Displying code on my page???

[googlit]

Hi all,

 

i have created a quick page for editing a database entry and for some reason my code is displaying on the live page.

 

my code is:

<? 
//Include database connection details

include('db_connect.php'); 
if (isset($_GET['id']) ) { 
$id = (int) $_GET['id']; 
if (isset($_POST['submitted'])) { 
foreach($_POST AS $key => $value) { $_POST[$key] = mysql_real_escape_string($value); } 
$sql = "UPDATE `content` SET  `content_id` =  '{$_POST['content_id']}' ,  `title` =  '{$_POST['title']}' ,  `body` =  '{$_POST['body']}'   WHERE `id` = '$id' "; 
mysql_query($sql) or die(mysql_error()); 
echo (mysql_affected_rows()) ? "Edited row.<br />" : "Nothing changed. <br />"; 
echo "<a href='content_list.php'>Back To Listing</a>"; 
} 
$row = mysql_fetch_array ( mysql_query("SELECT * FROM `content` WHERE `id` = '$id' ")); 
?>

<form action='' method='POST'> 
<p><b>Content Id:</b><br /><input type='text' name='content_id' value='<?= stripslashes($row['content_id']) ?>' /> 
<p><b>Title:</b><br /><input type='text' name='title' value='<?= stripslashes($row['title']) ?>' /> 
<p><b>Body:</b><br /><textarea name='body'><?= stripslashes($row['body']) ?></textarea> 
<p><input type='submit' value='Edit Row' /><input type='hidden' value='1' name='submitted' /> 
</form> 
<? } ?> 

 

the output that i get is on the image i have attached

 

if anyone can help please do so, my db structure is as follows (from phpmyadmin)

CREATE TABLE `content` (
  `content_id` int(4) NOT NULL AUTO_INCREMENT,
  `title` varchar(60) DEFAULT NULL,
  `body` mediumblob,
  PRIMARY KEY (`content_id`)
) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=latin1;

 

Thanx

 

[attachment deleted by admin]

[PFMaBiSmAd]

You need to (always) use full opening php tags <?php so that your code will be portable between servers where you might not have the ability to turn on the short_open_tags setting.

[googlit]

Thnks for that, i broke a good habit and started using them as quick tags, suppose you learn from your mistakes...

 

i had a few other niggles but have managed to iron them out however i still have one problem:

 

i am still getting an error and the form is not echo-ing any data into the fields,

 

the error is

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in content_edit.php on line 14

 

i have included the code for content_edit.php below

 

line 14 is

$row = mysql_fetch_array ( mysql_query("SELECT * FROM `content` WHERE `id` = '$id' "));

 

full script:

 

<?php
require_once('auth.php');
//Include database connection details
include('db_connect.php');

if (isset($_GET['id']) ) { 
$id = (int) $_GET['id']; 
if (isset($_POST['submitted'])) { 
foreach($_POST AS $key => $value) { $_POST[$key] = mysql_real_escape_string($value); } 
$sql = "UPDATE `content` SET  `content_id` =  '{$_POST['content_id']}' ,  `title` =  '{$_POST['title']}' ,  `body` =  '{$_POST['body']}'   WHERE `id` = '$id' "; 
mysql_query($sql) or die(mysql_error()); 
echo (mysql_affected_rows()) ? "Edited row.<br />" : "Nothing changed. <br />"; 
echo "<a href='content_list.php'>Back To Listing</a>"; 
} 
$row = mysql_fetch_array ( mysql_query("SELECT * FROM `content` WHERE `id` = '$id' ")); 
?>

<form action='' method='POST'> 
<p><b>Content Id:</b>
<br />
<input type='text' name='content_id' value='<?=($row['content_id']) ?>' /> 
<p><b>Title:</b><br /><input type='text' name='title' value='<?=($row['title']) ?>' /> 
<p><b>Body:</b><br /><textarea name='body'><?= ($row['body']) ?></textarea> 
<p><input type='submit' value='Edit Row' /><input type='hidden' value='1' name='submitted' /> 
</form> 
<?php } ?> 

 

Thankyou for all the help so far

[AyKay47]

you are not including line 14 in your conditional statement where you check if $id is set.. so your query will run even if $id is not set.. thus resulting in a query tha returns false.. which will cause your SQL error..

[googlit]

thanks

 

I have included it in the conditionla statement now however it is still not echo-ing the current contents of the database according to the id as required, and for the life in me i cannot see why not

 

 

[AyKay47]

that line by itself will not echo anything.. you will need to specify what you want to output

 

<?php
require_once('auth.php');//Include database connection details
include('db_connect.php');
if (isset($_GET['id']) ) { 
$id = (int) $_GET['id']; 
if (isset($_POST['submitted'])) 
{ 
foreach($_POST AS $key => $value) { 
$_POST[$key] = mysql_real_escape_string($value); 
} 
$sql = "UPDATE `content` SET  `content_id` =  '{$_POST['content_id']}' ,  `title` =  '{$_POST['title']}' ,  `body` =  '{$_POST['body']}'   WHERE `id` = '$id' "; 
mysql_query($sql) or die(mysql_error()); 
echo (mysql_affected_rows()) ? "Edited row.<br />" : "Nothing changed. <br />";
echo "<a href='content_list.php'>Back To Listing</a>";
$row = mysql_fetch_array ( mysql_query("SELECT * FROM `content` WHERE `id` = '$id' ")); 
print $row['title']; //example data.. 
} 
?>

[PFMaBiSmAd]

The $id not being set in that particular query won't produce an error, but since that query is inside the if (isset($_GET['id']) ) { conditional statement, that's not the problem anyway.

 

However, that query is failing due to an error of some kind. You have another bad habit you need to break, nesting a mysql_query() statement inside of another function call. That prevents you from directly using any error checking and error reporting logic on the query to get it to tell you if or why it is failing before you attempt to use the data it is supposed to return.

 

Break out the mysql_query statement, execute it first, with some error checking and error reporting logic -

 

$result = mysql_query("SELECT * FROM `content` WHERE `id` = '$id'") or die(mysql_error());
$row = mysql_fetch_array($result); 

 

Since it would appear that you want to get the data from your table and put it into the form, regardless of if the form has been submitted, you would want to put that code back where you originally had it, after the end of the if (isset($_POST['submitted'])) { } conditional code.