this :

 

.php?title=test&entry=test+a+b+c&edit_misc=Save&id=13

 

which link becomes like this?

 

 

Link to comment
Share on other sites
netpumber Member

netpumber

Posted
  • Author
Posted

So look. In the page edmp.php i have two forms that you can edit two different tables.

1st edit_projects form and 2nd misc_projects form. For the first form this code works perfectly. I mean that you can edit the table.

 

The problem is in the second form that doesn't execute the script in the action= and i don't know why... I can't imagine anything. I thought that occurs because there are two form in the same page but i don't know any more... i try to change these two forms and nothing happens... Have you ever had a problem like this ?

Link to comment
Share on other sites
seanlim Newbie

seanlim

Posted
Posted

Nope. Which page/script is your form posting to then? Try putting a die()/exit() statement or any output before "<?php" at the start of editm.php to make sure that the script is being called.

 

when you say "i try to change these two forms and nothing happens", do you mean that there are no noticeable changes when you alter you form? are you sure you are editing/saving to the right file?

 

The only other reason i can think of is that your form is posting to the wrong script, either because the form's action is set wrong, or because of a server setting.

Link to comment
Share on other sites
netpumber Member

netpumber

Posted
  • Author
Posted

Lets make them clearly...

 

File edmp.php [means edit main page] It has two forms :

 

1st Form for editing a table called site_entries

 

here is the code :

 

<?php

if(isset($_GET['action']) && $_GET['action']=="edit"){
        $q = mysql_query("SELECT title,entry FROM site_entries WHERE id='".mysql_real_escape_string($_GET['id'])."'");
        $row = mysql_fetch_array($q);


print "
<br>
<table align=\"center\"><td>
<form method=\"post\" name=\"edit_projects\" action=\"editp.php\" >
<font face=\"Lucida Console, Courier New, Fixed\" size=2 color=\"#FFF380\" >\$title :</font>
<br>
<input style=\"background:#B0D2D7\" type=\"text\" name=\"title\" size=\"38\" value=\"".htmlentities($row['title'])."\">
<br><br>
<font face=\"Lucida Console, Courier New, Fixed\" size=2 color=\"#FFF380\">\$text:</font>
<br>
<textarea style=\"background:#B0D2D7\" rows=\"10\" name=\"entry\" cols=\"48\" >{$row['entry']}</textarea>
<br>
<p align=\"left\"><INPUT type=\"submit\" name=\"edit_projects\" value=\"Save\"></p>
<input type=\"hidden\" name=\"id\" value=\"".$_GET['id']."\">
</form>
</td>
</table>
";
}
?>

 

As you can see action=\"editp.php\"

 

Here is the code for editp.php:

 

<?php
session_start();
if ($_SESSION['authorized'] != true)
{
    header("Location: login_form.php");
    exit;
}
?>


<?php

// [start] Save changes for projects
ini_set ('display_errors',1);
error_reporting (E_ALL);

if (isset ($_POST['edit_projects'])){
        if ($dbc = @mysql_connect('localhost','user','p@ss'))
                {
                        if (!@mysql_select_db ('web_site'))
                        {
                                die('<p> Could not select the database brcause:<b>'. mysql_error() .'</b></p>');
                        }
                }else{
                        die('<p>Could not connect to MYSQL because:<b>' . mysql_error() . '</b></p>');
                        }


$query = "UPDATE site_entries SET title='{$_POST['title']}',entry='{$_POST['entry']}' WHERE id={$_POST['id']}";


if (@mysql_query ($query)){
                        echo "<meta http-equiv='refresh' content='0;URL=edmp.php'>";
                        }else{
                        print"<p>Could not add the entry because:<b>" .mysql_error() . "</b>. The query was $query.</p>";
                }

mysql_close();
}



?>

 

^ This one works FINE !!!

 

Ok now... the other one form of the edmp.php is for editing a table called misc_entries and here is the code:

 

<?php


if(isset($_GET['actionm']) && $_GET['actionm']=="edit"){
        $qm = mysql_query("SELECT title,entry FROM misc_entries WHERE id='".mysql_real_escape_string($_GET['id'])."'");
        $row = mysql_fetch_array($qm);
print "
<table align=\"center\"><td>
<form method=\"post\"  action=\"editm.php\" >
<font face=\"Lucida Console, Courier New, Fixed\" size=2 color=\"#FFF380\" >\$title :</font>
<br>
<input style=\"background:#B0D2D7\" type=\"text\" name=\"title\" size=\"38\" value=\"".htmlentities($row['title'])."\">
<br><br>
<font face=\"Lucida Console, Courier New, Fixed\" size=2 color=\"#FFF380\">\$text:</font>
<br>
<textarea style=\"background:#B0D2D7\" rows=\"10\" name=\"entry\" cols=\"48\" >{$row['entry']}</textarea>
<br>
<p align=\"left\"><INPUT type=\"submit\" name=\"edit_misc\" value=\"Save\"></p>
<input type=\"hidden\" name=\"id\" value=\"".$_GET['id']."\">
</form>
</td>
</table>
";
}
?>

 

As you can see action=\"editm.php\" > . The editm.php code is here :

 

<?php
session_start();
if ($_SESSION['authorized'] != true)
{
    header("Location: login_form.php");
    exit;
}
?>


<?php

// [start] Save changes for projects
ini_set ('display_errors',1);
error_reporting (E_ALL);

if (isset ($_POST['edit_misc'])){
        if ($dbc = @mysql_connect('localhost','user','p@ss'))
                {
                        if (!@mysql_select_db ('web_site'))
                        {
                                die('<p> Could not select the database brcause:<b>'. mysql_error() .'</b></p>');
                        }
                }else{
                        die('<p>Could not connect to MYSQL because:<b>' . mysql_error() . '</b></p>');
                        }


$query = "UPDATE misc_entries SET title='".mysql_real_escape_string($_POST['title'])."',entry='".mysql_real_escape_string($_POST['entry'])."' WHERE id={$_POST['id']}";
echo $query;

if (@mysql_query ($query)){
                        echo "<meta http-equiv='refresh' content='0;URL=edmp.php'>";
                        }else{
                        print"<p>Could not add the entry because:<b>" .mysql_error() . "</b>. The query was $query.</p>";
                }

mysql_close();
}



?>

 

 

^ This one doesn't work... I understood that when i press tha Save button the editm.php doesn't executed and the link became

 

edmp.php?title=test&entry=test+test2&edit_misc=Save&id=13

 

When i press the button Save from the first form all works GREAT . The editp.php script executed.

 

 

Thats all my friend...:)

Link to comment
Share on other sites
seanlim Newbie

seanlim

Posted
Posted

It seems that the form is submitting thru GET rather than POST. I've tried running the code and it POSTs fine.

 

Check your HTML by viewing source: check that it is well-formed, method="post", PHP errors are not embedded within the source etc etc. While you are at it, it might be wise to use HTML entities for all your variable outputs, so that they won't interfere with your HTML code.

 

I have a feeling it is a really simple problem somewhere. Try clearing your cache maybe? And do the steps I mentioned in the earlier post about die()/exit(). Check your server access logs to see if the script is redirecting somewhere before it goes to that GET url.

Link to comment
Share on other sites
netpumber Member

netpumber

Posted
  • Author
Posted

Here is the source code of the form :

 

<br>
<table align="center"><td>
<form method="post" name="edit_misc" action="editm.php" >
<font face="Lucida Console, Courier New, Fixed" size=2 color="#FFF380" >$title :</font>
<br>
<input style="background:#B0D2D7" type="text" name="title" size="38" value="test">
<br><br>
<font face="Lucida Console, Courier New, Fixed" size=2 color="#FFF380">$text:</font>
<br>
<textarea style="background:#B0D2D7" rows="10" name="entry" cols="48" >testaaa</textarea>
<br>

<p align="left"><INPUT type="submit" name="edit_misc" value="Save"></p>
<input type="hidden" name="id" value="13">
</form>
</td>
</table>

 

Question 1 :

 

how i will put htmlentities() in textarea ?

 

Question 2 :

 

clearing your cache maybe
What exactly you mean ?

 

 

[x]

 

<?php
session_start();
if ($_SESSION['authorized'] != true)
{
    header("Location: login_form.php");
    exit;
}
die(); <---I add this line in editm.php
?>

 

And here is the access log :P

 

[30/Oct/2009:15:21:30 -0400] "GET /login/edmp.php?action1=edit&id=13 HTTP/1.1" 200 1359 "http://lol.homelinux.net/login/

edmp.php?title=test&entry=testaaa.sghdfh&edit_misc=Save&id=13" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4"

 

I have a feeling it is a really simple problem somewhere

 

I hope so ...:P I can't imagine what the hell is happening...:S

 

Thanks anyway...my friend..:)

 

Link to comment
Share on other sites
seanlim Newbie

seanlim

Posted
Posted

Answer 1: "<textarea>".htmlentities($row['entry'])."</textarea>";

 

Answer 2: http://en.wikipedia.org/wiki/Bypass_your_cache

 

And since you seem to have provided only snippets of your output (or are they the full output of your page?) I would suggest that you try validating your HTML at 

http://validator.w3.org

. Some unclosed tags outside of those snippets, for example, might be interfering with the POST method. I don't see why it should not work since this is usually a very simple process...

Link to comment
Share on other sites
netpumber Member

netpumber

Posted
  • Author
Posted

One more question...:)

 

Here is the textarea code...

 

<textarea style=\"background:#B0D2D7\" rows=\"10\" name=\"entry\" cols=\"48\" >".htmlentities($row['entry'])."</textarea>

 

Lets say i add this in the edit form :

 

here is the google <a href="http://www.google.com">Google</a>

 

This will create a link but its not correct and this is how it likes in the source code..:

 

<a href=\"http://www.google.com\">Google</a>.

 

Why this occurs ?

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.