quickstopman Posted July 18, 2007 Share Posted July 18, 2007 im trying to make a script that allows a user to edit his or her photos but for some odd reason it doesn't work here is the code: <?php ob_start(); session_start(); include("header.php"); if (isset($_SESSION['username'])) { if (isset($_GET['id']) && is_numeric($_GET['id'])) { $sql = mysql_query("SELECT posted_by FROM images WHERE picID = '{$_GET['id']}'") or die(mysql_error()); if ($sql = $_SESSION['username']) { if(isset($_POST['submit'])) { $title = $_POST['title']; $about = $_POST['about']; $replace = array("<style", "<html>", "<body>", "?>", "<?", "<script", "/script>", "<img", "<embed", "<object", "<%"); $about = str_replace($replace, "...", $about); $title = str_replace($replace, "...", $title); $sql2 = mysql_query("SELECT * FROM images WHERE picID = '". $_GET['id'] ."' "); $row = mysql_fetch_array($sql2); if(empty($about) && empty($title)) { echo "Please Fill in Both the Title, and the About sections of your photo!"; } else { $query = mysql_query("UPDATE images SET `title` = '$title', `about` = '$about' WHERE picID = '{$_GET['id']}'") or die(mysql_error()); } } else { ?> <form action="editphoto?id=<? echo $_GET['id']; ?>" method="POST"> <img src="http://www.pokebash.com/stufolio<? echo $row['photo']; ?>" /><br> <input type="text" name="title" maxlength="32" value="<? echo $row['title']; ?>"><br> <textarea cols="32" rows="10" name="about"><? echo $row['about']; ?></textarea><br> <input type="submit" value="Edit Photo" name="submit"> </form> <? } } else { header("Location:http://www.pokebash.com/stufolio/home"); } } else { header("Location:http://www.pokebash.com/stufolio/home"); } } else { header("Location:http://www.pokebash.com/stufolio/home"); } include("footer.php"); ?> any ideas?!? Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted July 18, 2007 Share Posted July 18, 2007 What doesn't work about it? Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted July 18, 2007 Share Posted July 18, 2007 $sql = mysql_query("SELECT posted_by FROM images WHERE picID = '{$_GET['id']}'") or die(mysql_error()); if ($sql = $_SESSION['username']) { that makes no sense in your case $sql is a mysql_resource and you need to do something with it like mysql_fetch_array or mysql_num_rows for example Quote Link to comment Share on other sites More sharing options...
quickstopman Posted July 18, 2007 Author Share Posted July 18, 2007 oh yeah!! let me try to fix that! Quote Link to comment Share on other sites More sharing options...
quickstopman Posted July 18, 2007 Author Share Posted July 18, 2007 What doesn't work about it? well when you go to the link say editphoto?id=4 (yes i used mod_rewrite) even if the user didn't make this photo it still appears and it also doesn't work either cause it never really seems to check if the user made it and the users image that they uploaded is a broken link **UPDATED VERSION OF THE CODE** <? ob_start(); session_start(); include("header.php"); if (isset($_SESSION['username'])) { if (isset($_GET['id']) && is_numeric($_GET['id'])) { $sql = mysql_query("SELECT * FROM images WHERE picID = '{$_GET['id']}'") or die(mysql_error()); $user = mysql_fetch_array($sql); if ($user['posted_by'] = $_SESSION['username']) { if(isset($_POST['submit'])) { $title = $_POST['title']; $about = $_POST['about']; $replace = array("<style", "<html>", "<body>", "?>", "<?", "<script", "/script>", "<img", "<embed", "<object", "<%"); $about = str_replace($replace, "...", $about); $title = str_replace($replace, "...", $title); $sql2 = mysql_query("SELECT * FROM images WHERE picID = '". $_GET['id'] ."' "); $row = mysql_fetch_array($sql2); if(empty($about) && empty($title)) { echo "Please Fill in Both the Title, and the About sections of your photo!"; } else { $query = mysql_query("UPDATE images SET `title` = '$title', `about` = '$about' WHERE picID = '{$_GET['id']}'") or die(mysql_error()); header("Location:http://www.pokebash.com/stufolio/picture/". $_GET['id']); } } else { ?> <form action="editphoto?id=<? echo $_GET['id']; ?>" method="POST"> <img src="http://www.pokebash.com/stufolio<? echo $row['photo']; ?>" /><br> <input type="text" name="title" maxlength="32" value="<? echo $row['title']; ?>"><br> <textarea cols="32" rows="10" name="about"><? echo $row['about']; ?></textarea><br> <input type="submit" value="Edit Photo" name="submit"> </form> <? } } else { header("Location:http://www.pokebash.com/stufolio/home"); } } else { header("Location:http://www.pokebash.com/stufolio/home"); } } else { header("Location:http://www.pokebash.com/stufolio/home"); } include("footer.php"); ?> Quote Link to comment Share on other sites More sharing options...
quickstopman Posted July 18, 2007 Author Share Posted July 18, 2007 any one have ideas Quote Link to comment Share on other sites More sharing options...
lur Posted July 18, 2007 Share Posted July 18, 2007 if ($user['posted_by'] = $_SESSION['username']) { This is not checking for equality, you are assigning $_SESSION['username'] to $user['posted_by'] thus the statement will always evaluate to TRUE. if ($user['posted_by'] == $_SESSION['username']) { http://php.net/operators.comparison Quote Link to comment Share on other sites More sharing options...
quickstopman Posted July 18, 2007 Author Share Posted July 18, 2007 if ($user['posted_by'] = $_SESSION['username']) { This is not checking for equality, you are assigning $_SESSION['username'] to $user['posted_by'] thus the statement will always evaluate to TRUE. if ($user['posted_by'] == $_SESSION['username']) { http://php.net/operators.comparison yeah i just figured that out Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.