Jump to content

[SOLVED] need help with this edit script

robotman321

By robotman321
in PHP Coding Help

 Share

Recommended Posts

robotman321 Newbie

robotman321

Posted
Posted

now my dilemma is this: my script can pull from my database and show the information in the perspective form, but it won't let me save, i have tried everything i know how to fix ti, but i just cant get it working... any help is appreciated. I am including 2 versions of my script, the secured and unsecured one.

 

Unsecured:

<?php
// Don't forget to start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Edit an item</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="../default.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
@import url("../layout.css");
-->
</style>
</head>
<body>
<div id="wrapper" class="bg1">
<div id="header">
	<div id="logo">

	</div>
	<div id="search" class="bg2">
		<!--<form id="form1" name="form1" method="get" action="">
			<input id="inputtext1" type="text" name="textfield" class="input1" />
			<input id="inputsubmit1" type="submit" name="Submit" value="Submit" class="submit1" />
		</form>-->
	</div>
</div>
<!-- end #header -->
	<?php include("../includes/navtop.php"); ?>
<!-- end #menu -->
<div id="page" class="bg4">
	<div class="bg5">
		<div class="bg6" style="padding: 0px 0px 50px 0px;">
			<div id="rightbar">
				<?php include("../includes/login.php");?>
				<?php include("../includes/articles.php");?>
				<?php include("../includes/additions.php"); ?>
			</div>
			<!-- end #rightbar -->
			<div id="content">
				<div id="box2">
					<div class="title bg8">
						<h2 class="text1">Edit an Item</h2>
                            </div>
<?php
include '../connect/config.php';
include '../connect/itemopendb.php';

if(isset($_GET['id']))
{
   $query  = "SELECT id, name, picture, examine, operate, ituse, members, stats, quest, halch, lalch, gstore, submitted, found ".
             "FROM item ".
             "WHERE id = '{$_GET['id']}'";
   $result = mysql_query($query) or die('Error : ' . mysql_error());
   list($id, $name, $picture, $examine, $operate, $ituse, $members, $stats, $quest, $halch, $lalch, $gstore, $submitted, $found) = mysql_fetch_array($result,                                                    MYSQL_NUM);

   		$title = htmlspecialchars($title);
		$name = htmlspecialchars($name);
	$picture = htmlspecialchars($picture);
	$examine = htmlspecialchars($examine);
	$operate = htmlspecialchars($operate);
	$ituse = htmlspecialchars($ituse);
	$members = htmlspecialchars($members);
	$quest = htmlspecialchars($quest);
	$stats = htmlspecialchars($stats);
	$halch = htmlspecialchars($halch);
	$lalch = htmlspecialchars($lalch);
	$gstore = htmlspecialchars($gstore);
	$submitted = htmlspecialchars($submitted);
	$found = htmlspecialchars($found);
}
else if(isset($_POST['save']))
{
$id = $_POST['id'];
$name = $_POST['name'];
$picture = $_POST['picture'];
$examine = $_POST['examine'];
$operate = $_POST['operate'];
$ituse = $_POST['ituse'];
$members = $_POST['members'];
$quest = $_POST['quest'];
$stats = $_POST['stats'];
$halch = $_POST['halch'];
$lalch = $_POST['lalch'];
$gstore = $_POST['gstore'];
$submitted = $_POST['submitted'];
$found = $_POST['found'];

   if(!get_magic_quotes_gpc())
   {
   		$id = addslashes($id);
      	$title = addslashes($title);
		$name = addslashes($name);
	$picture = addslashes($picture);
	$examine = addslashes($examine);
	$operate = addslashes($operate);
	$ituse = addslashes($ituse);
	$members = addslashes($members);
	$quest = addslashes($quest);
	$stats = addslashes($stats);
	$halch = addslashes($halch);
	$lalch = addslashes($lalch);
	$gstore = addslashes($gstore);
	$submitted = addslashes($submitted);
	$found = addslashes($found);
   }

   // update the item in the database
   $query = "UPDATE item ".
            "SET name='$name', picture='$picture', examine='$examine', operate='$operate', ituse='$ituse', members='$members', stats='$stats', quest='$quest', halch='$halch', lalch='$lalch', gstore='$gstore', submitted='$submitted', found='$found' ".
            "WHERE id='$id'";
   mysql_query($query) or die('Error : ' . mysql_error());

   // then remove the cached file
   $cacheDir = dirname(__FILE__) . '/cache/';
   $cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';

   @unlink($cacheFile);

   // and remove the index.html too because the file list
   // is changed
   @unlink($cacheDir . 'index.html');

   echo "Item '$name' updated";

   // now we will display $title & content
   // so strip out any slashes
  		$name    = stripslashes($name);
	$picture = stripslashes($picture);
	$examine = stripslashes($examine);
	$operate = stripslashes($operate);
	$ituse     = stripslashes($ituse);
	$members = stripslashes($members);
	$quest   = stripslashes($quest);
	$stats   = stripslashes($stats);
	$halch   = stripslashes($halch);
	$lalch   = stripslashes($lalch);
	$gstore  = stripslashes($gstore);
	$submitted = stripslashes($submitted);
	$found   = stripslashes($found);
}

include '../connect/closedb.php';
?>
<form method="post">
<input type="hidden" name="id" value="<?=$id;?>">
<table width="450" border="0" cellpadding="2" cellspacing="1" class="box" align="center">
<tr>
<td width="100">Item Name</td>
<td><input name="name" type="text" class="box" id="title" value="<?=$name;?>"></td>
</tr>
<tr> 
<td width="100">Picture Link</td>
<td><input name="picture" type="text" class="box" id="picture" size="25" value="<?=$picture;?>"></td>
</tr>
<tr>
<tr> 
<td width="100">Examine Info</td>
<td><textarea name="examine" cols="50" rows="5" class="box" id="examine"><?=$examine;?></textarea></td>
</tr>
<tr> 
<td width="100">Operate</td>
<td><input name="operate" type="text" class="box" id="operate" size="25" value="<?=$operate;?>"></td>
</tr>
<tr> 
<td width="100">Use</td>
<td><input name="ituse" type="text" class="box" id="ituse" size="25" value="<?=$ituse;?>"></td>
</tr>
<tr> 
<td width="100">Members <br />(Yes/No)</td>
<td><input name="members" type="text" class="box" id="members" size="25" maxlength="3" value="<?=$members;?>"></td>
</tr>
<tr> 
<td width="100">Stats</td>
<td><textarea name="stats" cols="50" rows="5" class="box" id="stats"><?=$stats;?></textarea></td>
</tr>
<tr> 
<td width="100">Quest <br />(Yes/No)</td>
<td><input name="quest" type="text" class="box" id="quest" size="25" value="<?=$quest;?>"></td>
</tr>
<tr> 
<td width="100">High Alch</td>
<td><input name="halch" type="text" class="box" id="halch" size="25" value="<?=$halch;?>">
</td>
</tr>
<tr> 
<td width="100">Low Alch</td>
<td><input name="lalch" type="text" class="box" id="lalch" size="25" value="<?=$lalch;?>"></td>
</tr>
<tr> 
<td width="100">Gen. Store Price</td>
<td><input name="gstore" type="text" class="box" id="gstore" size="25" value="<?=$gstore;?>"></td>
</tr>   
<tr> 
<td width="100">Submitted By</td>
<td><input name="submitted" type="text" class="box" id="submitted" size="25" value="<?=$submitted;?>"></td>
</tr>
<tr> 
<td width="100">Found</td>
<td><textarea name="found" cols="50" rows="5" class="box" id="found"><?=$found;?></textarea></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td colspan="2" align="center"><input name="save" type="submit" class="submit2" id="save" value="Update Article"></td>
</tr>
</table>
<p align="center"><a href="edititem.php">Back to edit page</a></p>
</form>
</div>
				<!-- end #box2 -->
			</div>
			<!-- end #content -->
			<div id="leftbar">
				<div id="box6">
					<?php include("editorsnavigation.php"); ?>
                    </div>
                   <center><a href="logout.php"><h1>Logout</h1></a></center>
			</div>
			<!-- end #leftbar -->
                
			<div style="clear: both;"> </div>
		</div>
	</div>
</div>
</div>
<!-- end #wrapper -->
<?php include("../includes/footer.php"); ?>
</body>
</html>

 

Secured:

<?php
// Don't forget to start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Edit an item</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="../default.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
@import url("../layout.css");
-->
</style>
</head>
<body>
<div id="wrapper" class="bg1">
<div id="header">
	<div id="logo">

	</div>
	<div id="search" class="bg2">
		<!--<form id="form1" name="form1" method="get" action="">
			<input id="inputtext1" type="text" name="textfield" class="input1" />
			<input id="inputsubmit1" type="submit" name="Submit" value="Submit" class="submit1" />
		</form>-->
	</div>
</div>
<!-- end #header -->
	<?php include("../includes/navtop.php"); ?>
<!-- end #menu -->
<div id="page" class="bg4">
	<div class="bg5">
		<div class="bg6" style="padding: 0px 0px 50px 0px;">
			<div id="rightbar">
				<?php include("../includes/login.php");?>
				<?php include("../includes/articles.php");?>
				<?php include("../includes/additions.php"); ?>
			</div>
			<!-- end #rightbar -->
			<div id="content">
				<div id="box2">
					<div class="title bg8">
						<h2 class="text1">Edit an Item</h2>
                            </div>
<?php
include '../connect/config.php';
include '../connect/itemopendb.php';

if(isset($_GET['id']))
{
   $query  = "SELECT id, name, picture, examine, operate, ituse, members, stats, quest, halch, lalch, gstore, submitted, found ".
             "FROM item ".
             "WHERE id = '{$_GET['id']}'";
   $result = mysql_query($query) or die('Error : ' . mysql_error());
   list($id, $name, $picture, $examine, $operate, $ituse, $members, $stats, $quest, $halch, $lalch, $gstore, $submitted, $found) = mysql_fetch_array($result, MYSQL_NUM);

   		$title = htmlspecialchars($title);
		$name = htmlspecialchars($name);
	$picture = htmlspecialchars($picture);
	$examine = htmlspecialchars($examine);
	$operate = htmlspecialchars($operate);
	$ituse = htmlspecialchars($ituse);
	$members = htmlspecialchars($members);
	$quest = htmlspecialchars($quest);
	$stats = htmlspecialchars($stats);
	$halch = htmlspecialchars($halch);
	$lalch = htmlspecialchars($lalch);
	$gstore = htmlspecialchars($gstore);
	$submitted = htmlspecialchars($submitted);
	$found = htmlspecialchars($found);
}
else if(isset($_POST['save']))
{
$id = $_POST['id'];
$name = $_POST['name'];
$picture = $_POST['picture'];
$examine = $_POST['examine'];
$operate = $_POST['operate'];
$ituse = $_POST['ituse'];
$members = $_POST['members'];
$quest = $_POST['quest'];
$stats = $_POST['stats'];
$halch = $_POST['halch'];
$lalch = $_POST['lalch'];
$gstore = $_POST['gstore'];
$submitted = $_POST['submitted'];
$found = $_POST['found'];

   if(!get_magic_quotes_gpc())
   {
   		$id = addslashes($id);
      	$title = addslashes($title);
		$name = addslashes($name);
	$picture = addslashes($picture);
	$examine = addslashes($examine);
	$operate = addslashes($operate);
	$ituse = addslashes($ituse);
	$members = addslashes($members);
	$quest = addslashes($quest);
	$stats = addslashes($stats);
	$halch = addslashes($halch);
	$lalch = addslashes($lalch);
	$gstore = addslashes($gstore);
	$submitted = addslashes($submitted);
	$found = addslashes($found);
   }

   // update the item in the database
   $query = 'UPDATE item SET name=\'' . mysql_escape_string($_POST['name']) . '\', picture=\'' . mysql_escape_string($_POST['picture']) . '\', examine=\'' . mysql_escape_string($_POST['examine']) . '\', operate=\'' . mysql_escape_string($_POST['operate']) . '\', ituse=\'' . mysql_escape_string($_POST['ituse']) . '\', members=\'' . mysql_escape_string($_POST['members']) . '\', stats=\'' . mysql_escape_string($_POST['stats']) . '\', quest=\'' . mysql_escape_string($_POST['quest']) . '\', halch=\'' . mysql_escape_string($_POST['halch']) . '\', lalch=\'' . mysql_escape_string($_POST['lalch']) . '\', gstore=\'' . mysql_escape_string($_POST['gstore']) . '\', submitted=\'' . mysql_escape_string($_POST['submitted']) . '\', found=\'' . mysql_escape_string($_POST['found']) . 'WHERE id=' . $_POST['id'] . '';
   mysql_query($query) or die('Error : ' . mysql_error());


   echo "Item '$name' updated";

   // now we will display $title & content
   // so strip out any slashes
  		$name    = stripslashes($name);
	$picture = stripslashes($picture);
	$examine = stripslashes($examine);
	$operate = stripslashes($operate);
	$ituse     = stripslashes($ituse);
	$members = stripslashes($members);
	$quest   = stripslashes($quest);
	$stats   = stripslashes($stats);
	$halch   = stripslashes($halch);
	$lalch   = stripslashes($lalch);
	$gstore  = stripslashes($gstore);
	$submitted = stripslashes($submitted);
	$found   = stripslashes($found);
}

include '../connect/closedb.php';
?>
<form method="post">
<input type="hidden" name="id" value="<?=$id;?>">
<table width="450" border="0" cellpadding="2" cellspacing="1" class="box" align="center">
<tr>
<td width="100">Item Name</td>
<td><input name="name" type="text" class="box" id="title" value="<?=$name;?>"></td>
</tr>
<tr> 
<td width="100">Picture Link</td>
<td><input name="picture" type="text" class="box" id="picture" size="25" value="<?=$picture;?>"></td>
</tr>
<tr>
<tr> 
<td width="100">Examine Info</td>
<td><textarea name="examine" cols="50" rows="5" class="box" id="examine"><?=$examine;?></textarea></td>
</tr>
<tr> 
<td width="100">Operate</td>
<td><input name="operate" type="text" class="box" id="operate" size="25" value="<?=$operate;?>"></td>
</tr>
<tr> 
<td width="100">Use</td>
<td><input name="ituse" type="text" class="box" id="ituse" size="25" value="<?=$ituse;?>"></td>
</tr>
<tr> 
<td width="100">Members <br />(Yes/No)</td>
<td><input name="members" type="text" class="box" id="members" size="25" maxlength="3" value="<?=$members;?>"></td>
</tr>
<tr> 
<td width="100">Stats</td>
<td><textarea name="stats" cols="50" rows="5" class="box" id="stats"><?=$stats;?></textarea></td>
</tr>
<tr> 
<td width="100">Quest <br />(Yes/No)</td>
<td><input name="quest" type="text" class="box" id="quest" size="25" value="<?=$quest;?>"></td>
</tr>
<tr> 
<td width="100">High Alch</td>
<td><input name="halch" type="text" class="box" id="halch" size="25" value="<?=$halch;?>">
</td>
</tr>
<tr> 
<td width="100">Low Alch</td>
<td><input name="lalch" type="text" class="box" id="lalch" size="25" value="<?=$lalch;?>"></td>
</tr>
<tr> 
<td width="100">Gen. Store Price</td>
<td><input name="gstore" type="text" class="box" id="gstore" size="25" value="<?=$gstore;?>"></td>
</tr>   
<tr> 
<td width="100">Submitted By</td>
<td><input name="submitted" type="text" class="box" id="submitted" size="25" value="<?=$submitted;?>"></td>
</tr>
<tr> 
<td width="100">Found</td>
<td><textarea name="found" cols="50" rows="5" class="box" id="found"><?=$found;?></textarea></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td colspan="2" align="center"><input name="save" type="submit" class="submit2" id="save" value="Update Article"></td>
</tr>
</table>
<p align="center"><a href="edititem.php">Back to edit page</a></p>
</form>
</div>
				<!-- end #box2 -->
			</div>
			<!-- end #content -->
			<div id="leftbar">
				<div id="box6">
					<?php include("editorsnavigation.php"); ?>
                    </div>
                   <center><a href="logout.php"><h1>Logout</h1></a></center>
			</div>
			<!-- end #leftbar -->
                
			<div style="clear: both;"> </div>
		</div>
	</div>
</div>
</div>
<!-- end #wrapper -->
<?php include("../includes/footer.php"); ?>
</body>
</html>

 

Both do the same thing and work the same way, am i coding it wrong? because it doesn't want to update the table.  I have exhausted everything i can do and any ANY help is appreciated greatly!

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.