Jump to content

[SOLVED] need help with this edit script

robotman321

By robotman321
in PHP Coding Help

Recommended Posts

robotman321 Newbie

robotman321

Posted
Posted

now my dilemma is this: my script can pull from my database and show the information in the perspective form, but it won't let me save, i have tried everything i know how to fix ti, but i just cant get it working... any help is appreciated. I am including 2 versions of my script, the secured and unsecured one.

 

Unsecured:

<?php
// Don't forget to start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Edit an item</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="../default.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
@import url("../layout.css");
-->
</style>
</head>
<body>
<div id="wrapper" class="bg1">
<div id="header">
	<div id="logo">

	</div>
	<div id="search" class="bg2">
		<!--<form id="form1" name="form1" method="get" action="">
			<input id="inputtext1" type="text" name="textfield" class="input1" />
			<input id="inputsubmit1" type="submit" name="Submit" value="Submit" class="submit1" />
		</form>-->
	</div>
</div>
<!-- end #header -->
	<?php include("../includes/navtop.php"); ?>
<!-- end #menu -->
<div id="page" class="bg4">
	<div class="bg5">
		<div class="bg6" style="padding: 0px 0px 50px 0px;">
			<div id="rightbar">
				<?php include("../includes/login.php");?>
				<?php include("../includes/articles.php");?>
				<?php include("../includes/additions.php"); ?>
			</div>
			<!-- end #rightbar -->
			<div id="content">
				<div id="box2">
					<div class="title bg8">
						<h2 class="text1">Edit an Item</h2>
                            </div>
<?php
include '../connect/config.php';
include '../connect/itemopendb.php';

if(isset($_GET['id']))
{
   $query  = "SELECT id, name, picture, examine, operate, ituse, members, stats, quest, halch, lalch, gstore, submitted, found ".
             "FROM item ".
             "WHERE id = '{$_GET['id']}'";
   $result = mysql_query($query) or die('Error : ' . mysql_error());
   list($id, $name, $picture, $examine, $operate, $ituse, $members, $stats, $quest, $halch, $lalch, $gstore, $submitted, $found) = mysql_fetch_array($result,                                                    MYSQL_NUM);

   		$title = htmlspecialchars($title);
		$name = htmlspecialchars($name);
	$picture = htmlspecialchars($picture);
	$examine = htmlspecialchars($examine);
	$operate = htmlspecialchars($operate);
	$ituse = htmlspecialchars($ituse);
	$members = htmlspecialchars($members);
	$quest = htmlspecialchars($quest);
	$stats = htmlspecialchars($stats);
	$halch = htmlspecialchars($halch);
	$lalch = htmlspecialchars($lalch);
	$gstore = htmlspecialchars($gstore);
	$submitted = htmlspecialchars($submitted);
	$found = htmlspecialchars($found);
}
else if(isset($_POST['save']))
{
$id = $_POST['id'];
$name = $_POST['name'];
$picture = $_POST['picture'];
$examine = $_POST['examine'];
$operate = $_POST['operate'];
$ituse = $_POST['ituse'];
$members = $_POST['members'];
$quest = $_POST['quest'];
$stats = $_POST['stats'];
$halch = $_POST['halch'];
$lalch = $_POST['lalch'];
$gstore = $_POST['gstore'];
$submitted = $_POST['submitted'];
$found = $_POST['found'];

   if(!get_magic_quotes_gpc())
   {
   		$id = addslashes($id);
      	$title = addslashes($title);
		$name = addslashes($name);
	$picture = addslashes($picture);
	$examine = addslashes($examine);
	$operate = addslashes($operate);
	$ituse = addslashes($ituse);
	$members = addslashes($members);
	$quest = addslashes($quest);
	$stats = addslashes($stats);
	$halch = addslashes($halch);
	$lalch = addslashes($lalch);
	$gstore = addslashes($gstore);
	$submitted = addslashes($submitted);
	$found = addslashes($found);
   }

   // update the item in the database
   $query = "UPDATE item ".
            "SET name='$name', picture='$picture', examine='$examine', operate='$operate', ituse='$ituse', members='$members', stats='$stats', quest='$quest', halch='$halch', lalch='$lalch', gstore='$gstore', submitted='$submitted', found='$found' ".
            "WHERE id='$id'";
   mysql_query($query) or die('Error : ' . mysql_error());

   // then remove the cached file
   $cacheDir = dirname(__FILE__) . '/cache/';
   $cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';

   @unlink($cacheFile);

   // and remove the index.html too because the file list
   // is changed
   @unlink($cacheDir . 'index.html');

   echo "Item '$name' updated";

   // now we will display $title & content
   // so strip out any slashes
  		$name    = stripslashes($name);
	$picture = stripslashes($picture);
	$examine = stripslashes($examine);
	$operate = stripslashes($operate);
	$ituse     = stripslashes($ituse);
	$members = stripslashes($members);
	$quest   = stripslashes($quest);
	$stats   = stripslashes($stats);
	$halch   = stripslashes($halch);
	$lalch   = stripslashes($lalch);
	$gstore  = stripslashes($gstore);
	$submitted = stripslashes($submitted);
	$found   = stripslashes($found);
}

include '../connect/closedb.php';
?>
<form method="post">
<input type="hidden" name="id" value="<?=$id;?>">
<table width="450" border="0" cellpadding="2" cellspacing="1" class="box" align="center">
<tr>
<td width="100">Item Name</td>
<td><input name="name" type="text" class="box" id="title" value="<?=$name;?>"></td>
</tr>
<tr> 
<td width="100">Picture Link</td>
<td><input name="picture" type="text" class="box" id="picture" size="25" value="<?=$picture;?>"></td>
</tr>
<tr>
<tr> 
<td width="100">Examine Info</td>
<td><textarea name="examine" cols="50" rows="5" class="box" id="examine"><?=$examine;?></textarea></td>
</tr>
<tr> 
<td width="100">Operate</td>
<td><input name="operate" type="text" class="box" id="operate" size="25" value="<?=$operate;?>"></td>
</tr>
<tr> 
<td width="100">Use</td>
<td><input name="ituse" type="text" class="box" id="ituse" size="25" value="<?=$ituse;?>"></td>
</tr>
<tr> 
<td width="100">Members <br />(Yes/No)</td>
<td><input name="members" type="text" class="box" id="members" size="25" maxlength="3" value="<?=$members;?>"></td>
</tr>
<tr> 
<td width="100">Stats</td>
<td><textarea name="stats" cols="50" rows="5" class="box" id="stats"><?=$stats;?></textarea></td>
</tr>
<tr> 
<td width="100">Quest <br />(Yes/No)</td>
<td><input name="quest" type="text" class="box" id="quest" size="25" value="<?=$quest;?>"></td>
</tr>
<tr> 
<td width="100">High Alch</td>
<td><input name="halch" type="text" class="box" id="halch" size="25" value="<?=$halch;?>">
</td>
</tr>
<tr> 
<td width="100">Low Alch</td>
<td><input name="lalch" type="text" class="box" id="lalch" size="25" value="<?=$lalch;?>"></td>
</tr>
<tr> 
<td width="100">Gen. Store Price</td>
<td><input name="gstore" type="text" class="box" id="gstore" size="25" value="<?=$gstore;?>"></td>
</tr>   
<tr> 
<td width="100">Submitted By</td>
<td><input name="submitted" type="text" class="box" id="submitted" size="25" value="<?=$submitted;?>"></td>
</tr>
<tr> 
<td width="100">Found</td>
<td><textarea name="found" cols="50" rows="5" class="box" id="found"><?=$found;?></textarea></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td colspan="2" align="center"><input name="save" type="submit" class="submit2" id="save" value="Update Article"></td>
</tr>
</table>
<p align="center"><a href="edititem.php">Back to edit page</a></p>
</form>
</div>
				<!-- end #box2 -->
			</div>
			<!-- end #content -->
			<div id="leftbar">
				<div id="box6">
					<?php include("editorsnavigation.php"); ?>
                    </div>
                   <center><a href="logout.php"><h1>Logout</h1></a></center>
			</div>
			<!-- end #leftbar -->
                
			<div style="clear: both;"> </div>
		</div>
	</div>
</div>
</div>
<!-- end #wrapper -->
<?php include("../includes/footer.php"); ?>
</body>
</html>

 

Secured:

<?php
// Don't forget to start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Edit an item</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="../default.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
@import url("../layout.css");
-->
</style>
</head>
<body>
<div id="wrapper" class="bg1">
<div id="header">
	<div id="logo">

	</div>
	<div id="search" class="bg2">
		<!--<form id="form1" name="form1" method="get" action="">
			<input id="inputtext1" type="text" name="textfield" class="input1" />
			<input id="inputsubmit1" type="submit" name="Submit" value="Submit" class="submit1" />
		</form>-->
	</div>
</div>
<!-- end #header -->
	<?php include("../includes/navtop.php"); ?>
<!-- end #menu -->
<div id="page" class="bg4">
	<div class="bg5">
		<div class="bg6" style="padding: 0px 0px 50px 0px;">
			<div id="rightbar">
				<?php include("../includes/login.php");?>
				<?php include("../includes/articles.php");?>
				<?php include("../includes/additions.php"); ?>
			</div>
			<!-- end #rightbar -->
			<div id="content">
				<div id="box2">
					<div class="title bg8">
						<h2 class="text1">Edit an Item</h2>
                            </div>
<?php
include '../connect/config.php';
include '../connect/itemopendb.php';

if(isset($_GET['id']))
{
   $query  = "SELECT id, name, picture, examine, operate, ituse, members, stats, quest, halch, lalch, gstore, submitted, found ".
             "FROM item ".
             "WHERE id = '{$_GET['id']}'";
   $result = mysql_query($query) or die('Error : ' . mysql_error());
   list($id, $name, $picture, $examine, $operate, $ituse, $members, $stats, $quest, $halch, $lalch, $gstore, $submitted, $found) = mysql_fetch_array($result, MYSQL_NUM);

   		$title = htmlspecialchars($title);
		$name = htmlspecialchars($name);
	$picture = htmlspecialchars($picture);
	$examine = htmlspecialchars($examine);
	$operate = htmlspecialchars($operate);
	$ituse = htmlspecialchars($ituse);
	$members = htmlspecialchars($members);
	$quest = htmlspecialchars($quest);
	$stats = htmlspecialchars($stats);
	$halch = htmlspecialchars($halch);
	$lalch = htmlspecialchars($lalch);
	$gstore = htmlspecialchars($gstore);
	$submitted = htmlspecialchars($submitted);
	$found = htmlspecialchars($found);
}
else if(isset($_POST['save']))
{
$id = $_POST['id'];
$name = $_POST['name'];
$picture = $_POST['picture'];
$examine = $_POST['examine'];
$operate = $_POST['operate'];
$ituse = $_POST['ituse'];
$members = $_POST['members'];
$quest = $_POST['quest'];
$stats = $_POST['stats'];
$halch = $_POST['halch'];
$lalch = $_POST['lalch'];
$gstore = $_POST['gstore'];
$submitted = $_POST['submitted'];
$found = $_POST['found'];

   if(!get_magic_quotes_gpc())
   {
   		$id = addslashes($id);
      	$title = addslashes($title);
		$name = addslashes($name);
	$picture = addslashes($picture);
	$examine = addslashes($examine);
	$operate = addslashes($operate);
	$ituse = addslashes($ituse);
	$members = addslashes($members);
	$quest = addslashes($quest);
	$stats = addslashes($stats);
	$halch = addslashes($halch);
	$lalch = addslashes($lalch);
	$gstore = addslashes($gstore);
	$submitted = addslashes($submitted);
	$found = addslashes($found);
   }

   // update the item in the database
   $query = 'UPDATE item SET name=\'' . mysql_escape_string($_POST['name']) . '\', picture=\'' . mysql_escape_string($_POST['picture']) . '\', examine=\'' . mysql_escape_string($_POST['examine']) . '\', operate=\'' . mysql_escape_string($_POST['operate']) . '\', ituse=\'' . mysql_escape_string($_POST['ituse']) . '\', members=\'' . mysql_escape_string($_POST['members']) . '\', stats=\'' . mysql_escape_string($_POST['stats']) . '\', quest=\'' . mysql_escape_string($_POST['quest']) . '\', halch=\'' . mysql_escape_string($_POST['halch']) . '\', lalch=\'' . mysql_escape_string($_POST['lalch']) . '\', gstore=\'' . mysql_escape_string($_POST['gstore']) . '\', submitted=\'' . mysql_escape_string($_POST['submitted']) . '\', found=\'' . mysql_escape_string($_POST['found']) . 'WHERE id=' . $_POST['id'] . '';
   mysql_query($query) or die('Error : ' . mysql_error());


   echo "Item '$name' updated";

   // now we will display $title & content
   // so strip out any slashes
  		$name    = stripslashes($name);
	$picture = stripslashes($picture);
	$examine = stripslashes($examine);
	$operate = stripslashes($operate);
	$ituse     = stripslashes($ituse);
	$members = stripslashes($members);
	$quest   = stripslashes($quest);
	$stats   = stripslashes($stats);
	$halch   = stripslashes($halch);
	$lalch   = stripslashes($lalch);
	$gstore  = stripslashes($gstore);
	$submitted = stripslashes($submitted);
	$found   = stripslashes($found);
}

include '../connect/closedb.php';
?>
<form method="post">
<input type="hidden" name="id" value="<?=$id;?>">
<table width="450" border="0" cellpadding="2" cellspacing="1" class="box" align="center">
<tr>
<td width="100">Item Name</td>
<td><input name="name" type="text" class="box" id="title" value="<?=$name;?>"></td>
</tr>
<tr> 
<td width="100">Picture Link</td>
<td><input name="picture" type="text" class="box" id="picture" size="25" value="<?=$picture;?>"></td>
</tr>
<tr>
<tr> 
<td width="100">Examine Info</td>
<td><textarea name="examine" cols="50" rows="5" class="box" id="examine"><?=$examine;?></textarea></td>
</tr>
<tr> 
<td width="100">Operate</td>
<td><input name="operate" type="text" class="box" id="operate" size="25" value="<?=$operate;?>"></td>
</tr>
<tr> 
<td width="100">Use</td>
<td><input name="ituse" type="text" class="box" id="ituse" size="25" value="<?=$ituse;?>"></td>
</tr>
<tr> 
<td width="100">Members <br />(Yes/No)</td>
<td><input name="members" type="text" class="box" id="members" size="25" maxlength="3" value="<?=$members;?>"></td>
</tr>
<tr> 
<td width="100">Stats</td>
<td><textarea name="stats" cols="50" rows="5" class="box" id="stats"><?=$stats;?></textarea></td>
</tr>
<tr> 
<td width="100">Quest <br />(Yes/No)</td>
<td><input name="quest" type="text" class="box" id="quest" size="25" value="<?=$quest;?>"></td>
</tr>
<tr> 
<td width="100">High Alch</td>
<td><input name="halch" type="text" class="box" id="halch" size="25" value="<?=$halch;?>">
</td>
</tr>
<tr> 
<td width="100">Low Alch</td>
<td><input name="lalch" type="text" class="box" id="lalch" size="25" value="<?=$lalch;?>"></td>
</tr>
<tr> 
<td width="100">Gen. Store Price</td>
<td><input name="gstore" type="text" class="box" id="gstore" size="25" value="<?=$gstore;?>"></td>
</tr>   
<tr> 
<td width="100">Submitted By</td>
<td><input name="submitted" type="text" class="box" id="submitted" size="25" value="<?=$submitted;?>"></td>
</tr>
<tr> 
<td width="100">Found</td>
<td><textarea name="found" cols="50" rows="5" class="box" id="found"><?=$found;?></textarea></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td colspan="2" align="center"><input name="save" type="submit" class="submit2" id="save" value="Update Article"></td>
</tr>
</table>
<p align="center"><a href="edititem.php">Back to edit page</a></p>
</form>
</div>
				<!-- end #box2 -->
			</div>
			<!-- end #content -->
			<div id="leftbar">
				<div id="box6">
					<?php include("editorsnavigation.php"); ?>
                    </div>
                   <center><a href="logout.php"><h1>Logout</h1></a></center>
			</div>
			<!-- end #leftbar -->
                
			<div style="clear: both;"> </div>
		</div>
	</div>
</div>
</div>
<!-- end #wrapper -->
<?php include("../includes/footer.php"); ?>
</body>
</html>

 

Both do the same thing and work the same way, am i coding it wrong? because it doesn't want to update the table.  I have exhausted everything i can do and any ANY help is appreciated greatly!

Link to comment
https://forums.phpfreaks.com/topic/85320-solved-need-help-with-this-edit-script/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.