Wolphie Posted February 22, 2008 Share Posted February 22, 2008 I'm kinda stuck on the code below <?php session_start(); include('config.php'); function secure($input) { if(!get_magic_quotes_gpc()) { $input = addslashes($input); $input = mysql_real_escape_string($input); $input = htmlspecialchars($input); $input = htmlentities($input); } return $input; } $id = $_REQUEST['id']; if(isset($id)) { $sql = sprintf("SELECT * FROM `tutorials` WHERE `id` = '%s' LIMIT 1", $id); $sql = mysql_query($sql) or die('Error: ' . mysql_error()); if($obj = mysql_fetch_object($sql)) { echo '<form action="edit.php?id=' . $id . '&do=update" " method="post">'; echo '<table cellpadding="0" cellspacing="0" style="margin-top: 25px;">'; echo '<tr>'; echo '<td>Title:</td>'; echo '<td><input type="text" name="title" value="' . $obj->title . '" /></td>'; echo '</tr><tr>'; echo '<td>Content:</td>'; echo '<td><textarea cols="20" rows="10" name="content">' . $obj->content . '</textarea></td>'; echo '</tr>'; echo '<tr><td><input type="submit" name="submit" value="Edit" /></td><td> - <a href="index.php">Home</a></td></tr>'; echo '</table>'; echo '</form>'; } } else { echo 'This tutorial ID does not exist.'; } if(isset($_POST['submit']) && isset($id) && $_GET['do'] == 'update') { $title = secure($_POST['title']); $content = nl2br(secure($_POST['content'])); $sql = sprintf("UPDATE `tutorials` SET `title` = '%s' AND `content` = '%s' WHERE `id` = '%s'", $title, $content, $id); $sql = mysql_query($sql) or die('Error: ' . mysql_error()); if($sql) { echo '<meta http-equiv="refresh" content="0;tutorials.php?id=' . $id . '">'; } else { echo 'Update Failed!'; } } ?> My main idea is that i want the database to be updated with the given information when the URL is edit.php?id=34&do=update The "id" is obviously the tutorials ID Link to comment https://forums.phpfreaks.com/topic/92483-little-help/ Share on other sites More sharing options...
jeremyphphaven Posted February 22, 2008 Share Posted February 22, 2008 I don't want to go scuffling through your code without some sort of problem definition. So what's the problem? Link to comment https://forums.phpfreaks.com/topic/92483-little-help/#findComment-473819 Share on other sites More sharing options...
Wolphie Posted February 22, 2008 Author Share Posted February 22, 2008 Well, basically the problem is when it goes to that URL. The title of the tutorial is set to "0" and written to the database. And the database isn't actually being updated with the changes i make. However, the update statement must be working if the title is being updated to "0". Link to comment https://forums.phpfreaks.com/topic/92483-little-help/#findComment-473835 Share on other sites More sharing options...
Wolphie Posted February 23, 2008 Author Share Posted February 23, 2008 Anybody? Link to comment https://forums.phpfreaks.com/topic/92483-little-help/#findComment-474324 Share on other sites More sharing options...
Sulman Posted February 23, 2008 Share Posted February 23, 2008 One of the functions in "secure" must be returning false. Echo out $input after each one to see which is the offending function Link to comment https://forums.phpfreaks.com/topic/92483-little-help/#findComment-474333 Share on other sites More sharing options...
Wolphie Posted February 23, 2008 Author Share Posted February 23, 2008 It's not actually, echo'ing anything when it gets to that page. <?php session_start(); include('config.php'); function secure($input) { if(!get_magic_quotes_gpc()) { $input = addslashes($input); echo $input; $input = mysql_real_escape_string($input); echo $input; $input = htmlspecialchars($input); echo $input; $input = htmlentities($input); echo $input; } return $input; } $id = $_GET['id']; if(isset($id)) { $sql = sprintf("SELECT * FROM `tutorials` WHERE `id` = '%s' LIMIT 1", $id); $sql = mysql_query($sql) or die('Error: ' . mysql_error()); if($obj = mysql_fetch_object($sql)) { echo '<form action="?id=' . $id . '&do=update" " method="post">'; echo '<table cellpadding="0" cellspacing="0" style="margin-top: 25px;">'; echo '<tr>'; echo '<td>Title:</td>'; echo '<td><input type="text" name="title" value="' . $obj->title . '" /></td>'; echo '</tr><tr>'; echo '<td>Content:</td>'; echo '<td><textarea cols="20" rows="10" name="content">' . $obj->content . '</textarea></td>'; echo '</tr>'; echo '<tr><td><input type="submit" name="submit" value="Edit" /></td><td> - <a href="index.php">Home</a></td></tr>'; echo '</table>'; echo '</form>'; } } else { echo 'This tutorial ID does not exist.'; } if((isset($id) && $_GET['do'] == 'update')) { if(isset($_POST['submit'])) { $title = secure($_POST['title']); $content = nl2br(secure($_POST['content'])); $sql = sprintf("UPDATE `tutorials` SET `title` = '%s' AND `content` = '%s' WHERE `id` = '%s'", $title, $content, $id); $sql = mysql_query($sql) or die('Error: ' . mysql_error()); if(!$sql) { echo 'Update Failed!'; } } } ?> Link to comment https://forums.phpfreaks.com/topic/92483-little-help/#findComment-474343 Share on other sites More sharing options...
Sulman Posted February 23, 2008 Share Posted February 23, 2008 Then one of the functions must be returning false or $input is nothing when it is passed to secure. whst's in your post vars? Link to comment https://forums.phpfreaks.com/topic/92483-little-help/#findComment-474348 Share on other sites More sharing options...
Wolphie Posted February 23, 2008 Author Share Posted February 23, 2008 I found out why it wasn't working. It didn't like the actual update query. So i'm assuming updating 2 fields at once is in-correct, or i've done it wrong? Because it works perfectly when i only update one field. Link to comment https://forums.phpfreaks.com/topic/92483-little-help/#findComment-474354 Share on other sites More sharing options...
Wolphie Posted February 23, 2008 Author Share Posted February 23, 2008 Ok this works fine now. <?php session_start(); include('config.php'); function secure($input) { if(!get_magic_quotes_gpc()) { $input = addslashes($input); $input = mysql_real_escape_string($input); $input = htmlspecialchars($input); $input = htmlentities($input); } return $input; } $id = $_GET['id']; if(isset($id)) { $sql = sprintf("SELECT * FROM `tutorials` WHERE `id` = '%s' LIMIT 1", $id); $sql = mysql_query($sql) or die('Error: ' . mysql_error()); if($obj = mysql_fetch_object($sql)) { echo '<form action="?id=' . $id . '&do=update" " method="post">'; echo '<table cellpadding="0" cellspacing="0" style="margin-top: 25px;">'; echo '<tr>'; echo '<td>Title:</td>'; echo '<td><input type="text" name="title" value="' . $obj->title . '" /></td>'; echo '</tr><tr>'; echo '<td>Content:</td>'; echo '<td><textarea cols="20" rows="10" name="content">' . $obj->content . '</textarea></td>'; echo '</tr>'; echo '<tr><td><input type="submit" name="submit" value="Edit" /></td><td> - <a href="index.php">Home</a></td></tr>'; echo '</table>'; echo '</form>'; } } else { echo 'This tutorial ID does not exist.'; } if((isset($id) && $_GET['do'] == 'update')) { if(isset($_POST['submit'])) { $title = secure($_POST['title']); $content = nl2br(secure($_POST['content'])); $sql = sprintf("UPDATE `tutorials` SET `content` = '%s', `title` = '%s' WHERE `id` = '%s'", $content, $title, $id); $sql = mysql_query($sql) or die('Error: ' . mysql_error()); if($sql) { echo '<meta http-equiv="refresh" content="0;tutorials.php?id=' . $id . '" />'; } else { echo 'Update Failed!'; } } } ?> Cheers. Link to comment https://forums.phpfreaks.com/topic/92483-little-help/#findComment-474357 Share on other sites More sharing options...
Sulman Posted February 23, 2008 Share Posted February 23, 2008 Missed that. try this: <?php $sql = sprintf("UPDATE `tutorials` SET `title` = '%s', `content` = '%s' WHERE `id` = '%s'", $title, $content, $id); ?> I removed the AND and replaced with comma. [EDIT]: sorry posted at the same time! Link to comment https://forums.phpfreaks.com/topic/92483-little-help/#findComment-474358 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.