SitePoint Sponsor |
|
User Tag List
Results 1 to 8 of 8
-
Mar 22, 2001, 21:11 #1
- Join Date
- Dec 1999
- Location
- Highlands Ranch, CO
- Posts
- 193
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I have read Kevins article on PHP and MySQL, and have modified the script for my needs. It all works excellent, except for the 'edit' page that is intended to allow my content providers to edit their own articles that they have submitted.
The code below is what I am using, and it has 2 problems.
1. Upon submittting updated content, the content is NOT updated, but:
2. The confirmation appears stating that the information has been updated.
Please help!
Code:<?php $dbcnx = @mysql_connect("localhost", "root", "mypasswd"); mysql_select_db("afs"); if ($submit): // The articles details have // been updated. $validpassword = mysql_query("SELECT id, password FROM authors WHERE id='$aid'"); $stuff = mysql_fetch_array($validpassword); $dbpass = $stuff["password"]; $id = $stuff["id"]; if ($password != $dbpass) { echo("<P>Bad <b>Password</b> " . ". Click 'Back' " . "and try again.</P>"); exit(); } $sql = "UPDATE articles SET " . "body='$body', " . "articlename='$title', " . "aid='$aid' " . "WHERE id=$id"; if (mysql_query($sql)) { echo("<P>Article details updated.</P>"); } else { echo("<P>Error updating article details: " . mysql_error() . "</P>"); } ?> <?php else: // Allow the user to edit the article // with ID=$id $update=mysql_query("SELECT body, articlename, aid FROM articles WHERE id=$id"); if (!$update) { echo("<P>Error fetching article details: " . mysql_error() . "</P>"); exit(); } $art = mysql_fetch_array($update); $body = $art["body"]; $title = $art["articlename"]; $authid = $art["aid"]; // Convert HTML special characters // in database value for use in // an HTML document. $body = htmlspecialchars($body); // Get lists of authors and categories for // the select box and checkboxes. $auth = mysql_query("SELECT id, name, password FROM authors Where id=$authid"); ?> <FORM ACTION="<?php echo($PHP_SELF); ?>" METHOD=POST> <P>Edit the Title:<br><input type="text" name="title" value="<?php echo($title); ?>"> <P>Edit the article:<BR> <TEXTAREA NAME="body" ROWS=15 COLS=45 WRAP><?php echo($body); ?> </TEXTAREA> <P>Author: <SELECT NAME="aid" SIZE=1> <?php $validauthor = mysql_fetch_array($auth); $aid = $validauthor["id"]; $aname = $validauthor["name"]; if ($aid == $authid) { echo("<OPTION SELECTED VALUE='$aid'>$aname\n"); } else { echo("<OPTION VALUE='$aid'>$aname\n"); } ?> </SELECT> Password: <input type="password" name="password"> </P> <INPUT TYPE=HIDDEN NAME="id" VALUE="<?php echo($id); ?>"> <P><INPUT TYPE=SUBMIT NAME="submit" VALUE="SUBMIT"></P> </FORM> <?php endif; ?>
My head is now beginning to hurt, so please help me out!
Thanks,
Chad
p.s. Kevin, great article! You've got me doing things I never thought I could. Thanks!Chad J
Addict Fantasy Sports
-
Mar 22, 2001, 23:49 #2
- Join Date
- Dec 2000
- Location
- BOSTON MA
- Posts
- 335
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
change this section
Code:$sql = "UPDATE articles SET " . "body='$body', " . "articlename='$title', " . "aid='$aid' " . "WHERE id=$id";
to this :
Code:$sql = mysql_query("UPDATE articles SET body='$body', articlename='$title', aid='$aid' WHERE id='$id' ");
. . . chris
-
Mar 23, 2001, 02:40 #3
- Join Date
- Jun 2000
- Location
- Sydney, Australia
- Posts
- 3,798
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
atomic monkey, there is no practical difference between the original and your alternative code.
I've looked through the code twice and I can't see any obvious problem. My suggestion for debugging is to do this: echo your SQL statements before you do a mysql_query. Then you will be able to see (in your browser window) what sql is being sent to the mysql server. This may uncover the problem. Other wise do as freddydoesphp suggested in a recent thread - and copy the sql statement from your browser window and run it through mysql server from the command line and see what results you get.
-
Mar 23, 2001, 03:58 #4
- Join Date
- Nov 2000
- Location
- London, UK
- Posts
- 223
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Another little debugging thing you might try is at every select query you have, output all of the results (for example authorname, articlebody, etc.).
You might also want to have it output the form contents before it updates, then the mysql info after it updates, so you can easily check for differences.
Then also have it output the results for each of the select and insert statements.
That way you'll know what's going on at every point in the program, and hopefully can fix it.
If that doesn't work, then the only other thing I'd try if I were you (and I know that everyone will counsel against this, and say I'm wrong, but ...): add a semi colon at the end of your sql statement.
YES, I know, the php manual says not to. However, I also know that my CMS won't work without it. (Although that could just be my php.ini settings .. but I doubt it) If it doesn't work, then rip any semi-colons you added to your SQL out as fast as you can, and pretend it never happened.
However, when what should work doesn't, then what shouldn't work does.
Hope you manage to make it work!
... what's the world coming to?
-
Mar 23, 2001, 05:05 #5
- Join Date
- Jan 2001
- Location
- Alkmaar, Netherlands
- Posts
- 710
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I havent seen anywhere in your codes AddSlashes() function?
You should add slashes if the field is text field before inserting into database and then after getting from database use StripSlashes().
insertion
$body=AddSlashes($body)
UPDATE ..... body='$body'.....
after getting field from database
$body=StripSlashes($body)
also why dont you make aid field integer type? or it is integer type but when you were inserting you added quotas wrongly around '$aid' ?
-
Mar 23, 2001, 17:15 #6
- Join Date
- Dec 1999
- Location
- Highlands Ranch, CO
- Posts
- 193
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Ok, great! I got it working. I used the debugging technique that you guys said, and found that for some reason, my article id, and author id came up as being the same #.
If you notice in the script (at the top), I assigned the $id variable to contain the id of the authors db (AID). At least I think I did. Anyhow, now it works.
I do have one other question though, what is the purpose of the addslashes & strip slashes? What exactly does it do?
Thanks again! you've been very helpful!
ChadChad J
Addict Fantasy Sports
-
Mar 23, 2001, 21:51 #7
- Join Date
- Jun 2000
- Location
- Sydney, Australia
- Posts
- 3,798
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Your user may have entered characters into one of the text fields that are "special" characters that may screw up your SQL statement when the user supplied string is included in the SQL. These characters will include single quotes ', double quotes ", the backslash \ , etc.
addslashes goes through the string and "escapes" these characters by adding the backslash (escape character) before each instance of the characters that should be escaped so that you can safely include the string in your SQL.
http://www.php.net/manual/en/function.addslashes.php
Actually now I'm confused - is the escape character "\" aka a forwardslash or backslash ???Last edited by freakysid; Mar 23, 2001 at 21:54.
-
Mar 24, 2001, 05:05 #8
- Join Date
- Nov 2000
- Location
- London, UK
- Posts
- 223
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
\ = backslash
/ = forwardslash
backslash = escape char
...
feeling better?
... what's the world coming to?
Bookmarks