Jump to content

Recommended Posts

I'm trying to make it so people can edit their reviews after they have created them. The problem is that when I click "Edit Review", after I changed everything, it does nothing. I want it to go to "Success", but I don't know how to solve this problem.  I've looked at it for about an hour, and I'm not sure why it isn't doing anything. At first the variables are GET, and the code reads to make sure id and passcode exist. But the edit form is POST, so all I did was make hidden inputs that carry over the GET and put them in POST form. But like I said, nothing happens when I click "Edit Review".

 

<html>
<head>
<title>Review Tracks</title>
<link rel="stylesheet" type="text/css" href="style.css" /> 
</head>
<body>
<center>

<div class="holder">

<?php

$checker = $_POST['checker'];
$id = $_GET['id'];
$id2 = $_POST['id2'];
$passcode = $_GET['passcode'];
$passcode2 = $_POST['passcode2'];

$mysql_host = "**********";
$mysql_database = "************";
$mysql_user = "*************";
$mysql_password = "************";

//connect to database
         mysql_connect("$mysql_host","$mysql_user","$mysql_password");
         mysql_select_db("$mysql_database");

//extract
$extract = mysql_query("SELECT * FROM reviews WHERE id='$id'");
$numrows = mysql_num_rows($extract);

while ($row = mysql_fetch_assoc($extract))

{
$dpasscode = $row['passcode'];
}

$design = $_POST['design'];
$designt = $_POST['designtext'];
$grammar = $_POST['grammar'];
$grammart = $_POST['grammartext'];
$layout = $_POST['layout'];
$layoutt = $_POST['layouttext'];
$moderation = $_POST['moderation'];
$moderationt = $_POST['moderationtext'];
$activity = $_POST['activity'];
$activityt = $_POST['activitytext'];
$overall = $_POST['overall'];
$overallt = $_POST['overalltext'];

$design = mysql_real_escape_string($design);
$designt = mysql_real_escape_string($designt);
$grammar = mysql_real_escape_string($grammar);
$grammart = mysql_real_escape_string($grammart);
$layout = mysql_real_escape_string($layout);
$layoutt = mysql_real_escape_string($layoutt);
$moderation = mysql_real_escape_string($moderation);
$moderationt = mysql_real_escape_string($moderationt);
$activity = mysql_real_escape_string($activity);
$activityt = mysql_real_escape_string($activityt);
$overall = mysql_real_escape_string($overall);
$overallt = mysql_real_escape_string($overallt);
$passcode = mysql_real_escape_string($passcode);
$ip = $_SERVER['REMOTE_ADDR'];

if (!$id && !$id2) {
echo '<div id="signuptop">No review found</div><div id="signup">Please choose a Review to edit first! <a href="index.php">Back</a></div>';
} else if (!$passcode && !$passcode2) {
echo '<div id="signuptop">Pass-code Required</div><div id="signup">Please enter in the Pass-code to edit this review.<br/><br/><form action="edit.php" method="GET"><input type="hidden" name="id" value="'. $id .'"><input type="text" name="passcode" maxlength="6"><input type="submit" value="Enter"></form><br/><br/></div>';
} else if($passcode==$dpasscode) {

//extract
$extract = mysql_query("SELECT * FROM reviews WHERE id='$id'");
$numrows = mysql_num_rows($extract);

while ($row = mysql_fetch_assoc($extract))

{
$id = $row['id'];
$name = $row['name'];
$site = $row['url'];
$design = $row['design'];
$designt = $row['designt'];
$grammar = $row['grammar'];
$grammart = $row['grammart'];
$layout = $row['layout'];
$layoutt = $row['layoutt'];
$moderation = $row['moderation'];
$moderationt = $row['moderationt'];
$activity = $row['activity'];
$activityt = $row['activityt'];
$overall = $row['overall'];
$overallt = $row['overallt'];
$total = $row['total'];
$views = $row['views'];
$status = $row['status'];
}

echo '<div id="signuptop">Edit a Review</div><div id="signup"><form action="edit.php" method="POST"><br/>
<input type="hidden" name="id2" value="'. $id .'" method="POST">
<input type="hidden" name="passcode2" value="'. $passcode .'">
Appearance: 

<select name="design">
<option value="'. $design .'">'. $design .'</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
/10<br/>

<textarea name="designtext" cols="30" rows="13" maxlength="450">'. $designt .'</textarea><br/>

<br/><br/>Grammar Usage

<select name="grammar">
<option value="'. $grammar .'">'. $grammar .'</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
/10<br />

<textarea name="grammartext" cols="30" rows="13" maxlength="450">'. $grammart .'</textarea><br/>

<br/><br/>Layout

<select name="layout">
<option value="'. $layout .'">'. $layout .'</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
/10<br />

<textarea name="layouttext" cols="30" rows="13" maxlength="450">'. $layoutt .'</textarea><br/>

<br/><br/>Moderation

<select name="moderation">
<option value="'. $moderation .'">'. $moderation .'</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
/10<br />

<textarea name="moderationtext" cols="30" rows="13" maxlength="450">'. $moderationt .'</textarea><br/>

<br/><br/>User Activity

<select name="activity">
<option value="'. $activity .'">'. $activity .'</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
/10<br />

<textarea name="activitytext" cols="30" rows="13" maxlength="450">'. $activityt .'</textarea><br/>

<br/><br/>Overall Score

<select name="overall">
<option value="'. $overall .'">'. $overall .'</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
/10<br />

<textarea name="overalltext" cols="30" rows="13" maxlength="450">'. $overallt .'</textarea><br/>
<input type="hidden" name="checker" value="1">
<br/><br/><br/>
<input type="submit" value="Edit Review"></form></div>';
} elseif($checker=="1") {
echo '<div id="signuptop">Success</div><div id="signup">You have successfully edited the review! Why not check it out at <a href="view.php?tracker='. $id .'">here</a>!</div>';
} 
?>
</div>
</center>
</body>
</html>

Since 8-10 people/scripts had read this thread by the time mjdamato posted that warning, it was too late anyway. Your only choice once you hit the submit button and that information was present on a public web page was to change your actual username/password.

 

Is there some reason you are not developing and debugging your code on a local development system and only putting it onto a live server once it has been fully tested? You will save a TON of time and since code that has not been fully tested often contains security holes, you will not be exposing your server to abuse or in this case abuse by accidentally posting database access information.

Well, back on topic. I don't see any UPDATE queries in your code, so there is no way to, well, update the existing posts. If you are posting that data to a different page you need to check that the submitted data is what you expect. If so, then the problem lies somewhere in the coding of that page.

Well, back on topic. I don't see any UPDATE queries in your code, so there is no way to, well, update the existing posts. If you are posting that data to a different page you need to check that the submitted data is what you expect. If so, then the problem lies somewhere in the coding of that page.

 

I didn't add it because I wanted to make sure everything works first.

 

New code, found some bugs, but it still doesn't work:

 

<html>
<head>
<title>Review Tracks</title>
<link rel="stylesheet" type="text/css" href="style.css" /> 
</head>
<body>
<center>

<div class="holder">

<?php

$one = 1;
$checker = $_POST['checker'];
$id = $_GET['id'];
$id2 = $_POST['id2'];
$passcode = $_GET['passcode'];
$passcode2 = $_POST['passcode2'];

$mysql_host = "";
$mysql_database = "";
$mysql_user = "";
$mysql_password = "";

//connect to database
         mysql_connect("$mysql_host","$mysql_user","$mysql_password");
         mysql_select_db("$mysql_database");

//extract
$extract = mysql_query("SELECT * FROM reviews WHERE id='$id'");
$numrows = mysql_num_rows($extract);

while ($row = mysql_fetch_assoc($extract))

{
$dpasscode = $row['passcode'];
}

$design2 = $_POST['design'];
$designt2 = $_POST['designtext'];
$grammar2 = $_POST['grammar'];
$grammart2 = $_POST['grammartext'];
$layout2 = $_POST['layout'];
$layoutt2 = $_POST['layouttext'];
$moderation2 = $_POST['moderation'];
$moderationt2 = $_POST['moderationtext'];
$activity2 = $_POST['activity'];
$activityt2 = $_POST['activitytext'];
$overall2 = $_POST['overall'];
$overallt2 = $_POST['overalltext'];

$design2 = mysql_real_escape_string($design);
$designt2 = mysql_real_escape_string($designt);
$grammar2 = mysql_real_escape_string($grammar);
$grammart2 = mysql_real_escape_string($grammart);
$layout2 = mysql_real_escape_string($layout);
$layoutt2 = mysql_real_escape_string($layoutt);
$moderation2 = mysql_real_escape_string($moderation);
$moderationt2 = mysql_real_escape_string($moderationt);
$activity2 = mysql_real_escape_string($activity);
$activityt2 = mysql_real_escape_string($activityt);
$overall2 = mysql_real_escape_string($overall);
$overallt2 = mysql_real_escape_string($overallt);
$passcode2 = mysql_real_escape_string($passcode);
$ip = $_SERVER['REMOTE_ADDR'];

if (!$id && !$id2) {
echo '<div id="signuptop"></div><div id="signup">Please choose a Review to edit first! <a href="index.php">Back</a></div>';
} else if (!$passcode && !$passcode2) {
echo '<div id="signuptop">Pass-code Required</div><div id="signup">Please enter in the Pass-code to edit this review.<br/><br/><form action="edit.php" method="GET"><input type="hidden" name="id" value="'. $id .'"><input type="text" name="passcode" maxlength="6"><input type="submit" value="Enter"></form><br/><br/></div>';
} else if($passcode==$dpasscode) {

//extract
$extract = mysql_query("SELECT * FROM reviews WHERE id='$id'");
$numrows = mysql_num_rows($extract);

while ($row = mysql_fetch_assoc($extract))

{
$id = $row['id'];
$name = $row['name'];
$site = $row['url'];
$design = $row['design'];
$designt = $row['designt'];
$grammar = $row['grammar'];
$grammart = $row['grammart'];
$layout = $row['layout'];
$layoutt = $row['layoutt'];
$moderation = $row['moderation'];
$moderationt = $row['moderationt'];
$activity = $row['activity'];
$activityt = $row['activityt'];
$overall = $row['overall'];
$overallt = $row['overallt'];
$total = $row['total'];
$views = $row['views'];
$status = $row['status'];
}

echo '<div id="signuptop">Edit a Review</div><div id="signup"><form action="edit.php" method="POST"><br/>
<input type="hidden" name="id2" value="'. $id .'">
<input type="hidden" name="passcode2" value="'. $passcode .'">
Appearance: 

<select name="design">
<option value="'. $design .'">'. $design .'</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
/10<br/>

<textarea name="designtext" cols="30" rows="13" maxlength="450">'. $designt .'</textarea><br/>

<br/><br/>Grammar Usage

<select name="grammar">
<option value="'. $grammar .'">'. $grammar .'</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
/10<br />

<textarea name="grammartext" cols="30" rows="13" maxlength="450">'. $grammart .'</textarea><br/>

<br/><br/>Layout

<select name="layout">
<option value="'. $layout .'">'. $layout .'</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
/10<br />

<textarea name="layouttext" cols="30" rows="13" maxlength="450">'. $layoutt .'</textarea><br/>

<br/><br/>Moderation

<select name="moderation">
<option value="'. $moderation .'">'. $moderation .'</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
/10<br />

<textarea name="moderationtext" cols="30" rows="13" maxlength="450">'. $moderationt .'</textarea><br/>

<br/><br/>User Activity

<select name="activity">
<option value="'. $activity .'">'. $activity .'</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
/10<br />

<textarea name="activitytext" cols="30" rows="13" maxlength="450">'. $activityt .'</textarea><br/>

<br/><br/>Overall Score

<select name="overall">
<option value="'. $overall .'">'. $overall .'</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
/10<br />

<textarea name="overalltext" cols="30" rows="13" maxlength="450">'. $overallt .'</textarea><br/>
<input type="hidden" name="checker" value="1">
<br/><br/><br/>
<input type="submit" value="Edit Review"></form></div>';
} else if($checker==$one) {
echo '<div id="signuptop">Success</div><div id="signup">You have successfully edited the review! Why not check it out at <a href="view.php?tracker='. $id .'">here</a>!</div>';
} else {
echo '<div id="signuptop">Error</div><div id="signup">The passcode you entered did not match the one of the review your trying to edit. <a href="index.php">Home</a></div>';
}
?>
</div>
</center>
</body>
</html>

What do you mean it doesn't work? You stated that the goal is to allow the user to edit thier review. That requires that the posted data is sent to a page which will run an UPDATE query. That code does not have any update queries, therefore no updates occur. The form is posting to the page 'edit.php' if that is another page you need to be looking at that code. If it is the same page, then there is nothing in this page to handle an update.

To be honest, that code has so much wrong with it I don't know where to start. It doesn't seem to be in any logical order making it difficult to debug.

 

Here's one example. It seems the code is written so that variables can be passed via POST or via GET.

$id = $_GET['id'];
$id2 = $_POST['id2'];

 

Then there is subsequent code to see if either of those are set. A much easier approach would be something like

$id = isset($_POST['id']) ? $_GET['id'] : $_GET['id'];

 

And then there is this

while ($row = mysql_fetch_assoc($extract))
{
$dpasscode = $row['passcode'];
}

 

Why would you use a while loop when you would expect only one record?

Sorry, but I'm pretty new.

 

But can you actually offer me help on fixing my code instead of judging my way of coding? Try and fix out stuff that matters. If it still works like it's suppose to....then...it works.

 

The reason I have $id and $id2 is: Soon as someone clicks submit on the field, it loses $id and then it sends you back to the error about having No ID. And so I put a hidden field in the form, so it puts the values of $id into the form, and when they click submit, it allows $id = $id2. And since the form is method="POST", I can't use GET.

 

Understand? o.O

But can you actually offer me help on fixing my code instead of judging my way of coding? Try and fix out stuff that matters. If it still works like it's suppose to....then...it works.
Easy tiger.  In life there are times to question motives, and then are times to accept ones judgement.  This time is that of the latter.  Trust me, you will learn a lot more if you learn to accept criticism.

But can you actually offer me help on fixing my code instead of judging my way of coding? Try and fix out stuff that matters. If it still works like it's suppose to....then...it works.
Easy tiger.  In life there are times to question motives, and then are times to accept ones judgement.  This time is that of the latter.  Trust me, you will learn a lot more if you learn to accept criticism.

 

Can we get off the subject? I'm pretty upset right now. I've had this bug all day, sitting here for hours working on it and I'm also not getting support here. I am getting support, but it isn't helping.

 

I should just erase everything and start the damn thing over.

But can you actually offer me help on fixing my code instead of judging my way of coding? Try and fix out stuff that matters. If it still works like it's suppose to....then...it works.
Easy tiger.  In life there are times to question motives, and then are times to accept ones judgement.  This time is that of the latter.  Trust me, you will learn a lot more if you learn to accept criticism.

 

Can we get off the subject? I'm pretty upset right now. I've had this bug all day, sitting here for hours working on it and I'm also not getting support here. I am getting support, but it isn't helping.

 

I should just erase everything and start the damn thing over.

You're feeling a pretty heavy sense of entitlement right now, aren't you.  Nobody here is on your retainer, so as long as you're getting free support, whether it's up to your high standards or not, remember that it's still free.

 

Good luck.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.