quickstopman Posted July 18, 2007 Share Posted July 18, 2007 im trying to make a script that allows a user to edit his or her photos but for some odd reason it doesn't work here is the code: <?php ob_start(); session_start(); include("header.php"); if (isset($_SESSION['username'])) { if (isset($_GET['id']) && is_numeric($_GET['id'])) { $sql = mysql_query("SELECT posted_by FROM images WHERE picID = '{$_GET['id']}'") or die(mysql_error()); if ($sql = $_SESSION['username']) { if(isset($_POST['submit'])) { $title = $_POST['title']; $about = $_POST['about']; $replace = array("<style", "<html>", "<body>", "?>", "<?", "<script", "/script>", "<img", "<embed", "<object", "<%"); $about = str_replace($replace, "...", $about); $title = str_replace($replace, "...", $title); $sql2 = mysql_query("SELECT * FROM images WHERE picID = '". $_GET['id'] ."' "); $row = mysql_fetch_array($sql2); if(empty($about) && empty($title)) { echo "Please Fill in Both the Title, and the About sections of your photo!"; } else { $query = mysql_query("UPDATE images SET `title` = '$title', `about` = '$about' WHERE picID = '{$_GET['id']}'") or die(mysql_error()); } } else { ?> <form action="editphoto?id=<? echo $_GET['id']; ?>" method="POST"> <img src="http://www.pokebash.com/stufolio<? echo $row['photo']; ?>" /><br> <input type="text" name="title" maxlength="32" value="<? echo $row['title']; ?>"><br> <textarea cols="32" rows="10" name="about"><? echo $row['about']; ?></textarea><br> <input type="submit" value="Edit Photo" name="submit"> </form> <? } } else { header("Location:http://www.pokebash.com/stufolio/home"); } } else { header("Location:http://www.pokebash.com/stufolio/home"); } } else { header("Location:http://www.pokebash.com/stufolio/home"); } include("footer.php"); ?> any ideas?!? Link to comment https://forums.phpfreaks.com/topic/60489-solved-script-not-working/ Share on other sites More sharing options...
pocobueno1388 Posted July 18, 2007 Share Posted July 18, 2007 What doesn't work about it? Link to comment https://forums.phpfreaks.com/topic/60489-solved-script-not-working/#findComment-300893 Share on other sites More sharing options...
cooldude832 Posted July 18, 2007 Share Posted July 18, 2007 $sql = mysql_query("SELECT posted_by FROM images WHERE picID = '{$_GET['id']}'") or die(mysql_error()); if ($sql = $_SESSION['username']) { that makes no sense in your case $sql is a mysql_resource and you need to do something with it like mysql_fetch_array or mysql_num_rows for example Link to comment https://forums.phpfreaks.com/topic/60489-solved-script-not-working/#findComment-300898 Share on other sites More sharing options...
quickstopman Posted July 18, 2007 Author Share Posted July 18, 2007 oh yeah!! let me try to fix that! Link to comment https://forums.phpfreaks.com/topic/60489-solved-script-not-working/#findComment-300901 Share on other sites More sharing options...
quickstopman Posted July 18, 2007 Author Share Posted July 18, 2007 What doesn't work about it? well when you go to the link say editphoto?id=4 (yes i used mod_rewrite) even if the user didn't make this photo it still appears and it also doesn't work either cause it never really seems to check if the user made it and the users image that they uploaded is a broken link **UPDATED VERSION OF THE CODE** <? ob_start(); session_start(); include("header.php"); if (isset($_SESSION['username'])) { if (isset($_GET['id']) && is_numeric($_GET['id'])) { $sql = mysql_query("SELECT * FROM images WHERE picID = '{$_GET['id']}'") or die(mysql_error()); $user = mysql_fetch_array($sql); if ($user['posted_by'] = $_SESSION['username']) { if(isset($_POST['submit'])) { $title = $_POST['title']; $about = $_POST['about']; $replace = array("<style", "<html>", "<body>", "?>", "<?", "<script", "/script>", "<img", "<embed", "<object", "<%"); $about = str_replace($replace, "...", $about); $title = str_replace($replace, "...", $title); $sql2 = mysql_query("SELECT * FROM images WHERE picID = '". $_GET['id'] ."' "); $row = mysql_fetch_array($sql2); if(empty($about) && empty($title)) { echo "Please Fill in Both the Title, and the About sections of your photo!"; } else { $query = mysql_query("UPDATE images SET `title` = '$title', `about` = '$about' WHERE picID = '{$_GET['id']}'") or die(mysql_error()); header("Location:http://www.pokebash.com/stufolio/picture/". $_GET['id']); } } else { ?> <form action="editphoto?id=<? echo $_GET['id']; ?>" method="POST"> <img src="http://www.pokebash.com/stufolio<? echo $row['photo']; ?>" /><br> <input type="text" name="title" maxlength="32" value="<? echo $row['title']; ?>"><br> <textarea cols="32" rows="10" name="about"><? echo $row['about']; ?></textarea><br> <input type="submit" value="Edit Photo" name="submit"> </form> <? } } else { header("Location:http://www.pokebash.com/stufolio/home"); } } else { header("Location:http://www.pokebash.com/stufolio/home"); } } else { header("Location:http://www.pokebash.com/stufolio/home"); } include("footer.php"); ?> Link to comment https://forums.phpfreaks.com/topic/60489-solved-script-not-working/#findComment-300905 Share on other sites More sharing options...
quickstopman Posted July 18, 2007 Author Share Posted July 18, 2007 any one have ideas Link to comment https://forums.phpfreaks.com/topic/60489-solved-script-not-working/#findComment-301004 Share on other sites More sharing options...
lur Posted July 18, 2007 Share Posted July 18, 2007 if ($user['posted_by'] = $_SESSION['username']) { This is not checking for equality, you are assigning $_SESSION['username'] to $user['posted_by'] thus the statement will always evaluate to TRUE. if ($user['posted_by'] == $_SESSION['username']) { http://php.net/operators.comparison Link to comment https://forums.phpfreaks.com/topic/60489-solved-script-not-working/#findComment-301083 Share on other sites More sharing options...
quickstopman Posted July 18, 2007 Author Share Posted July 18, 2007 if ($user['posted_by'] = $_SESSION['username']) { This is not checking for equality, you are assigning $_SESSION['username'] to $user['posted_by'] thus the statement will always evaluate to TRUE. if ($user['posted_by'] == $_SESSION['username']) { http://php.net/operators.comparison yeah i just figured that out Link to comment https://forums.phpfreaks.com/topic/60489-solved-script-not-working/#findComment-301663 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.