Jump to content

What Is Wrong?


KYKK

Recommended Posts

I have 2 page, one is input form page, the other is the one that insert data to database so the form page i have

<?phpsession_start();require_once 'db.php';if (isset($_SESSION['user_id'])){$sql = "SELECT * FROM `users` WHERE `name` = '{$_SESSION['user_name']}'";$result = mysql_query($sql);while($row = mysql_fetch_array($result)){$name = $row['name'];}?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>  <body>    Hello, <?php echo $name; ?>,     <form action="index.php?page=updateblog" method="post">    <input type="hidden" name="page_mode" value="">	  <select name="months" id="months">                <option value="0" name="0">January</option>                <option value="1" name="1">February</option>                <option value="2" name="2">March</option>                <option value="3" name="3">April</option>                <option value="4" name="4">May</option>                <option value="5" name="5">June</option>                <option value="6" name="6">July</option>                <option value="7" name="7">August</option>                <option value="8" name="8">September</option>                <option value="9" name="9">October</option>                <option value="10" name="10">November</option>                <option value="11" name="11">December</option>            </select>            <select name="days" id="days">                <option name="1" value="1">1</option>                <option name="2" value="2">2</option>                <option name="3" value="3">3</option>                <option name="4" value="4">4</option>                <option name="5" value="5">5</option>                <option name="6" value="6">6</option>                <option name="7" value="7">7</option>                <option name="8" value="8">8</option>                <option name="9" value="9">9</option>                <option name="10" value="10">10</option>                <option name="11" value="11">11</option>                <option name="12" value="12">12</option>                <option name="13" value="13">13</option>                <option name="14" value="14">14</option>                <option name="15" value="15">15</option>                <option name="16" value="16">16</option>                <option name="17" value="17">17</option>                <option name="18" value="18">18</option>                <option name="19" value="19">19</option>                <option name="20" value="20">20</option>                <option name="21" value="21">21</option>                <option name="22" value="22">22</option>                <option name="23" value="23">23</option>                <option name="24" value="24">24</option>                <option name="25" value="25">25</option>                <option name="26" value="26">26</option>                <option name="27" value="27">27</option>                <option name="28" value="28">28</option>                <option name="29" value="29">29</option>                <option name="30" value="30">30</option>                <option name="31" value="31">31</option>            </select>            <select name="years" id="years">                <option name="2008" value="2008">2008</option>                <option name="2009" value="2009">2009</option>            </select>    <div class="left_box">subcontent</div>    <div class="right_box"><input type="text" name="subcontent" size="30" maxlength="255" value=""></div>        <div class="left_box">content</div>    <div class="right_box"><textarea name='content' rows='15' cols='40'></textarea></div>    <div class="left_box"> </div>    <div class="right_box"><input type="submit" value="update" size="30"></div>    <br><br></form>    <a href="index.php?page=logout">Log out</a>    <?php    }    else    {    ?>    Click <a href="index.php?page=register">here</a> to register or click <a href="index.php?page=login">here</a> to log in.    <?php    }    ?>   </body></html>

then i have

<?phprequire_once 'db.php';$days = $_POST['days'];$months = $_POST['months'];$years = $_POST['years'];$content = $_POST['content'];$subcontent = $_POST['subcontent'];if (isset($_SESSION['user_id'])){if ($_POST['days'] != ''){mysql_query("INSERT INTO blog (name, days, months, years, subcontent, content) VALUES ('$name', '$days', '$months', '$years', '$subcontent', '$content')");header('Location: index.php');}	if ($_POST['days'] == '')	{	echo "there nothing in day box<br>";	}	if ($_POST['months'] == '')	{	echo "there nothing in month box<br>";	}	if ($_POST['years'] == '')	{	echo "there nothing in year box<br>";	}	if ($_POST['subcontent'] == '')	{	echo "there nothing in subcontent box<br>";	}    if ($_POST['content'] == '')    {    echo "there nothing in content box<br>";    }?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><body>    <a href="index.php">Update Index</a>	<a href="index.php?page=blog">Update Blog</a>    <a href="index.php?page=logout">Log out</a>    <?php    }    else    {    ?>    Click <a href="index.php?page=register">here</a> to register or click <a href="index.php?page=login">here</a> to log in.    <?php    }    ?>

but some how the data won't go into the database so i think it like my drop box input form is wrong, because i never work with them, i put if there no data for days then don't input other info, but that only if no data for days///

Link to comment
Share on other sites

Couple of things stand out for me.I assume the second file is the target of the form action=?I assume the session ['userid'] has been set so the logical condition is fine?Standard Debugging would say to echo or print out the POST Array to inspect it for the data you expect. If it is different than what you expect, then track down the reason why that is so.Also, you check for errors BEFORE the update, not following the insert.Another thing would be: what if there is already data for the same criteria? then you would need to do an update (assuming MySql is used).This form and form-handling copuld also be performed in a single page using the redux method made familiar to me by larry Ullman and his books on PHP/MySql. Google php redux method ullmanI am not really certain that the If statement [if ($_POST['days'] != ''){] for checking $days is the correct way to handle the insert/update. Perform the error checking first, then check for errors, then insert/udate.And you need to check the user input. I realize that the data SHOULD be coming from a Form on your site, but Never, Never, Never trust User data.While I am on a Securtiy rant, you also need to secure the data before placing it into the DB by using a mysql_real_escape method.*phew*Sorry for the critical analysis, but it needed to be done.

Link to comment
Share on other sites

Hi xPoliceTeamxDoes this part of your code work?

	<a href="index.php?page=logout">Log out</a>	<?php	}	else	{	?>	Click <a href="index.php?page=register">here</a> to register or click <a href="index.php?page=login">here</a> to log in.	<?php	}	?>

I would have written:

<?php	if (isset($_SESSION['user_id']))	{		echo '<a href="index.php?page=logout">Log out</a>';	}	else	{		echo 'Click <a href="index.php?page=register">here</a> to register or click <a href="index.php?page=login">here</a> to log in.';	}

Hope it helpsEnthusiastic Student

Link to comment
Share on other sites

to jlhaslip : [if ($_POST['days'] != ''){] i want to set it like if it is not empty so = have data in it, are there something better than using not 'nothing'. and to Enthusiastic I have if isset session at the very top, and I put in the html forums and stuff out side of the php so instead of echo html codes, i did<?php if issset session { ?> html html html <?php}else{?>html html htmland close it }and i think i need to remake the structure of data forms and stuff see if it easier to find the error...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...