Form processing problem: what the heck?

[aviddread]

Hi,

I'm new to php and just trying to make sense of things by trying stuff. I'm trying to make a very rudimentary CMS where form values are added to a mysql database. One of the inputs in the form ($body) is a textarea. I've messed around with this but there's a glitch somewhere-when I press the submit button I just get a blank page (the page for the form processing script). My guess is there's something not right with the "safety measures" I'm taking: trim,stripslashes,etc. Any help would be appreciated

 

 

<?phpsession_start();if(!isset($_POST['Submit'])){header("Location: home_manage.php");exit();}else{$headline=$_POST['headline'];$author=$_POST['author'];$body=$_POST['body'];$headline=trim($headline);$author=trim($author);$body=trim($body);$message=array(); if((strlen($headline)!=0)&&(strlen($author)!=0)&&(strlen($body)!=0)){	$time=time();	$date=date('Y-m-d H:i:s',$time);	$headline=strip_tags($headline);	$author=strip_tags($author);	$body="<p>".$body."</p>";	$order=array("\r\n", "\n", "\r");	$replace='</p><p>';	$body=str_ireplace($order,$replace,$body);	$body=strip_tags($body,'<p><br />');  		if(get_magic_quotes_gpc()) 		 	{		$headline=stripslashes($headline);		$author=stripslashes($author);		$body=stripslashes($body);		}	$headline=htmlentities(mysql_real_escape_string($headline));	$author=htmlentities(mysql_real_escape_string($author));	$body=htmlentities(mysql_real_escape_string($body));	require('storage.inc');	$link = mysql_connect($host,$user,$db_password);	$db = mysql_select_db($post_database,$link);	$query=	"INSERT INTO entry (entry_date,entry_head,entry_author,entry_text) VALUES ('$date','$headline','$author','$body')";	mysql_query($query);	$message[]="<p class='announce'><b>Post titled ".$headline." has been added to the database.</b></p>";	}else{if(strlen($headline)<1){$message[]="<p class='announce'><b>You must include a headline for this post.</b></p>";}if(strlen($author)<1){$message[]="<p class='announce'><b>You must include an author name for this post.</b></p>";}if(strlen($body)<1){$message[]="<p class='announce'><b>You must include some body text for this post.</b></p>";}}$_SESSION['msg']['up_err']=implode($message);header("Location: home_manage.php");exit();}?>

 

[Pikachu2000]

You should be developing with error reporting set to on.

[Oziam]

Find your php.ini file and make sure you have error reporting on and set to

 

error_reporting = E_ALL | E_STRICT

 

this is about line 515 in my ini file.

 

This will report all errors and help you trouble shoot your code!

[aviddread]

Thanks for the responses. I turned on error reporting as you suggested and what I'm seeing there is:

 

[11-Oct-2010 00:23:57] PHP Parse error:  syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ')' in /.../.../.../.../.../home_handler.php on line 23

[BlueSkyIS]

where is the code for home_handler.php?

 

the code as posted compiles, so I suspect that code is not home_handler.php.

[aviddread]

Thanks for your response.

 

This is the form:

<?php
print "<form action='./home_handler.php' method='POST' style='margin-top:1em;'>";
print "<label>Headline:</label><br /><input name='headline' class='text' style='width:520px;' /><br />";
print "<label>Author:</label><br /><input name='author' class='text' style='width:520px;' /><br />";
print "<label>Body Text:</label><br /><textarea name='body' class='text' style='width:520px;height:12em;'></textarea><br />";
print "<input type='submit' class='button' name='Submit' value='Submit' />";
print "</form>";

?>

 

The only other thing I have going on is some code to display error messages:

<?php

print ($_SESSION['msg']['up_err']);
unset($_SESSION['msg']['up_err']);
?>

 

I used that message-display set-up on a different page and it worked fine....

[aviddread]

Well, trial and error paid off.

As I suspected, some of the safety measures were gumming things up- specifically the array to replace new lines and returns with paragraphs, and the magic quotes conditional. Not sure why they didn't work, but when I deleted the magic quotes bit and took the array apart and put each value in it's own str_replace statement, everything started working.

Thanks to Oziam and Pikachu2000 for the heads up about the error reporting.