Jump to content


Photo

News Script Issue


  • Please log in to reply
15 replies to this topic

#1 Guteman

Guteman
  • Members
  • PipPipPip
  • Advanced Member
  • 39 posts
  • LocationWisconsin

Posted 08 March 2006 - 10:14 PM

Okay so now I got all the fields to show up correctly, now when I click submit to change a news post, nothing changes in the news! Ima need someones help again.




Here is the code again.

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]<?

include("config.php");


//If cmd has not been initialized
if(!isset($cmd))
{
//display all the news
$result = mysql_query("select id, title from news order by id");

//run the while loop that grabs all the news scripts
while($r=mysql_fetch_array($result))
{
//grab the title and the ID of the news
$id=$r["id"];//take out the id
$title=$r["title"];//take out the title

//make the title a link
echo "<a href='edit.php?cmd=edit&id=$id'>$title - Edit</a>";
echo "<br>";
}
}
?>
<?
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
if (!isset($_POST["submit"]))
{
$id = $_GET["id"];
$sql = "SELECT * FROM news WHERE id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
?>

<form action="edit.php" method="post">
<input type=hidden name="id" value="<?php echo $myrow["id"] ?>">

Title:<INPUT TYPE="TEXT" NAME="title" VALUE="<?php echo $myrow["title"] ?>" SIZE=30><br>
Message:<TEXTAREA NAME="post" ROWS=10 COLS=30><? echo $myrow["post"] ?></TEXTAREA><br>
Who:<INPUT TYPE="TEXT" NAME="user" VALUE="<?php echo $myrow["user"] ?>" SIZE=30><br>

<input type="hidden" name="cmd" value="edit">

<input type="submit" name="submit" value="submit">

</form>

<? } ?>
<?
if ($_POST["$submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE id='$id'";
//replace news with your table name above
$result = mysql_query($sql);
echo "Thank you! Information updated.";
}
}
?>[/quote]

#2 lessthanthree

lessthanthree
  • Members
  • PipPipPip
  • Advanced Member
  • 85 posts
  • LocationUK

Posted 08 March 2006 - 10:57 PM

if ($_POST["$submit"])

should be if ($_POST["submit"])

for good measure, i'd do: if (isset($_POST["submit"]))

Just to add, you having some security flaws in there that open your site up to sql injection. You should clean the values to make them as injection proof as possible.

look at using functions like addslashes() to protect your site from malicious attacks.
call me a safe bet, i'm betting i'm not

#3 Guteman

Guteman
  • Members
  • PipPipPip
  • Advanced Member
  • 39 posts
  • LocationWisconsin

Posted 08 March 2006 - 11:08 PM

[!--quoteo(post=353050:date=Mar 8 2006, 04:57 PM:name=lessthanthree)--][div class=\'quotetop\']QUOTE(lessthanthree @ Mar 8 2006, 04:57 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
if ($_POST["$submit"])

should be if ($_POST["submit"])

for good measure, i'd do: if (isset($_POST["submit"]))

Just to add, you having some security flaws in there that open your site up to sql injection. You should clean the values to make them as injection proof as possible.

look at using functions like addslashes() to protect your site from malicious attacks.
[/quote]

This did not fix it :(


#4 lessthanthree

lessthanthree
  • Members
  • PipPipPip
  • Advanced Member
  • 85 posts
  • LocationUK

Posted 08 March 2006 - 11:11 PM

[!--quoteo(post=353055:date=Mar 8 2006, 11:08 PM:name=Guteman)--][div class=\'quotetop\']QUOTE(Guteman @ Mar 8 2006, 11:08 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
This did not fix it :(
[/quote]

Time to print some debug stuff then.

Can you print the sql out directly under where you defined it.

This will print your query to the page and you can see any errors / missing values that may be occuring.

I have a feeling your $id variable that is used in the final sql statement is empty becuase it is set with $id = $_GET["id"] that is only done if submit is not set. When your sql statement is run, $id will not be set as the form has been submitted.

Hope that makes sense :S
call me a safe bet, i'm betting i'm not

#5 Guteman

Guteman
  • Members
  • PipPipPip
  • Advanced Member
  • 39 posts
  • LocationWisconsin

Posted 08 March 2006 - 11:21 PM

lol sorry It doesnt make sense to me :( Is there any other way you can put it?

#6 lessthanthree

lessthanthree
  • Members
  • PipPipPip
  • Advanced Member
  • 85 posts
  • LocationUK

Posted 08 March 2006 - 11:26 PM

replace

<?
if ($_POST["$submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE id='$id'";
//replace news with your table name above
$result = mysql_query($sql);
echo "Thank you! Information updated.";
}
}
?>

with
<?
if ($_POST["submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE id='$id'";

print $sql;
die();


//replace news with your table name above
$result = mysql_query($sql);

echo "Thank you! Information updated.";
}
}
?>
and paste the sql that outputs to your page
call me a safe bet, i'm betting i'm not

#7 Guteman

Guteman
  • Members
  • PipPipPip
  • Advanced Member
  • 39 posts
  • LocationWisconsin

Posted 08 March 2006 - 11:29 PM

I do believe you are right.. Heres what I got:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]UPDATE news SET title='SST Website',post='Hello and Welcome to the SST-',user='Guteman' WHERE id=''[/quote]

How do I go about defining the id variable?

#8 lessthanthree

lessthanthree
  • Members
  • PipPipPip
  • Advanced Member
  • 85 posts
  • LocationUK

Posted 08 March 2006 - 11:41 PM

to keep your page structure as it is at the moment...

add a field to your form (edit)

<input type='hidden' value='".$id."' />

then change this

$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];

to

$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];
$id = $_POST["id"];
call me a safe bet, i'm betting i'm not

#9 Guteman

Guteman
  • Members
  • PipPipPip
  • Advanced Member
  • 39 posts
  • LocationWisconsin

Posted 08 March 2006 - 11:49 PM

ugh this is frusterating me. A question I have is in php myadmin its said as ID not id... is all this case sensitive? Do you see something wrong I did. Thanks very much for your help so far.

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
<?

include("config.php");


//If cmd has not been initialized
if(!isset($cmd))
{
//display all the news
$result = mysql_query("select id, title from news order by id");

//run the while loop that grabs all the news scripts
while($r=mysql_fetch_array($result))
{
//grab the title and the ID of the news
$id=$r["id"];//take out the id
$title=$r["title"];//take out the title

//make the title a link
echo "<a href='edit.php?cmd=edit&id=$id'>$title - Edit</a>";
echo "<br>";
}
}
?>
<?
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
if (!isset($_POST["submit"]))
{
$id = $_GET["id"];
$sql = "SELECT * FROM news WHERE id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
?>

<form action="edit.php" method="post">
<input type=hidden name="id" value="<?php echo $myrow["id"] ?>">

Title:<INPUT TYPE="TEXT" NAME="title" VALUE="<?php echo $myrow["title"] ?>" SIZE=30><br>
Message:<TEXTAREA NAME="post" ROWS=10 COLS=30><? echo $myrow["post"] ?></TEXTAREA><br>
Who:<INPUT TYPE="TEXT" NAME="user" VALUE="<?php echo $myrow["user"] ?>" SIZE=30><br>

<input type="hidden" name="cmd" value="edit">
<input type='hidden' value='".$id."' />
<input type="submit" name="submit" value="submit">

</form>

<? } ?>


<?
if ($_POST["submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];
$id = $_POST["id"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE ID='$id'";

print $sql;
die();


//replace news with your table name above
$result = mysql_query($sql);

echo "Thank you! Information updated.";
}
}
?>
[/quote]

#10 lessthanthree

lessthanthree
  • Members
  • PipPipPip
  • Advanced Member
  • 85 posts
  • LocationUK

Posted 08 March 2006 - 11:53 PM

[!--quoteo(post=353075:date=Mar 8 2006, 11:49 PM:name=Guteman)--][div class=\'quotetop\']QUOTE(Guteman @ Mar 8 2006, 11:49 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
ugh this is frusterating me. A question I have is in php myadmin its said as ID not id... is all this case sensitive? Do you see something wrong I did. Thanks very much for your help so far.
[/quote]


Is the print $sql now showing a value for $id?

If it is you can take the die(); function out....
call me a safe bet, i'm betting i'm not

#11 Guteman

Guteman
  • Members
  • PipPipPip
  • Advanced Member
  • 39 posts
  • LocationWisconsin

Posted 08 March 2006 - 11:55 PM

No sir it is not, its getting the same thing as above.

#12 lessthanthree

lessthanthree
  • Members
  • PipPipPip
  • Advanced Member
  • 85 posts
  • LocationUK

Posted 08 March 2006 - 11:58 PM

[!--quoteo(post=353077:date=Mar 8 2006, 11:55 PM:name=Guteman)--][div class=\'quotetop\']QUOTE(Guteman @ Mar 8 2006, 11:55 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
No sir it is not, its getting the same thing as above.
[/quote]


my bad

change: <input type='hidden' value='".$id."' />
to: <input type='hidden' name='id' value='".$id."' />
call me a safe bet, i'm betting i'm not

#13 Guteman

Guteman
  • Members
  • PipPipPip
  • Advanced Member
  • 39 posts
  • LocationWisconsin

Posted 09 March 2006 - 12:03 AM

Alright now its getting somewhere, something small is still missing!

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]UPDATE news SET title='SST Website',post='Hello and Welcome to the SST-Website. This is the news script working.',user='Guteman' WHERE id='\".$id.\"'[/quote]

is what i got now

here is the full code (all 1 page)

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
<?

include("config.php");


//If cmd has not been initialized
if(!isset($cmd))
{
//display all the news
$result = mysql_query("select id, title from news order by id");

//run the while loop that grabs all the news scripts
while($r=mysql_fetch_array($result))
{
//grab the title and the ID of the news
$id=$r["id"];//take out the id
$title=$r["title"];//take out the title

//make the title a link
echo "<a href='edit.php?cmd=edit&id=$id'>$title - Edit</a>";
echo "<br>";
}
}
?>
<?
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
if (!isset($_POST["submit"]))
{
$id = $_GET["id"];
$sql = "SELECT * FROM news WHERE id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
?>

<form action="edit.php" method="post">
<input type=hidden name="id" value="<?php echo $myrow["id"] ?>">

Title:<INPUT TYPE="TEXT" NAME="title" VALUE="<?php echo $myrow["title"] ?>" SIZE=30><br>
Message:<TEXTAREA NAME="post" ROWS=10 COLS=30><? echo $myrow["post"] ?></TEXTAREA><br>
Who:<INPUT TYPE="TEXT" NAME="user" VALUE="<?php echo $myrow["user"] ?>" SIZE=30><br>

<input type="hidden" name="cmd" value="edit">
<input type='hidden' name='id' value='".$id."' />
<input type="submit" name="submit" value="submit">

</form>

<? } ?>


<?
if ($_POST["submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];
$id = $_POST["id"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE id='$id'";

print $sql;
die();


//replace news with your table name above
$result = mysql_query($sql);

echo "Thank you! Information updated.";
}
}
?>[/quote]

#14 lessthanthree

lessthanthree
  • Members
  • PipPipPip
  • Advanced Member
  • 85 posts
  • LocationUK

Posted 09 March 2006 - 12:12 AM

lol,

oh dear....my bad again....so sorry..getting late :(

change: <input type='hidden' name='id' value='".$id."' />
to: <input type='hidden' name='id' value='<?php echo $id; ?>' />


call me a safe bet, i'm betting i'm not

#15 Guteman

Guteman
  • Members
  • PipPipPip
  • Advanced Member
  • 39 posts
  • LocationWisconsin

Posted 09 March 2006 - 12:19 AM

Thanks alot with helping me here, it works now! :D Now on to deleting news posts, lol.

#16 lessthanthree

lessthanthree
  • Members
  • PipPipPip
  • Advanced Member
  • 85 posts
  • LocationUK

Posted 09 March 2006 - 12:20 AM

hehe, no worries. Sorry for the errors...i think i should go to sleep :)
call me a safe bet, i'm betting i'm not




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users