501 Error?
Posted: Thu Oct 07, 2010 10:21 am
Hi Guys,
Looking for some help on an error I can't resolve.
I've written a CMS in PHP which can edit code and save it to an SQL Database. The actual process of it works fine with HTML, text, and other stuff.
However if I submit PHP in the form (which is what the main goal is) I get a 501 error. The next page doesn't even get run, it just flat our errors when I click the button.
I think the inserted PHP is interfering with the php on the page, but I can't see a way to fix it as I have to reload the page before I can process any of the text.
All three of these sections are on the same page, and in this order.
Ignoring the fact most of this is commented out, it doesn't even get to this code before it errors.
Main Code Extract.
This bit is the code I'm trying to insert.
Hope you guys can help, cus I'm stumped.
John.
Looking for some help on an error I can't resolve.
I've written a CMS in PHP which can edit code and save it to an SQL Database. The actual process of it works fine with HTML, text, and other stuff.
However if I submit PHP in the form (which is what the main goal is) I get a 501 error. The next page doesn't even get run, it just flat our errors when I click the button.
I think the inserted PHP is interfering with the php on the page, but I can't see a way to fix it as I have to reload the page before I can process any of the text.
All three of these sections are on the same page, and in this order.
Code: Select all
<!-- EDIT MODULE ------------------------------------------- -->
<?
if (isset($_POST['module_edit']))
{
$result = mysql_query("SELECT * FROM c_pages WHERE code = '".$_POST['content_code']."'", $link);
if ( $result === false ){ echo 'ERROR: COULD NOT ACCESS DATABASE.'; exit; };
$num_rows = mysql_num_rows($result);
echo '<form action="'.curPageURL().'" method="post">';
echo '<h1>Title: <input type="text" name="module_name" value="';
if ($num_rows != 0){ echo str_replace('_', ' ', mysql_result($result, 0, "name")); };
echo '" size=60></h1><br>';
echo '<h1>Content:</h1>';
echo '<textarea cols="80" id="editor1" name="editor1" rows="40">';
if ($num_rows != 0){echo mysql_result($result, 0, "content");};
echo '</textarea> <br>';
echo '<input type="submit" name="module_edit_save" value="Save Module" />';
echo '<input type="hidden" name="module_code" value="';
echo $_POST['content_code'];
echo '" /></form>';
}
?>
Code: Select all
<!-- MODULE EDIT SAVE -->
<?
if (isset($_POST['module_edit_save']))
{
echo $_POST['editor1'];
$editor1 = $_POST['editor1'];
//echo '<br>'.$editor1.'<br>';
/* $query = "UPDATE c_pages SET content='".$editor1."' WHERE code = '".$_POST['module_code']."'";
$update = mysql_query($query);
if (!$update) {
die('<p style="background: #00DD00; padding: 5px;">Text could not be saved.<br>'.mysql_error().'</p><br>');
}else{
echo '<p style="background: #00DD00; padding: 5px;">Content text has been saved.</p><br>';
}
$name = $_POST['module_name'];
$name = str_replace(' ', '_', $_POST['content_name']);
$name = preg_replace("/[^a-zA-Z0-9_\s]/", "", $name);
$query = "UPDATE c_pages SET name='".$name."' WHERE code = '".$_POST['module_code']."'";
$update = mysql_query($query);
if (!$update) {
die('<p style="background: #00DD00; padding: 5px;">Text could not be saved.<br>'.mysql_error().'</p><br>');
}else{
echo '<p style="background: #00DD00; padding: 5px;">Content name has been saved.</p><br>';
}
*/
};
?>
Code: Select all
...
echo '<input type="hidden" name="content_code" value="'.mysql_result($c_result,$c_counter,"code").'">';
echo '<input type="submit" name="module_edit" value="Edit" />';
...
Code: Select all
<?php
// WHERE WOULD YOU LIKE THE SUBMISSIONS SENT?
$to='marketing@....co.uk';
$messageSubject='...: Contact Form';
// MESSAGE ON FORM BUTTON
$button_message = "Click to send email.";
// SENDERS CONFIRMATION EMAIL
$confirmationSubject='www.....co.uk - Contact Form';
$confirmationBody="\n\nThank you for taking the time to email me. I'll be in touch shortly.\n";
$email='';
$body='';
$displayForm=true;
if ($_POST){
$email=stripslashes($_POST['email']);
$body=stripslashes($_POST['body']);
// validate e-mail address
$valid=eregi('^([0-9a-z]+[-._+&])*[0-9a-z]+@([-0-9a-z]+[.])+[a-z]{2,6}$',$email);
$crack=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$body);
if ($email && $body && $valid && !$crack){
if (mail($to,$messageSubject,$body,'From: '.$email."\r\n")
&& mail($email,$confirmationSubject,$confirmationBody.$body,'From: '.$to."\r\n")){
$displayForm=false;
?>
<p style="background: #84b1e3;">
Your message was successfully sent. In addition, a confirmation copy was sent to your e-mail address.
</p>
<?php
}else{ // the messages could not be sent
?>
<p style="background: #84b1e3;">
Something went wrong when the server tried to send your message.<br>
This is usually due to a server error, and is not your fault.<br>
Please try again. If the error persists please email ...@....co.uk.
</p>
<?php
}
}else if ($crack){ // cracking attempt
?>
<p style="background: #84b1e3;">
Your message contained e-mail headers within the message body. This seems to be a cracking attempt and the message has not been sent.
</p>
<?php
}else{ // form not complete
?>
<p style="background: #84b1e3;">
Your message could not be sent. You must include both a valid e-mail address and a message.
</p>
<?php
}
}
if ($displayForm){
?>
<form action="contact.php" method="post">
<table border=0>
<tr>
<td width=100><label for="email"><p>Your E-mail:</p></label></td>
<td>
<input type="text" name="email" id="email" value="<?php echo htmlspecialchars($email); ?>" size="30">
</td>
</tr>
<tr>
<td><label for="body"><p>Message:</p></label></td>
<td><textarea name="body" id="body" cols="55" rows="10">
<?php echo htmlspecialchars($body); ?>
</textarea></td>
</tr>
<tr><td></td><td id="submit"><button type="submit"><? echo $button_message; ?></button></td></tr>
</table>
</form>
<?php
}
?>
John.