Jump to content

Edit lyrics by ID


Dime

Recommended Posts

Hello

I work on my school project where we have to create a website with front and back end. So I decided to create a lyrics website.

I created a DB, with a table table called "lyrics"

This is the structure:

CREATE TABLE lyrics (
    lyricsId int(8) PRIMARY KEY AUTO_INCREMENT,
    artist varchar(100),
    song varchar(100),
    cover varchar(100),
    lyrics varchar(9999),
    chartId int(8),
    commentId int(8),
    FOREIGN KEY (chartId) REFERENCES charts(chartId),
);

So right now I dont know how I can create a Editlyrics.php button where I can edit he lyrics by the ID page

for example I have 2 sogns with lyrics and when i press on a song i go to the lyris of that song, and on that page I want to have a button where i can edit the lyrics.

Tjis is what i did:

I created a editlyrics.php file and added this code, but its not working and I know for a fact that nothing is right here, there are so many errors, but I dont know what the errors are or how can i fix this...

<?php

session_start();

    include("connectdb.php");

    $id = $_SESSION['id'];
    $lyricsId = $_POST['lyricsId'];

    $col = "UNDEFINED";
    if(isset($_POST['lyricsId'])){
        $col = "lyrics";
        $val = $_POST['lyrics'];
    }

    $query = "UPDATE lyrics SET $col='$val' WHERE lyricsId=$id;";

    if(mysqli_query($dbc_form,$query)){
        
        header("Location: index.php");
    }else{ 
        
        $_SESSION['error_msg'] = "Same Lyrics!";
        header("Location: index.php");
    }

?>

Any help? thanks

Link to comment
Share on other sites

You've gotten some things confused, I think. Take a step back and think about what you're trying to do, what you're doing currently, and what needs to be done to do what you actually want to do. For instance, you know you're going to update lyrics, right? Does the name of the column containing lyrics change? I'm going to bet not, so why then not just use the column name directly - there's no need for a variable.

Also, you set $id to whatever the value of $_SESSION['id'] is, assign $_POST['lyricsId'] to a variable before you check whether or not it exists, and then completely ignore $lyricsId in favor or $id (which I think is probably not the same thing) to let the database know which record to update.

And while you're at it, get into the habit of using prepared queries. Right now your query is wide open to SQL injection attacks - learning to avoid this from the outset is a lot easier than trying to relearn how to do things later on. Just ask Little Bobby Tables's school administrators...

Link to comment
Share on other sites

Quote

I created a editlyrics.php file and added this code, but its not working and I know for a fact that nothing is right here, there are so many errors, but I dont know what the errors are or how can i fix this...

When looking for help for a problem, it is important to include the diagnostics you already have.  You stated you have errors that you know of, but you didn't provide them in your post.

 

Let's start with something a little more standard for an edit script:

 

<?php
    session_start();
    $id = $_SESSION['id'];
	
    if (!$id) {
      die('Invalid Session');
    }
    include("connectdb.php");

    $lyricsId = (int)$_POST['lyricsId'];
    $lyrics = trim(strip_tags($_POST['lyrics']));

    if ($lyricsId && !empty($lyrics)) {
        $query = "UPDATE lyrics SET lyrics = ? WHERE lyricsId = ?";
        $stmt = mysqli_prepare($dbc_form, $query);
        mysqli_stmt_bind_param($stmt, 'si', $lyrics, $lyricsId);
        mysqli_stmt_execute($stmt);
        # Should go back to your lyrics display page, to show the updated lyrics for that $lyricsId
      	header("Location: index.php");              
    } else {         
        $_SESSION['error_msg'] = "No Lyrics provided";
        header("Location: index.php");
    }

 

Some things to note:

  1. Check that there is a session id
  2. cast lyricsId to an integer to keep people from screwing around with id parameters
  3. trim and strip html tags from the posted lyrics.
  4. Properly use bound parameters.  Do not interpolate strings, as it opens you up to sql injection.  User input should Never be trusted, and that includes all get and post parameters.  Binding parameters helps so that you do not need to escape input when used in SQL statements, AND prevents SQL injection.
  5. When the edit works OR fails, you should go back to the lyrics detail page, not back to index.php.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.