mdfcows Posted April 10, 2011 Share Posted April 10, 2011 Hi, very new to all this, so don't really know too much! I have been trying to edit some code to be able to retrieve some blocks of text from a database, then edit them and post them back. I have managed to retrieve them, however I can't seem to be able to post them back to the database edited. This is the code I using: <?php require_once('config.php'); $con = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD); if (!$con){ die('Failed to connect to server' . mysql_error()); } mysql_select_db(DB_DATABASE); $ide15 = $_POST[idf]; $query15 = "SELECT id,titleus,aboutus FROM about WHERE id = 1"; $result15 = mysql_query($query15) or die ("Query:<br />$query15<br />Error:<br />".mysql_error()); while ($row15 = mysql_fetch_assoc ($result15)) { $title15 = htmlentities ($row15['titleus']); $news15 = nl2br (strip_tags ($row15 ['aboutus'], '<a><b><i><u>')); echo "<form class ='addform' action='editabouttext.php' enctype='multipart/form-data' method='post'>"; echo "<p>Uttsav Title:<br /><input class='titlefield' type='text' name='title' value='$title15' /></p><br />"; echo "<p>Uttsav About:<br /> <textarea name='news' rows='1' cols='15'>$news15</textarea></p><br />"; echo "<p><input name='submit' type='submit' value='Submit' /></p>"; echo "</form>"; } if ($_POST['submit']) { mysql_select_db(DB_DATABASE); $upid = $_POST[idf]; $uptitle = $_POST[title]; $upnews = $_POST[news]; $upimage = $_FILES['userfile']['name']; $sql = "UPDATE about SET titleus = '$uptitle', aboutus = '$upnews', WHERE id = '1'"; mysql_query($sql); if ($_POST['submit']) { echo "<p class='admintext'>Your project thumbnail has now been edited - <a href='about.php'>View The About Page</a></p><br />"; $name = $_FILES['userfile']['name']; $type = $_FILES['userfile']['type']; $size = $_FILES['userfile']['size']; $tmpname = $_FILES['userfile']['tmp_name']; $ext = substr($name, strrpos($name, '.')); if (strstr($type, "image")) { move_uploaded_file($tmpname, "images/portfolio/".$name); } } } ?> I am using an apache server at the minute and have had this code working for other pages and scenarios, yet can't get it working on this, I think it may have something to do with the id of the post, but as I am only going to be using one post that will just get edited I took out the WHERE id = $ide15 and put in WHERE id = 1 as this is the id of the only post! Any help would be much appreciated! as I said, just starting to get to grips with things like this! Thank you Martin Quote Link to comment Share on other sites More sharing options...
vicodin Posted April 10, 2011 Share Posted April 10, 2011 First and foremost you need to be more careful when creating any type of form that will be inserting info into the DB. As your code stands right now I could sql inject into your database and do whatever I want. Change it to this... $upid = mysql_real_escape_string($_POST[idf]); $uptitle = mysql_real_escape_string($_POST[title]); $upnews = mysql_real_escape_string($_POST[news]); $upimage = mysql_real_escape_string($_FILES['userfile']['name']); We need to find out if theres an error going on in mysql. Change this: mysql_query($sql); To: mysql_query($sql) or die (mysql_error()); Quote Link to comment Share on other sites More sharing options...
mdfcows Posted April 10, 2011 Author Share Posted April 10, 2011 Hey, thank you for looking at my problem, i have made the changes you suggested and it is now coming up with the error, You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = '1'' at line 1 so it looks like it is from where I changed the $ide15 in that line, but this was because initially the code pulled which text to edit from someone selecting it on a different page but as there is only one area that is only going to get edited it only seemed to retrieve the data from the database if I changed it directly to the id of the database entry (1) Any idea on what to do instead? Quote Link to comment Share on other sites More sharing options...
vicodin Posted April 10, 2011 Share Posted April 10, 2011 Try this: $sql = "UPDATE about SET titleus = '{$uptitle}', aboutus = '{$upnews}' WHERE id = '1'"; Quote Link to comment Share on other sites More sharing options...
mdfcows Posted April 10, 2011 Author Share Posted April 10, 2011 That works perfectly! Thank you so much for your help! do you know how to mark this as solved? Thanks again Martin Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.