Jump to content

Recommended Posts

What I am trying to do is to associate a user (id) to a page they create, so if joe blogs is user 4, then the data base will show the page details, and add the id (from a user page).  However, when I try the code  to save data I get the following error messages:

Notice: Undefined offset: 4 in C:\xampp\htdocs\MyCMS\admin\index.php on line 98
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ' 'Thom\'s page', 'testing Tom', 'Tom')' at line 1

I include the code to insert the page:

<!-- Insert Page -->
				<?php  
					if(isset($_POST['submitted']) == 1) {
										
					$header = stripslashes($_REQUEST['header']);
					
					$header = mysqli_real_escape_string($dbc, $header);

					$title = stripslashes($_REQUEST['title']); 
										
					$title = mysqli_real_escape_string($dbc, $title);  
					
					$body = stripslashes($_REQUEST['body']);
					
					$body = mysqli_real_escape_string($dbc, $body);
					
					$userid = stripslashes($_REQUEST['userid']);
					
					$userid = mysqli_real_escape_string($dbc, $userid);
					
					
					$q = "INSERT INTO `pages` (`userid`, `header`, `title`, `body`) VALUES ($_POST[$userid], '$header', '$title', '$body')";
					
					$r = mysqli_query($dbc, $q) or die(mysqli_error($dbc));
					
						if($r) {
						
						$message = '<p>Page was added.</p>';
						
						} else {
						
							$message = '<p>Page could not be added due to: </p>'.mysqli_error($dbc);						
							$message .= '<p>'.$q.'</p>';
							} // end if inner
					
					} // end if outer
					
				?>

The form has - Page Header, Page Title, User, and boys.  There is a working list of current users.  It is these users (and new users) that I want to add to a 'Pages' database, which has the following fields:  id, userid, header, title, body; and a 'User' database with the following fields: id, firstname, lastname, username, password, status.

Any help to solve the issues will be appreciated.

Thanks.

 

 

No error messages?

Why do you check for a $_POST array and then utilize $_REQUEST values?  Bad form.  Plus - you escape the $_REQUEST userid value but then use the $_POST value in your query.   One should ONLY use the array that one EXPECTS to have given to them.  That means if you are using a form with a GET method, retrieve your data from the GET array, not the POST nor the REQUEST one.  Period.

stripslashes on DB input? Are you really expecting your users to put slashes in the submitted data? That was typically a 90's DB output function back in the days when magic quotes was used. If you are learning from some tutorial now would be time to find a new one. I would highly suggest you start learning PDO. Here is a tutorial to get you going. https://phpdelusions.net/pdo

Thanks for the help.  The advice helped.  I am following a tutorial that has caused issues.  However, as I am new to PHP and/or PDO I am sticking with the PHP tutorial. That wy, some day I can figure out how to use PHP without tutorials.  

Once, again, thanks.

But the tutorial you're using is extremely outdated and it would be better to familarize yourself with the more recent now before you get into bad habits. If it's using mysqli, then it's probably using php 5, which could be as old as 2004. Probably not quite that old but still. 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.