Jump to content
Steve_Berry

Undefined offset & error in your SQL syntax

Recommended Posts

What I am trying to do is to associate a user (id) to a page they create, so if joe blogs is user 4, then the data base will show the page details, and add the id (from a user page).  However, when I try the code  to save data I get the following error messages:

Notice: Undefined offset: 4 in C:\xampp\htdocs\MyCMS\admin\index.php on line 98
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ' 'Thom\'s page', 'testing Tom', 'Tom')' at line 1

I include the code to insert the page:

<!-- Insert Page -->
				<?php  
					if(isset($_POST['submitted']) == 1) {
										
					$header = stripslashes($_REQUEST['header']);
					
					$header = mysqli_real_escape_string($dbc, $header);

					$title = stripslashes($_REQUEST['title']); 
										
					$title = mysqli_real_escape_string($dbc, $title);  
					
					$body = stripslashes($_REQUEST['body']);
					
					$body = mysqli_real_escape_string($dbc, $body);
					
					$userid = stripslashes($_REQUEST['userid']);
					
					$userid = mysqli_real_escape_string($dbc, $userid);
					
					
					$q = "INSERT INTO `pages` (`userid`, `header`, `title`, `body`) VALUES ($_POST[$userid], '$header', '$title', '$body')";
					
					$r = mysqli_query($dbc, $q) or die(mysqli_error($dbc));
					
						if($r) {
						
						$message = '<p>Page was added.</p>';
						
						} else {
						
							$message = '<p>Page could not be added due to: </p>'.mysqli_error($dbc);						
							$message .= '<p>'.$q.'</p>';
							} // end if inner
					
					} // end if outer
					
				?>

The form has - Page Header, Page Title, User, and boys.  There is a working list of current users.  It is these users (and new users) that I want to add to a 'Pages' database, which has the following fields:  id, userid, header, title, body; and a 'User' database with the following fields: id, firstname, lastname, username, password, status.

Any help to solve the issues will be appreciated.

Thanks.

 

 

Share this post


Link to post
Share on other sites

Perhaps you meant either

$_POST['userid'] or $userid

instead of

$_POST[$userid]

Share this post


Link to post
Share on other sites

No error messages?

Why do you check for a $_POST array and then utilize $_REQUEST values?  Bad form.  Plus - you escape the $_REQUEST userid value but then use the $_POST value in your query.   One should ONLY use the array that one EXPECTS to have given to them.  That means if you are using a form with a GET method, retrieve your data from the GET array, not the POST nor the REQUEST one.  Period.

Share this post


Link to post
Share on other sites

stripslashes on DB input? Are you really expecting your users to put slashes in the submitted data? That was typically a 90's DB output function back in the days when magic quotes was used. If you are learning from some tutorial now would be time to find a new one. I would highly suggest you start learning PDO. Here is a tutorial to get you going. https://phpdelusions.net/pdo

Share this post


Link to post
Share on other sites

Thanks for the help.  The advice helped.  I am following a tutorial that has caused issues.  However, as I am new to PHP and/or PDO I am sticking with the PHP tutorial. That wy, some day I can figure out how to use PHP without tutorials.  

Once, again, thanks.

Share this post


Link to post
Share on other sites

But the tutorial you're using is extremely outdated and it would be better to familarize yourself with the more recent now before you get into bad habits. If it's using mysqli, then it's probably using php 5, which could be as old as 2004. Probably not quite that old but still. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.