3raser Posted June 11, 2010 Share Posted June 11, 2010 I'm trying to make it so people can edit their reviews after they have created them. The problem is that when I click "Edit Review", after I changed everything, it does nothing. I want it to go to "Success", but I don't know how to solve this problem. I've looked at it for about an hour, and I'm not sure why it isn't doing anything. At first the variables are GET, and the code reads to make sure id and passcode exist. But the edit form is POST, so all I did was make hidden inputs that carry over the GET and put them in POST form. But like I said, nothing happens when I click "Edit Review". <html> <head> <title>Review Tracks</title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <center> <div class="holder"> <?php $checker = $_POST['checker']; $id = $_GET['id']; $id2 = $_POST['id2']; $passcode = $_GET['passcode']; $passcode2 = $_POST['passcode2']; $mysql_host = "**********"; $mysql_database = "************"; $mysql_user = "*************"; $mysql_password = "************"; //connect to database mysql_connect("$mysql_host","$mysql_user","$mysql_password"); mysql_select_db("$mysql_database"); //extract $extract = mysql_query("SELECT * FROM reviews WHERE id='$id'"); $numrows = mysql_num_rows($extract); while ($row = mysql_fetch_assoc($extract)) { $dpasscode = $row['passcode']; } $design = $_POST['design']; $designt = $_POST['designtext']; $grammar = $_POST['grammar']; $grammart = $_POST['grammartext']; $layout = $_POST['layout']; $layoutt = $_POST['layouttext']; $moderation = $_POST['moderation']; $moderationt = $_POST['moderationtext']; $activity = $_POST['activity']; $activityt = $_POST['activitytext']; $overall = $_POST['overall']; $overallt = $_POST['overalltext']; $design = mysql_real_escape_string($design); $designt = mysql_real_escape_string($designt); $grammar = mysql_real_escape_string($grammar); $grammart = mysql_real_escape_string($grammart); $layout = mysql_real_escape_string($layout); $layoutt = mysql_real_escape_string($layoutt); $moderation = mysql_real_escape_string($moderation); $moderationt = mysql_real_escape_string($moderationt); $activity = mysql_real_escape_string($activity); $activityt = mysql_real_escape_string($activityt); $overall = mysql_real_escape_string($overall); $overallt = mysql_real_escape_string($overallt); $passcode = mysql_real_escape_string($passcode); $ip = $_SERVER['REMOTE_ADDR']; if (!$id && !$id2) { echo '<div id="signuptop">No review found</div><div id="signup">Please choose a Review to edit first! <a href="index.php">Back</a></div>'; } else if (!$passcode && !$passcode2) { echo '<div id="signuptop">Pass-code Required</div><div id="signup">Please enter in the Pass-code to edit this review.<br/><br/><form action="edit.php" method="GET"><input type="hidden" name="id" value="'. $id .'"><input type="text" name="passcode" maxlength="6"><input type="submit" value="Enter"></form><br/><br/></div>'; } else if($passcode==$dpasscode) { //extract $extract = mysql_query("SELECT * FROM reviews WHERE id='$id'"); $numrows = mysql_num_rows($extract); while ($row = mysql_fetch_assoc($extract)) { $id = $row['id']; $name = $row['name']; $site = $row['url']; $design = $row['design']; $designt = $row['designt']; $grammar = $row['grammar']; $grammart = $row['grammart']; $layout = $row['layout']; $layoutt = $row['layoutt']; $moderation = $row['moderation']; $moderationt = $row['moderationt']; $activity = $row['activity']; $activityt = $row['activityt']; $overall = $row['overall']; $overallt = $row['overallt']; $total = $row['total']; $views = $row['views']; $status = $row['status']; } echo '<div id="signuptop">Edit a Review</div><div id="signup"><form action="edit.php" method="POST"><br/> <input type="hidden" name="id2" value="'. $id .'" method="POST"> <input type="hidden" name="passcode2" value="'. $passcode .'"> Appearance: <select name="design"> <option value="'. $design .'">'. $design .'</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> </select> /10<br/> <textarea name="designtext" cols="30" rows="13" maxlength="450">'. $designt .'</textarea><br/> <br/><br/>Grammar Usage <select name="grammar"> <option value="'. $grammar .'">'. $grammar .'</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> </select> /10<br /> <textarea name="grammartext" cols="30" rows="13" maxlength="450">'. $grammart .'</textarea><br/> <br/><br/>Layout <select name="layout"> <option value="'. $layout .'">'. $layout .'</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> </select> /10<br /> <textarea name="layouttext" cols="30" rows="13" maxlength="450">'. $layoutt .'</textarea><br/> <br/><br/>Moderation <select name="moderation"> <option value="'. $moderation .'">'. $moderation .'</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> </select> /10<br /> <textarea name="moderationtext" cols="30" rows="13" maxlength="450">'. $moderationt .'</textarea><br/> <br/><br/>User Activity <select name="activity"> <option value="'. $activity .'">'. $activity .'</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> </select> /10<br /> <textarea name="activitytext" cols="30" rows="13" maxlength="450">'. $activityt .'</textarea><br/> <br/><br/>Overall Score <select name="overall"> <option value="'. $overall .'">'. $overall .'</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> </select> /10<br /> <textarea name="overalltext" cols="30" rows="13" maxlength="450">'. $overallt .'</textarea><br/> <input type="hidden" name="checker" value="1"> <br/><br/><br/> <input type="submit" value="Edit Review"></form></div>'; } elseif($checker=="1") { echo '<div id="signuptop">Success</div><div id="signup">You have successfully edited the review! Why not check it out at <a href="view.php?tracker='. $id .'">here</a>!</div>'; } ?> </div> </center> </body> </html> Quote Link to comment Share on other sites More sharing options...
Psycho Posted June 11, 2010 Share Posted June 11, 2010 Edit your post NOW to remove the database server info. Quote Link to comment Share on other sites More sharing options...
3raser Posted June 11, 2010 Author Share Posted June 11, 2010 Can't, doesn't let me edit my post. Whenever someone posts after my last post, it locks my post. Dunno why. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 11, 2010 Share Posted June 11, 2010 Since 8-10 people/scripts had read this thread by the time mjdamato posted that warning, it was too late anyway. Your only choice once you hit the submit button and that information was present on a public web page was to change your actual username/password. Is there some reason you are not developing and debugging your code on a local development system and only putting it onto a live server once it has been fully tested? You will save a TON of time and since code that has not been fully tested often contains security holes, you will not be exposing your server to abuse or in this case abuse by accidentally posting database access information. Quote Link to comment Share on other sites More sharing options...
3raser Posted June 11, 2010 Author Share Posted June 11, 2010 Everything is fine, I changed it. I just hate how I can NEVER edit my post. And I have to many problems trying to setup Xampp or whatever it is. Quote Link to comment Share on other sites More sharing options...
Psycho Posted June 11, 2010 Share Posted June 11, 2010 Well, back on topic. I don't see any UPDATE queries in your code, so there is no way to, well, update the existing posts. If you are posting that data to a different page you need to check that the submitted data is what you expect. If so, then the problem lies somewhere in the coding of that page. Quote Link to comment Share on other sites More sharing options...
3raser Posted June 11, 2010 Author Share Posted June 11, 2010 Well, back on topic. I don't see any UPDATE queries in your code, so there is no way to, well, update the existing posts. If you are posting that data to a different page you need to check that the submitted data is what you expect. If so, then the problem lies somewhere in the coding of that page. I didn't add it because I wanted to make sure everything works first. New code, found some bugs, but it still doesn't work: <html> <head> <title>Review Tracks</title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <center> <div class="holder"> <?php $one = 1; $checker = $_POST['checker']; $id = $_GET['id']; $id2 = $_POST['id2']; $passcode = $_GET['passcode']; $passcode2 = $_POST['passcode2']; $mysql_host = ""; $mysql_database = ""; $mysql_user = ""; $mysql_password = ""; //connect to database mysql_connect("$mysql_host","$mysql_user","$mysql_password"); mysql_select_db("$mysql_database"); //extract $extract = mysql_query("SELECT * FROM reviews WHERE id='$id'"); $numrows = mysql_num_rows($extract); while ($row = mysql_fetch_assoc($extract)) { $dpasscode = $row['passcode']; } $design2 = $_POST['design']; $designt2 = $_POST['designtext']; $grammar2 = $_POST['grammar']; $grammart2 = $_POST['grammartext']; $layout2 = $_POST['layout']; $layoutt2 = $_POST['layouttext']; $moderation2 = $_POST['moderation']; $moderationt2 = $_POST['moderationtext']; $activity2 = $_POST['activity']; $activityt2 = $_POST['activitytext']; $overall2 = $_POST['overall']; $overallt2 = $_POST['overalltext']; $design2 = mysql_real_escape_string($design); $designt2 = mysql_real_escape_string($designt); $grammar2 = mysql_real_escape_string($grammar); $grammart2 = mysql_real_escape_string($grammart); $layout2 = mysql_real_escape_string($layout); $layoutt2 = mysql_real_escape_string($layoutt); $moderation2 = mysql_real_escape_string($moderation); $moderationt2 = mysql_real_escape_string($moderationt); $activity2 = mysql_real_escape_string($activity); $activityt2 = mysql_real_escape_string($activityt); $overall2 = mysql_real_escape_string($overall); $overallt2 = mysql_real_escape_string($overallt); $passcode2 = mysql_real_escape_string($passcode); $ip = $_SERVER['REMOTE_ADDR']; if (!$id && !$id2) { echo '<div id="signuptop"></div><div id="signup">Please choose a Review to edit first! <a href="index.php">Back</a></div>'; } else if (!$passcode && !$passcode2) { echo '<div id="signuptop">Pass-code Required</div><div id="signup">Please enter in the Pass-code to edit this review.<br/><br/><form action="edit.php" method="GET"><input type="hidden" name="id" value="'. $id .'"><input type="text" name="passcode" maxlength="6"><input type="submit" value="Enter"></form><br/><br/></div>'; } else if($passcode==$dpasscode) { //extract $extract = mysql_query("SELECT * FROM reviews WHERE id='$id'"); $numrows = mysql_num_rows($extract); while ($row = mysql_fetch_assoc($extract)) { $id = $row['id']; $name = $row['name']; $site = $row['url']; $design = $row['design']; $designt = $row['designt']; $grammar = $row['grammar']; $grammart = $row['grammart']; $layout = $row['layout']; $layoutt = $row['layoutt']; $moderation = $row['moderation']; $moderationt = $row['moderationt']; $activity = $row['activity']; $activityt = $row['activityt']; $overall = $row['overall']; $overallt = $row['overallt']; $total = $row['total']; $views = $row['views']; $status = $row['status']; } echo '<div id="signuptop">Edit a Review</div><div id="signup"><form action="edit.php" method="POST"><br/> <input type="hidden" name="id2" value="'. $id .'"> <input type="hidden" name="passcode2" value="'. $passcode .'"> Appearance: <select name="design"> <option value="'. $design .'">'. $design .'</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> </select> /10<br/> <textarea name="designtext" cols="30" rows="13" maxlength="450">'. $designt .'</textarea><br/> <br/><br/>Grammar Usage <select name="grammar"> <option value="'. $grammar .'">'. $grammar .'</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> </select> /10<br /> <textarea name="grammartext" cols="30" rows="13" maxlength="450">'. $grammart .'</textarea><br/> <br/><br/>Layout <select name="layout"> <option value="'. $layout .'">'. $layout .'</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> </select> /10<br /> <textarea name="layouttext" cols="30" rows="13" maxlength="450">'. $layoutt .'</textarea><br/> <br/><br/>Moderation <select name="moderation"> <option value="'. $moderation .'">'. $moderation .'</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> </select> /10<br /> <textarea name="moderationtext" cols="30" rows="13" maxlength="450">'. $moderationt .'</textarea><br/> <br/><br/>User Activity <select name="activity"> <option value="'. $activity .'">'. $activity .'</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> </select> /10<br /> <textarea name="activitytext" cols="30" rows="13" maxlength="450">'. $activityt .'</textarea><br/> <br/><br/>Overall Score <select name="overall"> <option value="'. $overall .'">'. $overall .'</option> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> <option value="6">6</option> <option value="7">7</option> <option value="8">8</option> <option value="9">9</option> <option value="10">10</option> </select> /10<br /> <textarea name="overalltext" cols="30" rows="13" maxlength="450">'. $overallt .'</textarea><br/> <input type="hidden" name="checker" value="1"> <br/><br/><br/> <input type="submit" value="Edit Review"></form></div>'; } else if($checker==$one) { echo '<div id="signuptop">Success</div><div id="signup">You have successfully edited the review! Why not check it out at <a href="view.php?tracker='. $id .'">here</a>!</div>'; } else { echo '<div id="signuptop">Error</div><div id="signup">The passcode you entered did not match the one of the review your trying to edit. <a href="index.php">Home</a></div>'; } ?> </div> </center> </body> </html> Quote Link to comment Share on other sites More sharing options...
Psycho Posted June 11, 2010 Share Posted June 11, 2010 What do you mean it doesn't work? You stated that the goal is to allow the user to edit thier review. That requires that the posted data is sent to a page which will run an UPDATE query. That code does not have any update queries, therefore no updates occur. The form is posting to the page 'edit.php' if that is another page you need to be looking at that code. If it is the same page, then there is nothing in this page to handle an update. Quote Link to comment Share on other sites More sharing options...
3raser Posted June 11, 2010 Author Share Posted June 11, 2010 If it worked, it would go to the part that says: "Success", but no, when I click "Edit Review", it doesn't do anything! http://www.domination.comyr.com/edit.php?id=1 Use the code: f2a76h Quote Link to comment Share on other sites More sharing options...
3raser Posted June 11, 2010 Author Share Posted June 11, 2010 Anyone? Quote Link to comment Share on other sites More sharing options...
3raser Posted June 12, 2010 Author Share Posted June 12, 2010 Bump Quote Link to comment Share on other sites More sharing options...
Psycho Posted June 12, 2010 Share Posted June 12, 2010 To be honest, that code has so much wrong with it I don't know where to start. It doesn't seem to be in any logical order making it difficult to debug. Here's one example. It seems the code is written so that variables can be passed via POST or via GET. $id = $_GET['id']; $id2 = $_POST['id2']; Then there is subsequent code to see if either of those are set. A much easier approach would be something like $id = isset($_POST['id']) ? $_GET['id'] : $_GET['id']; And then there is this while ($row = mysql_fetch_assoc($extract)) { $dpasscode = $row['passcode']; } Why would you use a while loop when you would expect only one record? Quote Link to comment Share on other sites More sharing options...
3raser Posted June 12, 2010 Author Share Posted June 12, 2010 Sorry, but I'm pretty new. But can you actually offer me help on fixing my code instead of judging my way of coding? Try and fix out stuff that matters. If it still works like it's suppose to....then...it works. The reason I have $id and $id2 is: Soon as someone clicks submit on the field, it loses $id and then it sends you back to the error about having No ID. And so I put a hidden field in the form, so it puts the values of $id into the form, and when they click submit, it allows $id = $id2. And since the form is method="POST", I can't use GET. Understand? o.O Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted June 12, 2010 Share Posted June 12, 2010 But can you actually offer me help on fixing my code instead of judging my way of coding? Try and fix out stuff that matters. If it still works like it's suppose to....then...it works.Easy tiger. In life there are times to question motives, and then are times to accept ones judgement. This time is that of the latter. Trust me, you will learn a lot more if you learn to accept criticism. Quote Link to comment Share on other sites More sharing options...
3raser Posted June 12, 2010 Author Share Posted June 12, 2010 But can you actually offer me help on fixing my code instead of judging my way of coding? Try and fix out stuff that matters. If it still works like it's suppose to....then...it works.Easy tiger. In life there are times to question motives, and then are times to accept ones judgement. This time is that of the latter. Trust me, you will learn a lot more if you learn to accept criticism. Can we get off the subject? I'm pretty upset right now. I've had this bug all day, sitting here for hours working on it and I'm also not getting support here. I am getting support, but it isn't helping. I should just erase everything and start the damn thing over. Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted June 12, 2010 Share Posted June 12, 2010 But can you actually offer me help on fixing my code instead of judging my way of coding? Try and fix out stuff that matters. If it still works like it's suppose to....then...it works.Easy tiger. In life there are times to question motives, and then are times to accept ones judgement. This time is that of the latter. Trust me, you will learn a lot more if you learn to accept criticism. Can we get off the subject? I'm pretty upset right now. I've had this bug all day, sitting here for hours working on it and I'm also not getting support here. I am getting support, but it isn't helping. I should just erase everything and start the damn thing over. You're feeling a pretty heavy sense of entitlement right now, aren't you. Nobody here is on your retainer, so as long as you're getting free support, whether it's up to your high standards or not, remember that it's still free. Good luck. Quote Link to comment Share on other sites More sharing options...
3raser Posted June 12, 2010 Author Share Posted June 12, 2010 What does isset mean? Does it mean, is set? That could probably help me with my problem. If I'm being offensive right now, please don't listen to me. I'm just in a bad mood, and I tend to say things I don't mean. Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted June 12, 2010 Share Posted June 12, 2010 isset From the manual: isset — Determine if a variable is set and is not NULL So ya, it's pretty much in the name. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.