Steve_Berry Posted February 11, 2019 Share Posted February 11, 2019 What I am trying to do is to associate a user (id) to a page they create, so if joe blogs is user 4, then the data base will show the page details, and add the id (from a user page). However, when I try the code to save data I get the following error messages: Notice: Undefined offset: 4 in C:\xampp\htdocs\MyCMS\admin\index.php on line 98 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ' 'Thom\'s page', 'testing Tom', 'Tom')' at line 1 I include the code to insert the page: <!-- Insert Page --> <?php if(isset($_POST['submitted']) == 1) { $header = stripslashes($_REQUEST['header']); $header = mysqli_real_escape_string($dbc, $header); $title = stripslashes($_REQUEST['title']); $title = mysqli_real_escape_string($dbc, $title); $body = stripslashes($_REQUEST['body']); $body = mysqli_real_escape_string($dbc, $body); $userid = stripslashes($_REQUEST['userid']); $userid = mysqli_real_escape_string($dbc, $userid); $q = "INSERT INTO `pages` (`userid`, `header`, `title`, `body`) VALUES ($_POST[$userid], '$header', '$title', '$body')"; $r = mysqli_query($dbc, $q) or die(mysqli_error($dbc)); if($r) { $message = '<p>Page was added.</p>'; } else { $message = '<p>Page could not be added due to: </p>'.mysqli_error($dbc); $message .= '<p>'.$q.'</p>'; } // end if inner } // end if outer ?> The form has - Page Header, Page Title, User, and boys. There is a working list of current users. It is these users (and new users) that I want to add to a 'Pages' database, which has the following fields: id, userid, header, title, body; and a 'User' database with the following fields: id, firstname, lastname, username, password, status. Any help to solve the issues will be appreciated. Thanks. Link to comment Share on other sites More sharing options...
Barand Posted February 11, 2019 Share Posted February 11, 2019 Perhaps you meant either $_POST['userid'] or $userid instead of $_POST[$userid] Link to comment Share on other sites More sharing options...
ginerjm Posted February 11, 2019 Share Posted February 11, 2019 No error messages? Why do you check for a $_POST array and then utilize $_REQUEST values? Bad form. Plus - you escape the $_REQUEST userid value but then use the $_POST value in your query. One should ONLY use the array that one EXPECTS to have given to them. That means if you are using a form with a GET method, retrieve your data from the GET array, not the POST nor the REQUEST one. Period. Link to comment Share on other sites More sharing options...
benanamen Posted February 11, 2019 Share Posted February 11, 2019 stripslashes on DB input? Are you really expecting your users to put slashes in the submitted data? That was typically a 90's DB output function back in the days when magic quotes was used. If you are learning from some tutorial now would be time to find a new one. I would highly suggest you start learning PDO. Here is a tutorial to get you going. https://phpdelusions.net/pdo Link to comment Share on other sites More sharing options...
Steve_Berry Posted February 12, 2019 Author Share Posted February 12, 2019 Thanks for the help. The advice helped. I am following a tutorial that has caused issues. However, as I am new to PHP and/or PDO I am sticking with the PHP tutorial. That wy, some day I can figure out how to use PHP without tutorials. Once, again, thanks. Link to comment Share on other sites More sharing options...
taquitosensei Posted February 12, 2019 Share Posted February 12, 2019 But the tutorial you're using is extremely outdated and it would be better to familarize yourself with the more recent now before you get into bad habits. If it's using mysqli, then it's probably using php 5, which could be as old as 2004. Probably not quite that old but still. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.