Jump to content

PHP form submission with sessions


ncovill

Recommended Posts

Hey everyone... So, I have a form that submits a message, name, userid, category, and datetime into the database. It all works fine except the userid... I had it working before, but now I have no clue why it stopped working :(

 

If a person is logged in, the "username" field becomes a dropdown menu and they can choose between Anonymous or their Username. I want it to insert the users 'id' (users table in the DB) into the post as well as update a post count in the users table.

 

It confuses the hell out of me because the same exact fetch array to display their info if they're logged in or not works perfectly (using sessions)... but for w/e reason it's not working in this particular INSERT function.

 

Anyway, here's the add_post.php which displays errors or success, then processes the function if it's a success - db_connect(); is a function to connect to the DB:

<?php
require_once('functions.php');
db_connect();

$message = $_POST['guestbook_message'];
$name = $_POST['guestbook_name'];
$datetime = $_POST['datetime'];
$category = $_POST['category'];

if (strlen($message) < 50)
{
$msgerror = "<strong>Error:</strong> Your message length is too short.";
}
if ($category == 1)
{
$msgerror = "<strong>Error:</strong> Please choose a category.";
}

$bad_word_list = "<object, </object>, <script, <param, </script>, </param>, <a href, &#106;&#97;&#118, &#0000106&#0000097&#0000118&, &#x6A&#x61&#x76&#x61&#x73, &#x09;, &#x0A;, &#x0D;, alert\(, <iframe, <embed, <meta, http://, www., .com, .net, .org, dot com, dot net, dot org, (dot) com, (dot) net, (dot) org";
$bad_words = explode(", ",$bad_word_list);
foreach ($bad_words as $word)
{
if (false !== stripos($message, $word))
	{
	$msgerror = "<strong>Error:</strong> Your message might contain unauthorized words.";
	}
}

if($msgerror)
{
$postmsg = $msgerror;
echo "<span class='posterror'>". $postmsg ."</span>";
}
else
{
add_post($message, $name, $userid, $datetime, $category);
$postmsg = "<strong>Success!</strong> Your comment has been posted.
			<script type=\"text/javascript\"><!--
			setTimeout('Redirect()',1000);
			function Redirect()
			{
			  location.href = 'index.php';
			}
			// --></script>";
echo "<span class='postsuccess'>". $postmsg ."</span>";
}
?>

 

And here is the function:

function add_post($message, $name, $userid, $datetime, $category)
{
$name = mysql_real_escape_string($name);
$message = mysql_real_escape_string(stripslashes(ereg_replace("\r\n", "<br />", $message)));
$time = strtotime("now");
$time = $time + 3600;
$datetime = date("m/d/y @ h:i:sa", $time);

$connection = db_connect();
$username = $_SESSION['user']['username'];
$user_array = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"));
$userid = $user_array['id'];

$query = "INSERT INTO `posts`(name, userid, content, datetime, category) VALUES('$name', '$userid', '$message', '$datetime', '$category')";
mysql_query($query, $connection);

// find the user and update comment count
$sql = "SELECT * FROM `users` WHERE `id` = '$userid'";
$result = mysql_query($sql);
$rows = mysql_fetch_array($result);

if ($rows)
	{
	$max_post = $rows['posts'] + 1;
	}
else
	{
	$max_post = 1;
	}

$q = "UPDATE `users` SET `posts` = '$max_post' WHERE `id` = '$userid'";
mysql_query($q);

db_close($connection);
}

 

And I am not sure this is needed but this is the code that works fine, displaying whether or not they're logged in:

$session = $_SESSION['in'];
if ($session)
{
$username = $_SESSION['user']['username'];
}

if($session != "yes") // generate login form
{
$login = '<form action="login.php" method="post">
<p>
<label class="loginField">Username:</label> 
<input class="login" type="text" name="log" id="log" value="" />
</p>
<p>
<label class="loginField">Password:</label> 
<input class="login" type="password" name="pwd" id="pwd" value="" />
</p>
<div style="text-align: right;">
	<input type="submit" name="submitlogin" value="Submit" class="button_login" id="submit" />
</div>

</form><br />
<div id="loginajax"><a href="#submit_register" name="modal"><strong>Sign up</strong>
</a> | <a href="forgot.php">Forgot Password?</a></div>';
}
else
{
db_connect();
$username = $_SESSION['user']['username'];
$user_array = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"));

$login = 'Welcome back, <strong>'. $user_array['name'] .'</strong>.  <a href="logout.php" name="logout" id="logout">Logout</a><br /><br /><br />
	<a href="settings.php">Edit Profile</a> | <a href="profile.php?user='. $username .'">View Profile</a>';
}

 

Like I said...that fetch array brings up the appropriate info, but for w/e reason does not work in the add_post function :( Any help would be greatly appreciated!!! :)

Link to comment
https://forums.phpfreaks.com/topic/179252-php-form-submission-with-sessions/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.