Undefined offset & error in your SQL syntax

[Steve_Berry]

What I am trying to do is to associate a user (id) to a page they create, so if joe blogs is user 4, then the data base will show the page details, and add the id (from a user page).  However, when I try the code  to save data I get the following error messages:

Notice: Undefined offset: 4 in C:\xampp\htdocs\MyCMS\admin\index.php on line 98
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ' 'Thom\'s page', 'testing Tom', 'Tom')' at line 1

I include the code to insert the page:

<!-- Insert Page -->
				<?php  
					if(isset($_POST['submitted']) == 1) {
										
					$header = stripslashes($_REQUEST['header']);
					
					$header = mysqli_real_escape_string($dbc, $header);

					$title = stripslashes($_REQUEST['title']); 
										
					$title = mysqli_real_escape_string($dbc, $title);  
					
					$body = stripslashes($_REQUEST['body']);
					
					$body = mysqli_real_escape_string($dbc, $body);
					
					$userid = stripslashes($_REQUEST['userid']);
					
					$userid = mysqli_real_escape_string($dbc, $userid);
					
					
					$q = "INSERT INTO `pages` (`userid`, `header`, `title`, `body`) VALUES ($_POST[$userid], '$header', '$title', '$body')";
					
					$r = mysqli_query($dbc, $q) or die(mysqli_error($dbc));
					
						if($r) {
						
						$message = '<p>Page was added.</p>';
						
						} else {
						
							$message = '<p>Page could not be added due to: </p>'.mysqli_error($dbc);						
							$message .= '<p>'.$q.'</p>';
							} // end if inner
					
					} // end if outer
					
				?>

The form has - Page Header, Page Title, User, and boys.  There is a working list of current users.  It is these users (and new users) that I want to add to a 'Pages' database, which has the following fields:  id, userid, header, title, body; and a 'User' database with the following fields: id, firstname, lastname, username, password, status.

Any help to solve the issues will be appreciated.

Thanks.

 

 

[Barand]

Perhaps you meant either

$_POST['userid'] or $userid

instead of

$_POST[$userid]

[ginerjm]

No error messages?

Why do you check for a $_POST array and then utilize $_REQUEST values?  Bad form.  Plus - you escape the $_REQUEST userid value but then use the $_POST value in your query.   One should ONLY use the array that one EXPECTS to have given to them.  That means if you are using a form with a GET method, retrieve your data from the GET array, not the POST nor the REQUEST one.  Period.

[benanamen]

stripslashes on DB input? Are you really expecting your users to put slashes in the submitted data? That was typically a 90's DB output function back in the days when magic quotes was used. If you are learning from some tutorial now would be time to find a new one. I would highly suggest you start learning PDO. Here is a tutorial to get you going. https://phpdelusions.net/pdo

[Steve_Berry]

Thanks for the help.  The advice helped.  I am following a tutorial that has caused issues.  However, as I am new to PHP and/or PDO I am sticking with the PHP tutorial. That wy, some day I can figure out how to use PHP without tutorials.  

Once, again, thanks.

[taquitosensei]

But the tutorial you're using is extremely outdated and it would be better to familarize yourself with the more recent now before you get into bad habits. If it's using mysqli, then it's probably using php 5, which could be as old as 2004. Probably not quite that old but still.