robotman321 Posted January 10, 2008 Share Posted January 10, 2008 now my dilemma is this: my script can pull from my database and show the information in the perspective form, but it won't let me save, i have tried everything i know how to fix ti, but i just cant get it working... any help is appreciated. I am including 2 versions of my script, the secured and unsecured one. Unsecured: <?php // Don't forget to start the session session_start(); // is the one accessing this page logged in or not? if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) { // not logged in, move to login page header('Location: login.php'); exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>Edit an item</title> <meta name="keywords" content="" /> <meta name="description" content="" /> <link href="../default.css" rel="stylesheet" type="text/css" /> <style type="text/css"> <!-- @import url("../layout.css"); --> </style> </head> <body> <div id="wrapper" class="bg1"> <div id="header"> <div id="logo"> </div> <div id="search" class="bg2"> <!--<form id="form1" name="form1" method="get" action=""> <input id="inputtext1" type="text" name="textfield" class="input1" /> <input id="inputsubmit1" type="submit" name="Submit" value="Submit" class="submit1" /> </form>--> </div> </div> <!-- end #header --> <?php include("../includes/navtop.php"); ?> <!-- end #menu --> <div id="page" class="bg4"> <div class="bg5"> <div class="bg6" style="padding: 0px 0px 50px 0px;"> <div id="rightbar"> <?php include("../includes/login.php");?> <?php include("../includes/articles.php");?> <?php include("../includes/additions.php"); ?> </div> <!-- end #rightbar --> <div id="content"> <div id="box2"> <div class="title bg8"> <h2 class="text1">Edit an Item</h2> </div> <?php include '../connect/config.php'; include '../connect/itemopendb.php'; if(isset($_GET['id'])) { $query = "SELECT id, name, picture, examine, operate, ituse, members, stats, quest, halch, lalch, gstore, submitted, found ". "FROM item ". "WHERE id = '{$_GET['id']}'"; $result = mysql_query($query) or die('Error : ' . mysql_error()); list($id, $name, $picture, $examine, $operate, $ituse, $members, $stats, $quest, $halch, $lalch, $gstore, $submitted, $found) = mysql_fetch_array($result, MYSQL_NUM); $title = htmlspecialchars($title); $name = htmlspecialchars($name); $picture = htmlspecialchars($picture); $examine = htmlspecialchars($examine); $operate = htmlspecialchars($operate); $ituse = htmlspecialchars($ituse); $members = htmlspecialchars($members); $quest = htmlspecialchars($quest); $stats = htmlspecialchars($stats); $halch = htmlspecialchars($halch); $lalch = htmlspecialchars($lalch); $gstore = htmlspecialchars($gstore); $submitted = htmlspecialchars($submitted); $found = htmlspecialchars($found); } else if(isset($_POST['save'])) { $id = $_POST['id']; $name = $_POST['name']; $picture = $_POST['picture']; $examine = $_POST['examine']; $operate = $_POST['operate']; $ituse = $_POST['ituse']; $members = $_POST['members']; $quest = $_POST['quest']; $stats = $_POST['stats']; $halch = $_POST['halch']; $lalch = $_POST['lalch']; $gstore = $_POST['gstore']; $submitted = $_POST['submitted']; $found = $_POST['found']; if(!get_magic_quotes_gpc()) { $id = addslashes($id); $title = addslashes($title); $name = addslashes($name); $picture = addslashes($picture); $examine = addslashes($examine); $operate = addslashes($operate); $ituse = addslashes($ituse); $members = addslashes($members); $quest = addslashes($quest); $stats = addslashes($stats); $halch = addslashes($halch); $lalch = addslashes($lalch); $gstore = addslashes($gstore); $submitted = addslashes($submitted); $found = addslashes($found); } // update the item in the database $query = "UPDATE item ". "SET name='$name', picture='$picture', examine='$examine', operate='$operate', ituse='$ituse', members='$members', stats='$stats', quest='$quest', halch='$halch', lalch='$lalch', gstore='$gstore', submitted='$submitted', found='$found' ". "WHERE id='$id'"; mysql_query($query) or die('Error : ' . mysql_error()); // then remove the cached file $cacheDir = dirname(__FILE__) . '/cache/'; $cacheFile = $cacheDir . '_' . $_GET['id'] . '.html'; @unlink($cacheFile); // and remove the index.html too because the file list // is changed @unlink($cacheDir . 'index.html'); echo "Item '$name' updated"; // now we will display $title & content // so strip out any slashes $name = stripslashes($name); $picture = stripslashes($picture); $examine = stripslashes($examine); $operate = stripslashes($operate); $ituse = stripslashes($ituse); $members = stripslashes($members); $quest = stripslashes($quest); $stats = stripslashes($stats); $halch = stripslashes($halch); $lalch = stripslashes($lalch); $gstore = stripslashes($gstore); $submitted = stripslashes($submitted); $found = stripslashes($found); } include '../connect/closedb.php'; ?> <form method="post"> <input type="hidden" name="id" value="<?=$id;?>"> <table width="450" border="0" cellpadding="2" cellspacing="1" class="box" align="center"> <tr> <td width="100">Item Name</td> <td><input name="name" type="text" class="box" id="title" value="<?=$name;?>"></td> </tr> <tr> <td width="100">Picture Link</td> <td><input name="picture" type="text" class="box" id="picture" size="25" value="<?=$picture;?>"></td> </tr> <tr> <tr> <td width="100">Examine Info</td> <td><textarea name="examine" cols="50" rows="5" class="box" id="examine"><?=$examine;?></textarea></td> </tr> <tr> <td width="100">Operate</td> <td><input name="operate" type="text" class="box" id="operate" size="25" value="<?=$operate;?>"></td> </tr> <tr> <td width="100">Use</td> <td><input name="ituse" type="text" class="box" id="ituse" size="25" value="<?=$ituse;?>"></td> </tr> <tr> <td width="100">Members <br />(Yes/No)</td> <td><input name="members" type="text" class="box" id="members" size="25" maxlength="3" value="<?=$members;?>"></td> </tr> <tr> <td width="100">Stats</td> <td><textarea name="stats" cols="50" rows="5" class="box" id="stats"><?=$stats;?></textarea></td> </tr> <tr> <td width="100">Quest <br />(Yes/No)</td> <td><input name="quest" type="text" class="box" id="quest" size="25" value="<?=$quest;?>"></td> </tr> <tr> <td width="100">High Alch</td> <td><input name="halch" type="text" class="box" id="halch" size="25" value="<?=$halch;?>"> </td> </tr> <tr> <td width="100">Low Alch</td> <td><input name="lalch" type="text" class="box" id="lalch" size="25" value="<?=$lalch;?>"></td> </tr> <tr> <td width="100">Gen. Store Price</td> <td><input name="gstore" type="text" class="box" id="gstore" size="25" value="<?=$gstore;?>"></td> </tr> <tr> <td width="100">Submitted By</td> <td><input name="submitted" type="text" class="box" id="submitted" size="25" value="<?=$submitted;?>"></td> </tr> <tr> <td width="100">Found</td> <td><textarea name="found" cols="50" rows="5" class="box" id="found"><?=$found;?></textarea></td> </tr> <tr> <td width="100"> </td> <td> </td> </tr> <tr> <td colspan="2" align="center"><input name="save" type="submit" class="submit2" id="save" value="Update Article"></td> </tr> </table> <p align="center"><a href="edititem.php">Back to edit page</a></p> </form> </div> <!-- end #box2 --> </div> <!-- end #content --> <div id="leftbar"> <div id="box6"> <?php include("editorsnavigation.php"); ?> </div> <center><a href="logout.php"><h1>Logout</h1></a></center> </div> <!-- end #leftbar --> <div style="clear: both;"> </div> </div> </div> </div> </div> <!-- end #wrapper --> <?php include("../includes/footer.php"); ?> </body> </html> Secured: <?php // Don't forget to start the session session_start(); // is the one accessing this page logged in or not? if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) { // not logged in, move to login page header('Location: login.php'); exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>Edit an item</title> <meta name="keywords" content="" /> <meta name="description" content="" /> <link href="../default.css" rel="stylesheet" type="text/css" /> <style type="text/css"> <!-- @import url("../layout.css"); --> </style> </head> <body> <div id="wrapper" class="bg1"> <div id="header"> <div id="logo"> </div> <div id="search" class="bg2"> <!--<form id="form1" name="form1" method="get" action=""> <input id="inputtext1" type="text" name="textfield" class="input1" /> <input id="inputsubmit1" type="submit" name="Submit" value="Submit" class="submit1" /> </form>--> </div> </div> <!-- end #header --> <?php include("../includes/navtop.php"); ?> <!-- end #menu --> <div id="page" class="bg4"> <div class="bg5"> <div class="bg6" style="padding: 0px 0px 50px 0px;"> <div id="rightbar"> <?php include("../includes/login.php");?> <?php include("../includes/articles.php");?> <?php include("../includes/additions.php"); ?> </div> <!-- end #rightbar --> <div id="content"> <div id="box2"> <div class="title bg8"> <h2 class="text1">Edit an Item</h2> </div> <?php include '../connect/config.php'; include '../connect/itemopendb.php'; if(isset($_GET['id'])) { $query = "SELECT id, name, picture, examine, operate, ituse, members, stats, quest, halch, lalch, gstore, submitted, found ". "FROM item ". "WHERE id = '{$_GET['id']}'"; $result = mysql_query($query) or die('Error : ' . mysql_error()); list($id, $name, $picture, $examine, $operate, $ituse, $members, $stats, $quest, $halch, $lalch, $gstore, $submitted, $found) = mysql_fetch_array($result, MYSQL_NUM); $title = htmlspecialchars($title); $name = htmlspecialchars($name); $picture = htmlspecialchars($picture); $examine = htmlspecialchars($examine); $operate = htmlspecialchars($operate); $ituse = htmlspecialchars($ituse); $members = htmlspecialchars($members); $quest = htmlspecialchars($quest); $stats = htmlspecialchars($stats); $halch = htmlspecialchars($halch); $lalch = htmlspecialchars($lalch); $gstore = htmlspecialchars($gstore); $submitted = htmlspecialchars($submitted); $found = htmlspecialchars($found); } else if(isset($_POST['save'])) { $id = $_POST['id']; $name = $_POST['name']; $picture = $_POST['picture']; $examine = $_POST['examine']; $operate = $_POST['operate']; $ituse = $_POST['ituse']; $members = $_POST['members']; $quest = $_POST['quest']; $stats = $_POST['stats']; $halch = $_POST['halch']; $lalch = $_POST['lalch']; $gstore = $_POST['gstore']; $submitted = $_POST['submitted']; $found = $_POST['found']; if(!get_magic_quotes_gpc()) { $id = addslashes($id); $title = addslashes($title); $name = addslashes($name); $picture = addslashes($picture); $examine = addslashes($examine); $operate = addslashes($operate); $ituse = addslashes($ituse); $members = addslashes($members); $quest = addslashes($quest); $stats = addslashes($stats); $halch = addslashes($halch); $lalch = addslashes($lalch); $gstore = addslashes($gstore); $submitted = addslashes($submitted); $found = addslashes($found); } // update the item in the database $query = 'UPDATE item SET name=\'' . mysql_escape_string($_POST['name']) . '\', picture=\'' . mysql_escape_string($_POST['picture']) . '\', examine=\'' . mysql_escape_string($_POST['examine']) . '\', operate=\'' . mysql_escape_string($_POST['operate']) . '\', ituse=\'' . mysql_escape_string($_POST['ituse']) . '\', members=\'' . mysql_escape_string($_POST['members']) . '\', stats=\'' . mysql_escape_string($_POST['stats']) . '\', quest=\'' . mysql_escape_string($_POST['quest']) . '\', halch=\'' . mysql_escape_string($_POST['halch']) . '\', lalch=\'' . mysql_escape_string($_POST['lalch']) . '\', gstore=\'' . mysql_escape_string($_POST['gstore']) . '\', submitted=\'' . mysql_escape_string($_POST['submitted']) . '\', found=\'' . mysql_escape_string($_POST['found']) . 'WHERE id=' . $_POST['id'] . ''; mysql_query($query) or die('Error : ' . mysql_error()); echo "Item '$name' updated"; // now we will display $title & content // so strip out any slashes $name = stripslashes($name); $picture = stripslashes($picture); $examine = stripslashes($examine); $operate = stripslashes($operate); $ituse = stripslashes($ituse); $members = stripslashes($members); $quest = stripslashes($quest); $stats = stripslashes($stats); $halch = stripslashes($halch); $lalch = stripslashes($lalch); $gstore = stripslashes($gstore); $submitted = stripslashes($submitted); $found = stripslashes($found); } include '../connect/closedb.php'; ?> <form method="post"> <input type="hidden" name="id" value="<?=$id;?>"> <table width="450" border="0" cellpadding="2" cellspacing="1" class="box" align="center"> <tr> <td width="100">Item Name</td> <td><input name="name" type="text" class="box" id="title" value="<?=$name;?>"></td> </tr> <tr> <td width="100">Picture Link</td> <td><input name="picture" type="text" class="box" id="picture" size="25" value="<?=$picture;?>"></td> </tr> <tr> <tr> <td width="100">Examine Info</td> <td><textarea name="examine" cols="50" rows="5" class="box" id="examine"><?=$examine;?></textarea></td> </tr> <tr> <td width="100">Operate</td> <td><input name="operate" type="text" class="box" id="operate" size="25" value="<?=$operate;?>"></td> </tr> <tr> <td width="100">Use</td> <td><input name="ituse" type="text" class="box" id="ituse" size="25" value="<?=$ituse;?>"></td> </tr> <tr> <td width="100">Members <br />(Yes/No)</td> <td><input name="members" type="text" class="box" id="members" size="25" maxlength="3" value="<?=$members;?>"></td> </tr> <tr> <td width="100">Stats</td> <td><textarea name="stats" cols="50" rows="5" class="box" id="stats"><?=$stats;?></textarea></td> </tr> <tr> <td width="100">Quest <br />(Yes/No)</td> <td><input name="quest" type="text" class="box" id="quest" size="25" value="<?=$quest;?>"></td> </tr> <tr> <td width="100">High Alch</td> <td><input name="halch" type="text" class="box" id="halch" size="25" value="<?=$halch;?>"> </td> </tr> <tr> <td width="100">Low Alch</td> <td><input name="lalch" type="text" class="box" id="lalch" size="25" value="<?=$lalch;?>"></td> </tr> <tr> <td width="100">Gen. Store Price</td> <td><input name="gstore" type="text" class="box" id="gstore" size="25" value="<?=$gstore;?>"></td> </tr> <tr> <td width="100">Submitted By</td> <td><input name="submitted" type="text" class="box" id="submitted" size="25" value="<?=$submitted;?>"></td> </tr> <tr> <td width="100">Found</td> <td><textarea name="found" cols="50" rows="5" class="box" id="found"><?=$found;?></textarea></td> </tr> <tr> <td width="100"> </td> <td> </td> </tr> <tr> <td colspan="2" align="center"><input name="save" type="submit" class="submit2" id="save" value="Update Article"></td> </tr> </table> <p align="center"><a href="edititem.php">Back to edit page</a></p> </form> </div> <!-- end #box2 --> </div> <!-- end #content --> <div id="leftbar"> <div id="box6"> <?php include("editorsnavigation.php"); ?> </div> <center><a href="logout.php"><h1>Logout</h1></a></center> </div> <!-- end #leftbar --> <div style="clear: both;"> </div> </div> </div> </div> </div> <!-- end #wrapper --> <?php include("../includes/footer.php"); ?> </body> </html> Both do the same thing and work the same way, am i coding it wrong? because it doesn't want to update the table. I have exhausted everything i can do and any ANY help is appreciated greatly! Quote Link to comment https://forums.phpfreaks.com/topic/85320-solved-need-help-with-this-edit-script/ Share on other sites More sharing options...
rajivgonsalves Posted January 10, 2008 Share Posted January 10, 2008 your if statement is wrong else if(isset($_POST['save'])) should be your first if Quote Link to comment https://forums.phpfreaks.com/topic/85320-solved-need-help-with-this-edit-script/#findComment-435369 Share on other sites More sharing options...
robotman321 Posted January 10, 2008 Author Share Posted January 10, 2008 i forgot the '\' after i fixed it up, thanks so much, gotta love simple mistakes Quote Link to comment https://forums.phpfreaks.com/topic/85320-solved-need-help-with-this-edit-script/#findComment-435372 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.