cyber_alchemist Posted September 30, 2013 Share Posted September 30, 2013 I found this small CMS script over the internet , all tough this script few errors, i managed to clear a few, but I still can't find the problem why it isn't posting any data into the database. here is the script related to this : <?php require_once 'db.inc.php'; require_once 'cms_http_functions.inc.php'; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die ('Unable to connect. Check your connection parameters.'); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); if (isset($_REQUEST['action'])) { switch ($_REQUEST['action']) { case 'Submit New Article': $title = (isset($_POST['title'])) ? $_POST['title'] : ''; $article_text = (isset($_POST['article_text'])) ? $_POST['article_text'] : ''; if (isset($_SESSION['user_id']) && !empty($title) && !empty($article_text)) { $sql = 'INSERT INTO cms_articles (user_id, submit_date, title, article_text) VALUES (' . $_SESSION['user_id'] . ', "' . date('Y-m-d H:i:s') . '", "' . mysql_real_escape_string($title, $db) . '", "' . mysql_real_escape_string($article_text, $db) . '")'; mysql_query($sql, $db) or die(mysql_error($db)); } redirect('cms_index.php'); break; case 'Edit': redirect('cms_compose.php?action=edit&article_id=' . $_POST['article_id']); break; case 'Save Changes': $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : ''; $user_id = (isset($_POST['user_id'])) ? $_POST['user_id'] : ''; $title = (isset($_POST['title'])) ? $_POST['title'] : ''; $article_text = (isset($_POST['article_text'])) ? $_POST['article_text'] : ''; if (!empty($article_id) && !empty($title) && !empty($article_text)) { $sql = 'UPDATE cms_articles SET title = "' . mysql_real_escape_string($title, $db) . '", article_text = "' . mysql_real_escape_string($article_text, $db) . '", submit_date = "' . date('Y-m-d H:i:s') . '" WHERE article_id = ' . $article_id; if (!empty($user_id)) { $sql .= ' AND user_id = ' . $user_id; } mysql_query($sql, $db) or die(mysql_error($db)); } if (empty($user_id)) { redirect('cms_pending.php'); } else { redirect('cms_cpanel.php'); } break; case 'Publish': $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : ''; if (!empty($article_id)) { $sql = 'UPDATE cms_articles SET is_published = TRUE, publish_date = "' . date('Y-m-d H:i:s') . '" WHERE article_id = ' . $article_id; mysql_query($sql, $db) or die(mysql_error($db)); } redirect('cms_pending.php'); break; case 'Retract': $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : ''; if (!empty($article_id)) { $sql = 'UPDATE cms_articles SET is_published = FALSE, publish_date = "0000-00-00 00:00:00" WHERE article_id = ' . $article_id; mysql_query($sql, $db) or die(mysql_error($db)); } redirect('cms_pending.php'); break; case 'Delete': $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : ''; if (!empty($article_id)) { $sql = 'DELETE a, c FROM cms_articles a LEFT JOIN cms_comments c ON a.article_id = c.article_id WHERE a.article_id = ' . $article_id . ' AND is_published = FALSE'; mysql_query($sql, $db) or die(mysql_error($db)); } redirect('cms_pending.php'); break; case 'Submit Comment': $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : ''; $comment_text = (isset($_POST['comment_text'])) ? $_POST['comment_text'] : ''; if (isset($_SESSION['user_id']) && !empty($article_id) && !empty($comment_text)) { $sql = 'INSERT INTO cms_comments (article_id, user_id, comment_date, comment_text) VALUES (' . $article_id . ', ' . $_SESSION['user_id'] . ', "' . date('Y-m-d H:i:s') . '", "' . mysql_real_escape_string($comment_text, $db) . '")'; mysql_query($sql, $db) or die(mysql_error($db)); } redirect('cms_view_article.php?article_id=' . $article_id); break; default: redirect('cms_index.php'); } } else { redirect('cms_index.php'); } ?> It is the article transact file... and below is the composing script : <?php require 'db.inc.php'; include 'cms_header.inc.php'; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die ('Unable to connect. Check your connection parameters.'); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); $action = (isset($_GET['action'])) ? $_GET['action'] : ''; $article_id = (isset($_GET['article_id']) && ctype_digit($_GET['article_id'])) ? $_GET['article_id'] : '' ; $title = (isset($_POST['title'])) ? $_POST['title'] : '' ; $article_text = (isset($_POST['article_text'])) ? $_POST['article_text'] : '' ; $user_id = (isset($_POST['user_id'])) ? $_POST['user_id'] : '' ; if ($action == 'edit' && !empty($article_id)) { $sql = 'SELECT title, article_text, user_id FROM cms_articles WHERE article_id = ' . $article_id; $result = mysql_query($sql, $db) or die(mysql_error($db)); $row = mysql_fetch_array($result); extract($row); mysql_free_result($result); } ?> <h2>Compose Article</h2> <form method="post" action="cms_transact_article.php"> <table> <tr> <td><label for="title">Title:</label></td> <td><input type="text" name="title" id="title" maxlength="255" value="<?php echo htmlspecialchars($title); ?>"/></td> </tr><tr> <td><label for="article_text">Text:</label></td> <td><textarea name="article_text" name="article_text" rows="10" cols="60"><?php echo htmlspecialchars($article_text); ?></textarea></td> </tr><tr> <td> </td> <td> <?php if ($_SESSION['access_level'] < 2) { echo '<input type="hidden" name="user_id" value="' . $user_id . '"/>'; } if (empty($article_id)) { echo '<input type="submit" name="action" "value="Submit New Article"/>'; } else { echo '<input type="hidden" name="article_id" value="' . $article_id . '"/>'; echo '<input type="submit" name="action" "value="Save Changes"/>'; } ?> </td> </tr> </table> </form> <?php require_once 'cms_footer.inc.php'; ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.