Jump to content

Undefined offset & error in your SQL syntax


Recommended Posts

What I am trying to do is to associate a user (id) to a page they create, so if joe blogs is user 4, then the data base will show the page details, and add the id (from a user page).  However, when I try the code  to save data I get the following error messages:

Notice: Undefined offset: 4 in C:\xampp\htdocs\MyCMS\admin\index.php on line 98
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ' 'Thom\'s page', 'testing Tom', 'Tom')' at line 1

I include the code to insert the page:

<!-- Insert Page -->
					if(isset($_POST['submitted']) == 1) {
					$header = stripslashes($_REQUEST['header']);
					$header = mysqli_real_escape_string($dbc, $header);

					$title = stripslashes($_REQUEST['title']); 
					$title = mysqli_real_escape_string($dbc, $title);  
					$body = stripslashes($_REQUEST['body']);
					$body = mysqli_real_escape_string($dbc, $body);
					$userid = stripslashes($_REQUEST['userid']);
					$userid = mysqli_real_escape_string($dbc, $userid);
					$q = "INSERT INTO `pages` (`userid`, `header`, `title`, `body`) VALUES ($_POST[$userid], '$header', '$title', '$body')";
					$r = mysqli_query($dbc, $q) or die(mysqli_error($dbc));
						if($r) {
						$message = '<p>Page was added.</p>';
						} else {
							$message = '<p>Page could not be added due to: </p>'.mysqli_error($dbc);						
							$message .= '<p>'.$q.'</p>';
							} // end if inner
					} // end if outer

The form has - Page Header, Page Title, User, and boys.  There is a working list of current users.  It is these users (and new users) that I want to add to a 'Pages' database, which has the following fields:  id, userid, header, title, body; and a 'User' database with the following fields: id, firstname, lastname, username, password, status.

Any help to solve the issues will be appreciated.




Link to comment
Share on other sites

No error messages?

Why do you check for a $_POST array and then utilize $_REQUEST values?  Bad form.  Plus - you escape the $_REQUEST userid value but then use the $_POST value in your query.   One should ONLY use the array that one EXPECTS to have given to them.  That means if you are using a form with a GET method, retrieve your data from the GET array, not the POST nor the REQUEST one.  Period.

Link to comment
Share on other sites

stripslashes on DB input? Are you really expecting your users to put slashes in the submitted data? That was typically a 90's DB output function back in the days when magic quotes was used. If you are learning from some tutorial now would be time to find a new one. I would highly suggest you start learning PDO. Here is a tutorial to get you going. https://phpdelusions.net/pdo

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.