carlf Posted March 22, 2008 Share Posted March 22, 2008 When this code runs it produces a blank page. Any suggestions? <?php session_start(); /* verify login*/ if(!$_session['auth1']='yes'){ header("location:index.htm") }; /* program: validate_headers.php Description: accepts values from edit_headers.php strip tags adds to database Author: C. Forsell Revised Date: 3/21/2008 */ /* includes */ include("./z1pc0d3db.inc"); ?> <HTML> <HEAD> <!-- Prevents indexing of the page and of links on the page. --> <META NAME="robots" CONTENT="none"> <!-- Prevents indexing of the page. --> <META NAME="robots" CONTENT="noindex"> <!-- Prevents indexing of links off the page. --> <META NAME="robots" CONTENT="nofollow"> </HEAD> <?php /* posted data from edit form */ $zip = ($_SESSION['zcmzip1']); $head_city = $_post('$head_city'); $head_state = $_post('$head_state'); $head_slogan = $_post('$head_slogan'); /* strip tags included in strip injections below.*/ $zip = strip_tags($zip); $head_city = strip_tags($head_city,'<b><i></b></i>'); $head_state = strip_tags($head_state,'<b><i></b></i>'); $head_slogan = strip_tags($head_slogan,'<b><i></b></i>'); /* htmlspecialchars */ $zip = htmlspecialchars($zip); $head_city = htmlspecialchars( $head_city); $head_state = htmlspecialchars( $head_state); $head_slogan = htmlspecialchars( $head_slogan); /* strip out sql injections */ $zip = mysql_escape_string( strip_tags( $zip) ); $head_city = mysql_escape_string( strip_tags( $head_city, '<a><b><i><u>') ); $head_state = mysql_escape_string( strip_tags( $head_state, '<a><b><i><u>') ); $head_slogan = mysql_escape_string( strip_tags( $head_slogan, '<a><b><i><u>') ); /* sql update */ $sql = "UPDATE head_content SET head_city ='$head_city', head_state ='$head_state', head_slogan ='$head_slogan', WHERE zip ='$zip' "; /* result */ $result = mysql_query($sql) or die; header("location:index.htm"); ?> </BODY> </HTML> Link to comment https://forums.phpfreaks.com/topic/97327-code-to-accept-form-data-clean-and-update-not-working/ Share on other sites More sharing options...
carlf Posted March 22, 2008 Author Share Posted March 22, 2008 I remarked out the first "strip tags" to eliminate the duplication of that function but still no good. I tried to echo a string at various points in the script and none echo. This is part of a content management system, if that helps. Link to comment https://forums.phpfreaks.com/topic/97327-code-to-accept-form-data-clean-and-update-not-working/#findComment-498039 Share on other sites More sharing options...
rofl90 Posted March 22, 2008 Share Posted March 22, 2008 If this is being used as an include I'd use absolute includes. Link to comment https://forums.phpfreaks.com/topic/97327-code-to-accept-form-data-clean-and-update-not-working/#findComment-498047 Share on other sites More sharing options...
carlf Posted March 22, 2008 Author Share Posted March 22, 2008 Not being used as an include... Prior page uses a form to edit data with this page as the action. If I rename this page and create a new page that just echos all of the posted values, they all echo. However when this page is called all I get is a blank screen. Link to comment https://forums.phpfreaks.com/topic/97327-code-to-accept-form-data-clean-and-update-not-working/#findComment-498051 Share on other sites More sharing options...
carlf Posted March 24, 2008 Author Share Posted March 24, 2008 update... added ", $connection" to end of update sql, no improvement... Link to comment https://forums.phpfreaks.com/topic/97327-code-to-accept-form-data-clean-and-update-not-working/#findComment-499387 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.