KYKK Posted February 3, 2009 Share Posted February 3, 2009 I have 2 page, one is input form page, the other is the one that insert data to database so the form page i have <?phpsession_start();require_once 'db.php';if (isset($_SESSION['user_id'])){$sql = "SELECT * FROM `users` WHERE `name` = '{$_SESSION['user_name']}'";$result = mysql_query($sql);while($row = mysql_fetch_array($result)){$name = $row['name'];}?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html> <body> Hello, <?php echo $name; ?>, <form action="index.php?page=updateblog" method="post"> <input type="hidden" name="page_mode" value=""> <select name="months" id="months"> <option value="0" name="0">January</option> <option value="1" name="1">February</option> <option value="2" name="2">March</option> <option value="3" name="3">April</option> <option value="4" name="4">May</option> <option value="5" name="5">June</option> <option value="6" name="6">July</option> <option value="7" name="7">August</option> <option value="8" name="8">September</option> <option value="9" name="9">October</option> <option value="10" name="10">November</option> <option value="11" name="11">December</option> </select> <select name="days" id="days"> <option name="1" value="1">1</option> <option name="2" value="2">2</option> <option name="3" value="3">3</option> <option name="4" value="4">4</option> <option name="5" value="5">5</option> <option name="6" value="6">6</option> <option name="7" value="7">7</option> <option name="8" value="8">8</option> <option name="9" value="9">9</option> <option name="10" value="10">10</option> <option name="11" value="11">11</option> <option name="12" value="12">12</option> <option name="13" value="13">13</option> <option name="14" value="14">14</option> <option name="15" value="15">15</option> <option name="16" value="16">16</option> <option name="17" value="17">17</option> <option name="18" value="18">18</option> <option name="19" value="19">19</option> <option name="20" value="20">20</option> <option name="21" value="21">21</option> <option name="22" value="22">22</option> <option name="23" value="23">23</option> <option name="24" value="24">24</option> <option name="25" value="25">25</option> <option name="26" value="26">26</option> <option name="27" value="27">27</option> <option name="28" value="28">28</option> <option name="29" value="29">29</option> <option name="30" value="30">30</option> <option name="31" value="31">31</option> </select> <select name="years" id="years"> <option name="2008" value="2008">2008</option> <option name="2009" value="2009">2009</option> </select> <div class="left_box">subcontent</div> <div class="right_box"><input type="text" name="subcontent" size="30" maxlength="255" value=""></div> <div class="left_box">content</div> <div class="right_box"><textarea name='content' rows='15' cols='40'></textarea></div> <div class="left_box"> </div> <div class="right_box"><input type="submit" value="update" size="30"></div> <br><br></form> <a href="index.php?page=logout">Log out</a> <?php } else { ?> Click <a href="index.php?page=register">here</a> to register or click <a href="index.php?page=login">here</a> to log in. <?php } ?> </body></html> then i have <?phprequire_once 'db.php';$days = $_POST['days'];$months = $_POST['months'];$years = $_POST['years'];$content = $_POST['content'];$subcontent = $_POST['subcontent'];if (isset($_SESSION['user_id'])){if ($_POST['days'] != ''){mysql_query("INSERT INTO blog (name, days, months, years, subcontent, content) VALUES ('$name', '$days', '$months', '$years', '$subcontent', '$content')");header('Location: index.php');} if ($_POST['days'] == '') { echo "there nothing in day box<br>"; } if ($_POST['months'] == '') { echo "there nothing in month box<br>"; } if ($_POST['years'] == '') { echo "there nothing in year box<br>"; } if ($_POST['subcontent'] == '') { echo "there nothing in subcontent box<br>"; } if ($_POST['content'] == '') { echo "there nothing in content box<br>"; }?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><body> <a href="index.php">Update Index</a> <a href="index.php?page=blog">Update Blog</a> <a href="index.php?page=logout">Log out</a> <?php } else { ?> Click <a href="index.php?page=register">here</a> to register or click <a href="index.php?page=login">here</a> to log in. <?php } ?> but some how the data won't go into the database so i think it like my drop box input form is wrong, because i never work with them, i put if there no data for days then don't input other info, but that only if no data for days/// Link to comment Share on other sites More sharing options...
jlhaslip Posted February 3, 2009 Share Posted February 3, 2009 Couple of things stand out for me.I assume the second file is the target of the form action=?I assume the session ['userid'] has been set so the logical condition is fine?Standard Debugging would say to echo or print out the POST Array to inspect it for the data you expect. If it is different than what you expect, then track down the reason why that is so.Also, you check for errors BEFORE the update, not following the insert.Another thing would be: what if there is already data for the same criteria? then you would need to do an update (assuming MySql is used).This form and form-handling copuld also be performed in a single page using the redux method made familiar to me by larry Ullman and his books on PHP/MySql. Google php redux method ullmanI am not really certain that the If statement [if ($_POST['days'] != ''){] for checking $days is the correct way to handle the insert/update. Perform the error checking first, then check for errors, then insert/udate.And you need to check the user input. I realize that the data SHOULD be coming from a Form on your site, but Never, Never, Never trust User data.While I am on a Securtiy rant, you also need to secure the data before placing it into the DB by using a mysql_real_escape method.*phew*Sorry for the critical analysis, but it needed to be done. Link to comment Share on other sites More sharing options...
Enthusiastic Student Posted February 3, 2009 Share Posted February 3, 2009 Hi xPoliceTeamxDoes this part of your code work? <a href="index.php?page=logout">Log out</a> <?php } else { ?> Click <a href="index.php?page=register">here</a> to register or click <a href="index.php?page=login">here</a> to log in. <?php } ?> I would have written: <?php if (isset($_SESSION['user_id'])) { echo '<a href="index.php?page=logout">Log out</a>'; } else { echo 'Click <a href="index.php?page=register">here</a> to register or click <a href="index.php?page=login">here</a> to log in.'; } Hope it helpsEnthusiastic Student Link to comment Share on other sites More sharing options...
KYKK Posted February 5, 2009 Author Share Posted February 5, 2009 to jlhaslip : [if ($_POST['days'] != ''){] i want to set it like if it is not empty so = have data in it, are there something better than using not 'nothing'. and to Enthusiastic I have if isset session at the very top, and I put in the html forums and stuff out side of the php so instead of echo html codes, i did<?php if issset session { ?> html html html <?php}else{?>html html htmland close it }and i think i need to remake the structure of data forms and stuff see if it easier to find the error... Link to comment Share on other sites More sharing options...
jlhaslip Posted February 5, 2009 Share Posted February 5, 2009 You could test to see if the value of days is numeric, or is an integer, or greater than 0 and less than 31.http://ca.php.net/manual/en/ref.var.php Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.