SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Zealot
    Join Date
    Dec 1999
    Location
    Highlands Ranch, CO
    Posts
    193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have read Kevins article on PHP and MySQL, and have modified the script for my needs. It all works excellent, except for the 'edit' page that is intended to allow my content providers to edit their own articles that they have submitted.

    The code below is what I am using, and it has 2 problems.
    1. Upon submittting updated content, the content is NOT updated, but:
    2. The confirmation appears stating that the information has been updated.

    Please help!
    Code:
    <?php
    
    $dbcnx = @mysql_connect("localhost", "root", "mypasswd");
    mysql_select_db("afs");
    
    if ($submit): // The articles details have
                    // been updated.
    				
    	$validpassword = mysql_query("SELECT id, password FROM authors WHERE id='$aid'");
    		$stuff = mysql_fetch_array($validpassword);
        	$dbpass = $stuff["password"];
        	$id = $stuff["id"];
    			
      	if ($password != $dbpass) {
        	echo("<P>Bad <b>Password</b> " .
             ". Click 'Back' " .
             "and try again.</P>");
    		     exit();
    		   }
    
      	$sql = "UPDATE articles SET " .
             "body='$body', " .
             "articlename='$title', " .
             "aid='$aid' " .
             "WHERE id=$id";
    		 
      		if (mysql_query($sql)) {
        		echo("<P>Article details updated.</P>");
      		} else {
        		echo("<P>Error updating article details: " .
             	mysql_error() . "</P>");
      		}
    ?>
    
    <?php
      else: // Allow the user to edit the article
            // with ID=$id
    
      $update=mysql_query("SELECT body, articlename, aid FROM articles WHERE id=$id");
      		if (!$update) {
        		echo("<P>Error fetching article details: " .
             			mysql_error() . "</P>");
        	exit();
      		}
    
      	$art = mysql_fetch_array($update);
      		$body = $art["body"];
      		$title = $art["articlename"];
      		$authid = $art["aid"];
    
      		// Convert HTML special characters
      		// in database value for use in
      		// an HTML document.
      		$body = htmlspecialchars($body);
    
      		// Get lists of authors and categories for
      		// the select box and checkboxes.
    	$auth = mysql_query("SELECT id, name, password FROM authors Where id=$authid");
    ?>
    
    	<FORM ACTION="<?php echo($PHP_SELF); ?>" METHOD=POST>
      		<P>Edit the Title:<br><input type="text" name="title" value="<?php echo($title); ?>">
      		<P>Edit the article:<BR>
        	<TEXTAREA NAME="body" ROWS=15 COLS=45 WRAP><?php
    			echo($body);
    ?>			</TEXTAREA>
      		<P>Author: 
        	<SELECT NAME="aid" SIZE=1>
    <?php
      		$validauthor = mysql_fetch_array($auth);
        	$aid = $validauthor["id"];
        	$aname = $validauthor["name"];
    
    	 if ($aid == $authid) {
    	   	 echo("<OPTION SELECTED VALUE='$aid'>$aname\n");
    	 	 } else {
    	     echo("<OPTION VALUE='$aid'>$aname\n");
    		}
    ?>
        </SELECT>
        Password: 
        <input type="password" name="password">
      </P>
    
    <INPUT TYPE=HIDDEN NAME="id" VALUE="<?php echo($id); ?>">
    <P><INPUT TYPE=SUBMIT NAME="submit" VALUE="SUBMIT"></P>
    </FORM>
    
    <?php endif; ?>
    This is my first PHP script, and first time actually working with a MySQL database, and I have been able to make my content management perfectly so far, except for this. The $id is passed in the URL.

    My head is now beginning to hurt, so please help me out!

    Thanks,

    Chad

    p.s. Kevin, great article! You've got me doing things I never thought I could. Thanks!

  2. #2
    SitePoint Addict
    Join Date
    Dec 2000
    Location
    BOSTON MA
    Posts
    335
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    change this section

    Code:
    $sql = "UPDATE articles SET " .
             "body='$body', " .
             "articlename='$title', " .
             "aid='$aid' " .
             "WHERE id=$id";

    to this :

    Code:
    $sql = mysql_query("UPDATE articles SET
             body='$body',
             articlename='$title',
             aid='$aid'
             WHERE id='$id' ");
    see if that does anything. notice the difference in the quotations marks. you had way to many quotations marks in your insert statement.
    . . . chris

  3. #3
    ********* Callithumpian silver trophy freakysid's Avatar
    Join Date
    Jun 2000
    Location
    Sydney, Australia
    Posts
    3,798
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    atomic monkey, there is no practical difference between the original and your alternative code.

    I've looked through the code twice and I can't see any obvious problem. My suggestion for debugging is to do this: echo your SQL statements before you do a mysql_query. Then you will be able to see (in your browser window) what sql is being sent to the mysql server. This may uncover the problem. Other wise do as freddydoesphp suggested in a recent thread - and copy the sql statement from your browser window and run it through mysql server from the command line and see what results you get.

  4. #4
    SitePoint Addict
    Join Date
    Nov 2000
    Location
    London, UK
    Posts
    223
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Another little debugging thing you might try is at every select query you have, output all of the results (for example authorname, articlebody, etc.).
    You might also want to have it output the form contents before it updates, then the mysql info after it updates, so you can easily check for differences.

    Then also have it output the results for each of the select and insert statements.
    That way you'll know what's going on at every point in the program, and hopefully can fix it.

    If that doesn't work, then the only other thing I'd try if I were you (and I know that everyone will counsel against this, and say I'm wrong, but ...): add a semi colon at the end of your sql statement.

    YES, I know, the php manual says not to. However, I also know that my CMS won't work without it. (Although that could just be my php.ini settings .. but I doubt it) If it doesn't work, then rip any semi-colons you added to your SQL out as fast as you can, and pretend it never happened.

    However, when what should work doesn't, then what shouldn't work does.

    Hope you manage to make it work!

    ... what's the world coming to?

  5. #5
    SitePoint Guru
    Join Date
    Jan 2001
    Location
    Alkmaar, Netherlands
    Posts
    710
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I havent seen anywhere in your codes AddSlashes() function?
    You should add slashes if the field is text field before inserting into database and then after getting from database use StripSlashes().
    insertion
    $body=AddSlashes($body)
    UPDATE ..... body='$body'.....

    after getting field from database
    $body=StripSlashes($body)

    also why dont you make aid field integer type? or it is integer type but when you were inserting you added quotas wrongly around '$aid' ?

  6. #6
    SitePoint Zealot
    Join Date
    Dec 1999
    Location
    Highlands Ranch, CO
    Posts
    193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, great! I got it working. I used the debugging technique that you guys said, and found that for some reason, my article id, and author id came up as being the same #.

    If you notice in the script (at the top), I assigned the $id variable to contain the id of the authors db (AID). At least I think I did. Anyhow, now it works.

    I do have one other question though, what is the purpose of the addslashes & strip slashes? What exactly does it do?

    Thanks again! you've been very helpful!

    Chad

  7. #7
    ********* Callithumpian silver trophy freakysid's Avatar
    Join Date
    Jun 2000
    Location
    Sydney, Australia
    Posts
    3,798
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Your user may have entered characters into one of the text fields that are "special" characters that may screw up your SQL statement when the user supplied string is included in the SQL. These characters will include single quotes ', double quotes ", the backslash \ , etc.

    addslashes goes through the string and "escapes" these characters by adding the backslash (escape character) before each instance of the characters that should be escaped so that you can safely include the string in your SQL.

    http://www.php.net/manual/en/function.addslashes.php

    Actually now I'm confused - is the escape character "\" aka a forwardslash or backslash ???
    Last edited by freakysid; Mar 23, 2001 at 21:54.

  8. #8
    SitePoint Addict
    Join Date
    Nov 2000
    Location
    London, UK
    Posts
    223
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    \ = backslash
    / = forwardslash

    backslash = escape char
    ...
    feeling better?

    ... what's the world coming to?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •