Jump to content

News Script Issue

Guteman

By Guteman
in PHP Coding Help

 Share

Recommended Posts

Guteman Member

Guteman

Posted
Posted
Okay so now I got all the fields to show up correctly, now when I click submit to change a news post, nothing changes in the news! Ima need someones help again.




Here is the code again.

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]<?

include("config.php");


//If cmd has not been initialized
if(!isset($cmd))
{
//display all the news
$result = mysql_query("select id, title from news order by id");

//run the while loop that grabs all the news scripts
while($r=mysql_fetch_array($result))
{
//grab the title and the ID of the news
$id=$r["id"];//take out the id
$title=$r["title"];//take out the title

//make the title a link
echo "<a href='edit.php?cmd=edit&id=$id'>$title - Edit</a>";
echo "<br>";
}
}
?>
<?
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
if (!isset($_POST["submit"]))
{
$id = $_GET["id"];
$sql = "SELECT * FROM news WHERE id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
?>

<form action="edit.php" method="post">
<input type=hidden name="id" value="<?php echo $myrow["id"] ?>">

Title:<INPUT TYPE="TEXT" NAME="title" VALUE="<?php echo $myrow["title"] ?>" SIZE=30><br>
Message:<TEXTAREA NAME="post" ROWS=10 COLS=30><? echo $myrow["post"] ?></TEXTAREA><br>
Who:<INPUT TYPE="TEXT" NAME="user" VALUE="<?php echo $myrow["user"] ?>" SIZE=30><br>

<input type="hidden" name="cmd" value="edit">

<input type="submit" name="submit" value="submit">

</form>

<? } ?>
<?
if ($_POST["$submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE id='$id'";
//replace news with your table name above
$result = mysql_query($sql);
echo "Thank you! Information updated.";
}
}
?>[/quote]
Link to comment
Share on other sites
lessthanthree Newbie

lessthanthree

Posted
Posted
if ($_POST["$submit"])

should be if ($_POST["submit"])

for good measure, i'd do: if (isset($_POST["submit"]))

Just to add, you having some security flaws in there that open your site up to sql injection. You should clean the values to make them as injection proof as possible.

look at using functions like addslashes() to protect your site from malicious attacks.
Link to comment
Share on other sites
Guteman Member

Guteman

Posted
  • Author
Posted
[!--quoteo(post=353050:date=Mar 8 2006, 04:57 PM:name=lessthanthree)--][div class=\'quotetop\']QUOTE(lessthanthree @ Mar 8 2006, 04:57 PM) [snapback]353050[/snapback][/div][div class=\'quotemain\'][!--quotec--]
if ($_POST["$submit"])

should be if ($_POST["submit"])

for good measure, i'd do: if (isset($_POST["submit"]))

Just to add, you having some security flaws in there that open your site up to sql injection. You should clean the values to make them as injection proof as possible.

look at using functions like addslashes() to protect your site from malicious attacks.
[/quote]

This did not fix it :(
Link to comment
Share on other sites
lessthanthree Newbie

lessthanthree

Posted
Posted
[!--quoteo(post=353055:date=Mar 8 2006, 11:08 PM:name=Guteman)--][div class=\'quotetop\']QUOTE(Guteman @ Mar 8 2006, 11:08 PM) [snapback]353055[/snapback][/div][div class=\'quotemain\'][!--quotec--]
This did not fix it :(
[/quote]

Time to print some debug stuff then.

Can you print the sql out directly under where you defined it.

This will print your query to the page and you can see any errors / missing values that may be occuring.

I have a feeling your $id variable that is used in the final sql statement is empty becuase it is set with $id = $_GET["id"] that is only done if submit is not set. When your sql statement is run, $id will not be set as the form has been submitted.

Hope that makes sense :S
Link to comment
Share on other sites
lessthanthree Newbie

lessthanthree

Posted
Posted
replace

[code]
<?
if ($_POST["$submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE id='$id'";
//replace news with your table name above
$result = mysql_query($sql);
echo "Thank you! Information updated.";
}
}
?>
[/code]

with
[code]
<?
if ($_POST["submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE id='$id'";

print $sql;
die();


//replace news with your table name above
$result = mysql_query($sql);

echo "Thank you! Information updated.";
}
}
?>
[/code]
and paste the sql that outputs to your page
Link to comment
Share on other sites
Guteman Member

Guteman

Posted
  • Author
Posted
I do believe you are right.. Heres what I got:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]UPDATE news SET title='SST Website',post='Hello and Welcome to the SST-',user='Guteman' WHERE id=''[/quote]

How do I go about defining the id variable?
Link to comment
Share on other sites
lessthanthree Newbie

lessthanthree

Posted
Posted
to keep your page structure as it is at the moment...

add a field to your form (edit)

<input type='hidden' value='".$id."' />

then change this

$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];

to

$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];
$id = $_POST["id"];
Link to comment
Share on other sites
Guteman Member

Guteman

Posted
  • Author
Posted
ugh this is frusterating me. A question I have is in php myadmin its said as ID not id... is all this case sensitive? Do you see something wrong I did. Thanks very much for your help so far.

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
<?

include("config.php");


//If cmd has not been initialized
if(!isset($cmd))
{
//display all the news
$result = mysql_query("select id, title from news order by id");

//run the while loop that grabs all the news scripts
while($r=mysql_fetch_array($result))
{
//grab the title and the ID of the news
$id=$r["id"];//take out the id
$title=$r["title"];//take out the title

//make the title a link
echo "<a href='edit.php?cmd=edit&id=$id'>$title - Edit</a>";
echo "<br>";
}
}
?>
<?
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
if (!isset($_POST["submit"]))
{
$id = $_GET["id"];
$sql = "SELECT * FROM news WHERE id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
?>

<form action="edit.php" method="post">
<input type=hidden name="id" value="<?php echo $myrow["id"] ?>">

Title:<INPUT TYPE="TEXT" NAME="title" VALUE="<?php echo $myrow["title"] ?>" SIZE=30><br>
Message:<TEXTAREA NAME="post" ROWS=10 COLS=30><? echo $myrow["post"] ?></TEXTAREA><br>
Who:<INPUT TYPE="TEXT" NAME="user" VALUE="<?php echo $myrow["user"] ?>" SIZE=30><br>

<input type="hidden" name="cmd" value="edit">
<input type='hidden' value='".$id."' />
<input type="submit" name="submit" value="submit">

</form>

<? } ?>


<?
if ($_POST["submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];
$id = $_POST["id"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE ID='$id'";

print $sql;
die();


//replace news with your table name above
$result = mysql_query($sql);

echo "Thank you! Information updated.";
}
}
?>
[/quote]
Link to comment
Share on other sites
lessthanthree Newbie

lessthanthree

Posted
Posted
[!--quoteo(post=353075:date=Mar 8 2006, 11:49 PM:name=Guteman)--][div class=\'quotetop\']QUOTE(Guteman @ Mar 8 2006, 11:49 PM) [snapback]353075[/snapback][/div][div class=\'quotemain\'][!--quotec--]
ugh this is frusterating me. A question I have is in php myadmin its said as ID not id... is all this case sensitive? Do you see something wrong I did. Thanks very much for your help so far.
[/quote]


Is the print $sql now showing a value for $id?

If it is you can take the die(); function out....
Link to comment
Share on other sites
lessthanthree Newbie

lessthanthree

Posted
Posted
[!--quoteo(post=353077:date=Mar 8 2006, 11:55 PM:name=Guteman)--][div class=\'quotetop\']QUOTE(Guteman @ Mar 8 2006, 11:55 PM) [snapback]353077[/snapback][/div][div class=\'quotemain\'][!--quotec--]
No sir it is not, its getting the same thing as above.
[/quote]


my bad

change: <input type='hidden' value='".$id."' />
to: <input type='hidden' name='id' value='".$id."' />
Link to comment
Share on other sites
Guteman Member

Guteman

Posted
  • Author
Posted
Alright now its getting somewhere, something small is still missing!

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]UPDATE news SET title='SST Website',post='Hello and Welcome to the SST-Website. This is the news script working.',user='Guteman' WHERE id='\".$id.\"'[/quote]

is what i got now

here is the full code (all 1 page)

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
<?

include("config.php");


//If cmd has not been initialized
if(!isset($cmd))
{
//display all the news
$result = mysql_query("select id, title from news order by id");

//run the while loop that grabs all the news scripts
while($r=mysql_fetch_array($result))
{
//grab the title and the ID of the news
$id=$r["id"];//take out the id
$title=$r["title"];//take out the title

//make the title a link
echo "<a href='edit.php?cmd=edit&id=$id'>$title - Edit</a>";
echo "<br>";
}
}
?>
<?
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
if (!isset($_POST["submit"]))
{
$id = $_GET["id"];
$sql = "SELECT * FROM news WHERE id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
?>

<form action="edit.php" method="post">
<input type=hidden name="id" value="<?php echo $myrow["id"] ?>">

Title:<INPUT TYPE="TEXT" NAME="title" VALUE="<?php echo $myrow["title"] ?>" SIZE=30><br>
Message:<TEXTAREA NAME="post" ROWS=10 COLS=30><? echo $myrow["post"] ?></TEXTAREA><br>
Who:<INPUT TYPE="TEXT" NAME="user" VALUE="<?php echo $myrow["user"] ?>" SIZE=30><br>

<input type="hidden" name="cmd" value="edit">
<input type='hidden' name='id' value='".$id."' />
<input type="submit" name="submit" value="submit">

</form>

<? } ?>


<?
if ($_POST["submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];
$id = $_POST["id"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE id='$id'";

print $sql;
die();


//replace news with your table name above
$result = mysql_query($sql);

echo "Thank you! Information updated.";
}
}
?>[/quote]
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.