charizard Posted January 8, 2011 Share Posted January 8, 2011 Okay, so I'm a relative newbie to PHP. I've been learning for a few months now, and while I get some bits and can fix most of my errors (with a little help from google occasionally), this one's something I can't explain. Basically, I've been building an admin panel so I can edit various content on a website, as you'd gather. It was all going pretty well, until something I did meant that my forms now do nothing. When I press update on the edit forms or add on the...well..add forms, they go back to the prefilled in content. Here is my add form: <?php include('/home/charioti/public_html/andalasia/admin/skin/header.php'); //form not yet submitted //display initial form if (!$_POST['submit']) { ?> <h1>Add Content</h1><div class="cont"> <table align="center"> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> <tr> <td>Title:</td><td><input type="text" name="title" id="title"></td></tr> <tr><td>Content:</td><td><textarea name="content">text here</textarea></td></tr> <tr><td></td><td><input type="submit" name="submit" value="add"></td></tr></table></form> <?php } else { include('/home/charioti/public_html/andalasia/admin/conf.php'); //set up error list array $errorList = array(); $title = $_POST['title']; $content = $_POST['content']; //validation if(trim($_POST['title']) == '') { $errorList[] = 'Invalid entry: activity name'; } if(trim($_POST['content']) == '') { $errorList[] = 'Invalid entry: answer'; } //check for errors if(sizeof($errorList) == 0) { //db connect $connection = mysql_connect($host, $user, $pass) or die('Unable to connect!'); //db select mysql_select_db($db) or die('Unable to select database!'); //generate and execute query $query = "INSERT INTO info(title, content, date) VALUES('$title', '$content', NOW())"; $result = mysql_query($query) or die("Error in query: $query . " . mysql_error()); // print result echo 'content added! <a href=/admin/index1.php>home</a>'; //close database connection mysql_close($connection); } else { //errors found // print as list echo ' The following errors were encountered:'; echo '<br>'; echo '<ul>'; for($x=0; $x<sizeof($errorList); $x++) { echo "<li>$errorList[$x]"; } echo '</ul>'; } } include('/home/charioti/public_html/andalasia/admin/skin/footer.php'); ?> My header file, incase I've messed something there: <? session_start(); if(!session_is_registered(username)){ header("location:/admin/index.php"); } ?> <HTML> <HEAD> <TITLE>Andalasia ~ admin: <?php echo basename($_SERVER["PHP_SELF"]); ?></TITLE> <LINK REL="STYLESHEET" HREF="/admin/skin/style.css" TYPE="TEXT/CSS"> </HEAD> <BODY> <TABLE CLASS="CON"> <TR> <TD> <IMG SRC="/admin/skin/adpo.png" style="border-top:0px solid #A10543"> </TD> </TR> <TR> <TD> <TABLE style="font:8pt arial"> <TR> <TD CLASS="nav" style="width:200px"> <DIV CLASS="navi"> <p class="header">navigation</p> <a href="" target="__blank">Guild HQ</a> <a href="/" target="__blank">Web HQ</a> <a href="/admin/index1.php">Admin HQ</a> <a href="/admin/logout.php">logout</a></DIV> <DIV CLASS="navi"> <p class="header">points</p> <?php include('/home/charioti/public_html/andalasia/admin/points.php')?> </DIV> <DIV CLASS="navi"> <P CLASS="header">update posts</p> <?php include('/home/charioti/public_html/andalasia/admin/news/list.php')?> <a href="/admin/news/add.php">Add a post</a> </DIV> <DIV CLASS="navi"> <P CLASS="header">information posts</p> <?php include('/home/charioti/public_html/andalasia/admin/info/list.php')?> <a href="/admin/info/add.php">Add a post</a> </DIV> <DIV CLASS="navi"> <P CLASS="header">activities</p> <a href="/admin/activities/onsite.php">Onsite activities</a> <a href="/admin/activities/offsite.php">Web-hosted activities</a> <a href="/admin/activities/creative.php">Creative web activities</a> </DIV> <DIV CLASS="navi"> <P CLASS="header">Graphics</p> <h2>Guild layouts</h2> <?php include('/home/charioti/public_html/andalasia/admin/layouts/layl.php')?> <a href="/admin/layouts/add.php">Add layout</a> <h2>Userlookups</h2> <?php include('/home/charioti/public_html/andalasia/admin/lookups/list.php')?> <a href="/admin/lookups/add.php">Add lookup</a> <h2>Banners</h2> <a href="/admin/banners/banners.php">Banners</a> <h2>Fonts</h2> <?php include('/home/charioti/public_html/andalasia/admin/fonts/list.php')?> <a href="/admin/fonts/add.php">Add font</a></DIV> <DIV CLASS="navi"> <P CLASS="header">Members</p> <?php include('/home/charioti/public_html/andalasia/admin/users/list.php')?> <a href="/admin/users/add.php">Add user</a> </DIV> <DIV CLASS="navi"> <!-- BEGIN CBOX - www.cbox.ws - v001 --> <div id="cboxdiv" style="text-align: center; line-height: 0"> <div><iframe frameborder="0" width="200" height="305" src="http://www2.cbox.ws/box/?boxid=2184566&boxtag=evz64m&sec=main" marginheight="2" marginwidth="2" scrolling="auto" allowtransparency="yes" name="cboxmain" style="border:#11011A 1px solid;" id="cboxmain"></iframe></div> <div><iframe frameborder="0" width="200" height="75" src="http://www2.cbox.ws/box/?boxid=2184566&boxtag=evz64m&sec=form" marginheight="2" marginwidth="2" scrolling="no" allowtransparency="yes" name="cboxform" style="border:#11011A 1px solid;border-top:0px" id="cboxform"></iframe></div> </div> <!-- END CBOX --> </DIV> </TD> <TD CLASS="c" VALIGN="TOP" style="width:600px"> And my edit file: <? // edit.php - edit a layout ?> <!-- page header - snip --> <? // includes include("/home/charioti/public_html/andalasia/admin/skin/header.php"); include("/home/charioti/public_html/andalasia/admin/conf.php"); // form not yet submitted // display initial form with values pre-filled if (!isset($_POST['submit'])) { // open database connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); // generate and execute query $id = mysql_escape_string($_GET['id']); $query = "SELECT title, content, id FROM info WHERE id = '$id'"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // if a result is returned if (mysql_num_rows($result) > 0) { // turn it into an object $row = mysql_fetch_object($result); // print form with values pre-filled ?> <h1>Update post - ID <? echo $id; ?></h1> <div class=cont> <table class=view align=center> <form action="<? echo $_SERVER['PHP_SELF']; ?>" method="POST"> <input type="hidden" name="id" value="<? echo $id; ?>"> <tr> <td valign="top"><b>Title</b></td> <td><input size="50" maxlength="250" type="text" name="title" value="<? echo $row->title; ?>"></td> </tr> <tr> <td valign="top"><b>Content:</b></td> <td><textarea name=content><? echo $row->content; ?></textarea></td> </tr> <tr> <td colspan=2><input type="Submit" name="submit" value="Update"></td> </tr> </form> </table> </div> <? } // no result returned // print graceful error message else { echo "<h1>Error!</h1><div class=cont>That post could not be located in our database.</div>"; } } else { // form submitted // start processing it // set up error list array $errorList = array(); $count = 0; // validate text input fields $title = mysql_escape_string($_POST['title']); $content = mysql_escape_string($_POST['content']); $id = mysql_escape_string($_POST['id']); if (!$title) { $errorList[$count] = "Invalid entry: title"; $count++; } if (!$content) { $errorList[$count] = "Invalid entry: content"; $count++; } // check for errors // if none found... if (sizeof($errorList) == 0) { // open database connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); // generate and execute query $query = "UPDATE info SET title = '$title', content = '$content' WHERE id = '$id'"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // print result echo "<h1>Success!</h1><div class=cont>Update successful. <a href=/admin/index1.php>Go back to the main menu</a>.</font></div>"; // close database connection mysql_close($connection); } else { // errors occurred // print as list echo "<h1>Errors:</h1><div class=cont><font size=-1>The following errors were encountered: <br>"; echo "<ul>"; for ($x=0; $x<sizeof($errorList); $x++) { echo "<li>$errorList[$x]"; } echo "</ul></font></div>"; } } include('/home/charioti/public_html/andalasia/admin/skin/footer.php'); ?> I started off working with templates from my book and from various sources, so I've tried reseting my pages to those and reworking them, and I've deduced that it's probably something to do with my header file, I just can't work out what or whereabouts the problem is. Any help you can offer would be greatly appreciated. (: Quote Link to comment https://forums.phpfreaks.com/topic/223816-forms-gone-crazy/ Share on other sites More sharing options...
Pikachu2000 Posted January 8, 2011 Share Posted January 8, 2011 Have you (or your hosting provider) made any changes lately, such as upgrading the PHP version? Quote Link to comment https://forums.phpfreaks.com/topic/223816-forms-gone-crazy/#findComment-1156847 Share on other sites More sharing options...
charizard Posted January 9, 2011 Author Share Posted January 9, 2011 I haven't, but I shall check with my hosting provider (: If they have, what can I do to fix it? Quote Link to comment https://forums.phpfreaks.com/topic/223816-forms-gone-crazy/#findComment-1157014 Share on other sites More sharing options...
Pikachu2000 Posted January 9, 2011 Share Posted January 9, 2011 I ask because I see a lot of short open <? tags in your code. It's possible that changing the server configuration updated the php.ini file to have short_open_tag set to off. In any event, you're better off tho change any <? tags to the full synyax <?php as long as you're editing files. Meanwhile, I'll look over the rest of the code and see if there's anything else obviously wrong. Quote Link to comment https://forums.phpfreaks.com/topic/223816-forms-gone-crazy/#findComment-1157025 Share on other sites More sharing options...
charizard Posted January 9, 2011 Author Share Posted January 9, 2011 I haven't checked, but I just tested by removing all php from the header file and putting them back in again, and I've worked out it's the points.php which is stopping the forms from working: <?php //connection stuff here //create and execute query $query = 'SELECT * FROM teams'; $result20 = mysql_query($query) or die ('Error in query: $query . ' . $mysql_error()); //check if records were returned if (mysql_num_rows($result20) > 0) { //print HTML table echo '<table align=center>'; echo '<tr><td><b>Team</b></td><td><b>Points</b></td><td><b>Change</b></td></tr>'; while($row = mysql_fetch_row($result20)) { echo '<tr>'; echo '<td>' . $row[0] . '</td>'; echo '<td><center>' . $row[1] . '</center></td>'; echo '<td><form action=/admin/calcp.php method=post><input type=submit name=add' . $row[0] . ' value=+> <input type=submit name=rem' . $row[0] . ' value=-></td>'; echo '</tr>'; } echo ''; echo '</table>'; } else { echo 'no teams?!'; } mysql_free_result($result20); mysql_close($connection); ?> The back-end (calcp.php): <?php //connection stuff here if ($_POST['addHeroes']) { $result = mysql_query("SELECT * FROM teams WHERE team = 'Heroes'"); while($row = mysql_fetch_array($result)) { $p = $row[1]; $np = $p+1; } mysql_query("UPDATE teams SET points='$np' WHERE team = 'Heroes'"); } if ($_POST['remHeroes']) { $result = mysql_query("SELECT * FROM teams WHERE team = 'Heroes'"); while($row = mysql_fetch_array($result)) { $p = $row[1]; $np = $p-1; } mysql_query("UPDATE teams SET points='$np' WHERE team = 'Heroes'"); } if ($_POST['addVillains']) { $result = mysql_query("SELECT * FROM teams WHERE team = 'Villains'"); while($row = mysql_fetch_array($result)) { $p = $row[1]; $np = $p+1; } mysql_query("UPDATE teams SET points='$np' WHERE team = 'Villains'"); } if ($_POST['remVillains']) { $result = mysql_query("SELECT * FROM teams WHERE team = 'Villains'"); while($row = mysql_fetch_array($result)) { $p = $row[1]; $np = $p-1; } mysql_query("UPDATE teams SET points='$np' WHERE team = 'Villains'"); } mysql_close($con); header("Location: $_SERVER[HTTP_REFERER]"); ?> Quote Link to comment https://forums.phpfreaks.com/topic/223816-forms-gone-crazy/#findComment-1157029 Share on other sites More sharing options...
Pikachu2000 Posted January 9, 2011 Share Posted January 9, 2011 I suspect the problem may be here. There isn't a closing </form> tag, and none of the attributes' values are quoted. echo '<td><form action=/admin/calcp.php method=post><input type=submit name=add' . $row[0] . ' value=+> <input type=submit name=rem' . $row[0] . ' value=-></td>'; Edit: Fixed code tags. Quote Link to comment https://forums.phpfreaks.com/topic/223816-forms-gone-crazy/#findComment-1157031 Share on other sites More sharing options...
charizard Posted January 9, 2011 Author Share Posted January 9, 2011 Thanks, that's fixed it (: Quote Link to comment https://forums.phpfreaks.com/topic/223816-forms-gone-crazy/#findComment-1157032 Share on other sites More sharing options...
PFMaBiSmAd Posted January 9, 2011 Share Posted January 9, 2011 While this might not be directly related to your problem(s), the following code has two problems - session_start(); if(!session_is_registered(username)){ header("location:/admin/index.php"); } session_is_registered() was depreciated over 8 years ago, in favor of using the $_SESSION array, finally throws a depreciated error in php5.3, and will be completely removed in the next major release of php. You also need an exit; statement after your header() redirect to prevent the remainder of the code on your 'protected' pages from executing while the browser is performing the redirect. All someone needs to do is ignore the redirect being sent to the browser and he can access your protected pages. The following is the updated code - session_start(); if(!isset($_SESSION['username'])){ header("location:/admin/index.php"); exit; // prevent access to all the rest of the code on the page } Quote Link to comment https://forums.phpfreaks.com/topic/223816-forms-gone-crazy/#findComment-1157033 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.