Jump to content

Archived

This topic is now archived and is closed to further replies.

Guteman

News Script Issue

Recommended Posts

Okay so now I got all the fields to show up correctly, now when I click submit to change a news post, nothing changes in the news! Ima need someones help again.




Here is the code again.

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]<?

include("config.php");


//If cmd has not been initialized
if(!isset($cmd))
{
//display all the news
$result = mysql_query("select id, title from news order by id");

//run the while loop that grabs all the news scripts
while($r=mysql_fetch_array($result))
{
//grab the title and the ID of the news
$id=$r["id"];//take out the id
$title=$r["title"];//take out the title

//make the title a link
echo "<a href='edit.php?cmd=edit&id=$id'>$title - Edit</a>";
echo "<br>";
}
}
?>
<?
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
if (!isset($_POST["submit"]))
{
$id = $_GET["id"];
$sql = "SELECT * FROM news WHERE id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
?>

<form action="edit.php" method="post">
<input type=hidden name="id" value="<?php echo $myrow["id"] ?>">

Title:<INPUT TYPE="TEXT" NAME="title" VALUE="<?php echo $myrow["title"] ?>" SIZE=30><br>
Message:<TEXTAREA NAME="post" ROWS=10 COLS=30><? echo $myrow["post"] ?></TEXTAREA><br>
Who:<INPUT TYPE="TEXT" NAME="user" VALUE="<?php echo $myrow["user"] ?>" SIZE=30><br>

<input type="hidden" name="cmd" value="edit">

<input type="submit" name="submit" value="submit">

</form>

<? } ?>
<?
if ($_POST["$submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE id='$id'";
//replace news with your table name above
$result = mysql_query($sql);
echo "Thank you! Information updated.";
}
}
?>[/quote]

Share this post


Link to post
Share on other sites
if ($_POST["$submit"])

should be if ($_POST["submit"])

for good measure, i'd do: if (isset($_POST["submit"]))

Just to add, you having some security flaws in there that open your site up to sql injection. You should clean the values to make them as injection proof as possible.

look at using functions like addslashes() to protect your site from malicious attacks.

Share this post


Link to post
Share on other sites
[!--quoteo(post=353050:date=Mar 8 2006, 04:57 PM:name=lessthanthree)--][div class=\'quotetop\']QUOTE(lessthanthree @ Mar 8 2006, 04:57 PM) [snapback]353050[/snapback][/div][div class=\'quotemain\'][!--quotec--]
if ($_POST["$submit"])

should be if ($_POST["submit"])

for good measure, i'd do: if (isset($_POST["submit"]))

Just to add, you having some security flaws in there that open your site up to sql injection. You should clean the values to make them as injection proof as possible.

look at using functions like addslashes() to protect your site from malicious attacks.
[/quote]

This did not fix it :(

Share this post


Link to post
Share on other sites
[!--quoteo(post=353055:date=Mar 8 2006, 11:08 PM:name=Guteman)--][div class=\'quotetop\']QUOTE(Guteman @ Mar 8 2006, 11:08 PM) [snapback]353055[/snapback][/div][div class=\'quotemain\'][!--quotec--]
This did not fix it :(
[/quote]

Time to print some debug stuff then.

Can you print the sql out directly under where you defined it.

This will print your query to the page and you can see any errors / missing values that may be occuring.

I have a feeling your $id variable that is used in the final sql statement is empty becuase it is set with $id = $_GET["id"] that is only done if submit is not set. When your sql statement is run, $id will not be set as the form has been submitted.

Hope that makes sense :S

Share this post


Link to post
Share on other sites
lol sorry It doesnt make sense to me :( Is there any other way you can put it?

Share this post


Link to post
Share on other sites
replace

[code]
<?
if ($_POST["$submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE id='$id'";
//replace news with your table name above
$result = mysql_query($sql);
echo "Thank you! Information updated.";
}
}
?>
[/code]

with
[code]
<?
if ($_POST["submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE id='$id'";

print $sql;
die();


//replace news with your table name above
$result = mysql_query($sql);

echo "Thank you! Information updated.";
}
}
?>
[/code]
and paste the sql that outputs to your page

Share this post


Link to post
Share on other sites
I do believe you are right.. Heres what I got:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]UPDATE news SET title='SST Website',post='Hello and Welcome to the SST-',user='Guteman' WHERE id=''[/quote]

How do I go about defining the id variable?

Share this post


Link to post
Share on other sites
to keep your page structure as it is at the moment...

add a field to your form (edit)

<input type='hidden' value='".$id."' />

then change this

$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];

to

$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];
$id = $_POST["id"];

Share this post


Link to post
Share on other sites
ugh this is frusterating me. A question I have is in php myadmin its said as ID not id... is all this case sensitive? Do you see something wrong I did. Thanks very much for your help so far.

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
<?

include("config.php");


//If cmd has not been initialized
if(!isset($cmd))
{
//display all the news
$result = mysql_query("select id, title from news order by id");

//run the while loop that grabs all the news scripts
while($r=mysql_fetch_array($result))
{
//grab the title and the ID of the news
$id=$r["id"];//take out the id
$title=$r["title"];//take out the title

//make the title a link
echo "<a href='edit.php?cmd=edit&id=$id'>$title - Edit</a>";
echo "<br>";
}
}
?>
<?
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
if (!isset($_POST["submit"]))
{
$id = $_GET["id"];
$sql = "SELECT * FROM news WHERE id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
?>

<form action="edit.php" method="post">
<input type=hidden name="id" value="<?php echo $myrow["id"] ?>">

Title:<INPUT TYPE="TEXT" NAME="title" VALUE="<?php echo $myrow["title"] ?>" SIZE=30><br>
Message:<TEXTAREA NAME="post" ROWS=10 COLS=30><? echo $myrow["post"] ?></TEXTAREA><br>
Who:<INPUT TYPE="TEXT" NAME="user" VALUE="<?php echo $myrow["user"] ?>" SIZE=30><br>

<input type="hidden" name="cmd" value="edit">
<input type='hidden' value='".$id."' />
<input type="submit" name="submit" value="submit">

</form>

<? } ?>


<?
if ($_POST["submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];
$id = $_POST["id"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE ID='$id'";

print $sql;
die();


//replace news with your table name above
$result = mysql_query($sql);

echo "Thank you! Information updated.";
}
}
?>
[/quote]

Share this post


Link to post
Share on other sites
[!--quoteo(post=353075:date=Mar 8 2006, 11:49 PM:name=Guteman)--][div class=\'quotetop\']QUOTE(Guteman @ Mar 8 2006, 11:49 PM) [snapback]353075[/snapback][/div][div class=\'quotemain\'][!--quotec--]
ugh this is frusterating me. A question I have is in php myadmin its said as ID not id... is all this case sensitive? Do you see something wrong I did. Thanks very much for your help so far.
[/quote]


Is the print $sql now showing a value for $id?

If it is you can take the die(); function out....

Share this post


Link to post
Share on other sites
[!--quoteo(post=353077:date=Mar 8 2006, 11:55 PM:name=Guteman)--][div class=\'quotetop\']QUOTE(Guteman @ Mar 8 2006, 11:55 PM) [snapback]353077[/snapback][/div][div class=\'quotemain\'][!--quotec--]
No sir it is not, its getting the same thing as above.
[/quote]


my bad

change: <input type='hidden' value='".$id."' />
to: <input type='hidden' name='id' value='".$id."' />

Share this post


Link to post
Share on other sites
Alright now its getting somewhere, something small is still missing!

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]UPDATE news SET title='SST Website',post='Hello and Welcome to the SST-Website. This is the news script working.',user='Guteman' WHERE id='\".$id.\"'[/quote]

is what i got now

here is the full code (all 1 page)

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
<?

include("config.php");


//If cmd has not been initialized
if(!isset($cmd))
{
//display all the news
$result = mysql_query("select id, title from news order by id");

//run the while loop that grabs all the news scripts
while($r=mysql_fetch_array($result))
{
//grab the title and the ID of the news
$id=$r["id"];//take out the id
$title=$r["title"];//take out the title

//make the title a link
echo "<a href='edit.php?cmd=edit&id=$id'>$title - Edit</a>";
echo "<br>";
}
}
?>
<?
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
if (!isset($_POST["submit"]))
{
$id = $_GET["id"];
$sql = "SELECT * FROM news WHERE id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
?>

<form action="edit.php" method="post">
<input type=hidden name="id" value="<?php echo $myrow["id"] ?>">

Title:<INPUT TYPE="TEXT" NAME="title" VALUE="<?php echo $myrow["title"] ?>" SIZE=30><br>
Message:<TEXTAREA NAME="post" ROWS=10 COLS=30><? echo $myrow["post"] ?></TEXTAREA><br>
Who:<INPUT TYPE="TEXT" NAME="user" VALUE="<?php echo $myrow["user"] ?>" SIZE=30><br>

<input type="hidden" name="cmd" value="edit">
<input type='hidden' name='id' value='".$id."' />
<input type="submit" name="submit" value="submit">

</form>

<? } ?>


<?
if ($_POST["submit"])
{
$title = $_POST["title"];
$post = $_POST["post"];
$user = $_POST["user"];
$id = $_POST["id"];

$sql = "UPDATE news SET title='$title',post='$post',user='$user' WHERE id='$id'";

print $sql;
die();


//replace news with your table name above
$result = mysql_query($sql);

echo "Thank you! Information updated.";
}
}
?>[/quote]

Share this post


Link to post
Share on other sites
lol,

oh dear....my bad again....so sorry..getting late :(

change: <input type='hidden' name='id' value='".$id."' />
to: <input type='hidden' name='id' value='<?php echo $id; ?>' />

Share this post


Link to post
Share on other sites
Thanks alot with helping me here, it works now! :D Now on to deleting news posts, lol.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.