Page 1 of 2

News php code

Posted: Sun Mar 25, 2012 6:47 am
by Shychild
Hi,

I'm a fair new in PHP and currently seeking help for my news code (php). :offtopic:

Code: Select all

<html>
<head>
<title>Add News</title>
<meta http-equiv="Content-Type" content="text/html; charset="iso"-8859-1">
</head>

<body>
<?
if(isset($add_n)){
   $link = @mysql_connect("", "", "");
   if(!$link){
      echo('Error connecting to the database: ' . $mysql_error());
      exit();
   }
   $db = @mysql_selectdb('');
   if(!$db){
      echo('Error selecting database: ' . $mysql_error());
      exit();
   }
   $query = "INSERT INTO news(name, email, headline, story, timestamp)VALUES('$name', '$email', '$headline', '$story', NOW())";
   $result = @mysql_query($query);
   if(!$result){
      echo('Error adding news: ' . $mysql_error());
      exit();
   }else{
   mysql_close($link);
   echo('Success!<br><a href="add.php">Click here</a> to add more news.<br><a href="edit.php">Click here</a> to edit news.<br><a href="../index.php">Click here</a> to return to the main page.');
   }
}else{
?>
<form name="form1" method="post" action="<? echo $PHP_SELF; ?>">
  <table width="50%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td width="50%">Name</td>
      <td><input name="name" type="text" id="name"></td>
    </tr>
    <tr>
      <td>Email</td>
      <td><input name="email" type="text" id="email"></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td>Headline</td>
      <td><input name="headline" type="text" id="headline"></td>
    </tr>
    <tr>
      <td>News Story</td>
      <td><textarea name="story" id="story"></textarea></td>
    </tr>
    <tr>
      <td colspan="2"><div align="center">
          <input name="hiddenField" type="hidden" value="add_n">
          <input name="add" type="submit" id="add" value="Submit">
        </div></td>
    </tr>
  </table>
  </form>
<? } ?>
</body>
</html>
Thats the code I used but when I filled the input field and hit the submit button, it does not write anything in the databse. it just do what the else stateement Why? thnx much

Re: News php code

Posted: Sun Mar 25, 2012 6:59 am
by requinix
There a few things wrong...

1. Variables like $add_n (which should actually be $hiddenField=="add_n") and $name don't exist unless you specifically create them. It may have happened automatically in previous versions of PHP with different setups than you have now, but they were bad and you shouldn't try to use it. Instead,

Code: Select all

$name = $_POST["name"];
// etc.
For the $hiddenField you have to isset() on what's in $_POST - you can't try to assign $hiddenField and do an isset() on that.

Code: Select all

if (isset($_POST["hiddenField"]) /* still need that add_n thing though so */ && $_POST["hiddenField"] == "add_n") {

2. You should never put values from a form right into your SQL queries. If you can't use PDO/mysqli/prepared statements then use mysql_real_escape_string at the last minute:

Code: Select all

"VALUES ('" . mysql_real_escape_string($name) . "', '" . mysql_real_escape_string($email) . "' and so on"

3 in two parts. The first part is that $PHP_SELF isn't around either (for the same reason $name and $email and all those aren't) so you have to grab that from $_SERVER. The second part is that PHP_SELF isn't safe for using as form actions. The safer alternative is SCRIPT_NAME ($_SERVER["SCRIPT_NAME"]) but it isn't exactly the same as PHP_SELF. If you notice that and need it like it was before then say something.


4.
- mysql_selectdb() is deprecated; use mysql_select_db (just add an underscore)
- mysql_error() is a function, not a variable. Remove the $s.

Re: News php code

Posted: Sun Mar 25, 2012 9:12 am
by Shychild
Thanks!

It seems to have numerous probs in my code. :!:

I have one more similar code... The problem is getting the news from database..

Code: Select all

<?php

$query = "SELECT *," .
"DATE_FORMAT(postdate, '%Y-%m-%d') as date " .
"FROM news ORDER BY id DESC LIMIT $news_limit"; // 1.
$result = mysql_query($query);

while($r=mysql_fetch_array($result)) // 2.
{
echo "<br><table width='100%'><tr bgcolor='$title_cell_color'><td>
<img src='$bullet'><b>$title</b> posted on $date</td></tr>
<tr bgcolor='$news_cell_color'><td>$content</td></tr>
</table><br>";

}

?>
im fairly beginner in php.. pls help me.

if it does not work,
Can you suggest me a news page which is similar??

Re: News php code

Posted: Sun Mar 25, 2012 4:51 pm
by requinix
It doesn't work... how?

Re: News php code

Posted: Sun Mar 25, 2012 11:28 pm
by Shychild
Thanks!

Here's my new code still it has error. :(

Code: Select all

Parse error: syntax error, unexpected T_STRING in /srv/disk4/741839/www/catapultphpmysql.eu.pn/testwebsite/news/add.php on line 20
Here's the new code!

Code: Select all

<html>
<head>
<title>Add News</title>
<meta http-equiv="Content-Type" content="text/html; charset="iso"-8859-1">
</head>

<body>
<?
$name = $_POST["name"];
   $link = @mysql_connect("", "", "");
   if(!$link){
      echo('Error connecting to the database: ' . $mysql_error());
      exit();
   }
   $db = @mysql_selectdb('');
   if(!$db){
      echo('Error selecting database: ' . $mysql_error());
      exit();
   
   $query = "INSERT INTO news(name, email, headline, story, timestamp)"VALUES ('"mysql_real_escape_string($name), "VALUES ('"mysql_real_escape_string($email), "VALUES ('"mysql_real_escape_string($headline), "VALUES ('"mysql_real_escape_string($story), NOW())";
   $result = @mysql_query($query);
   if(!$result){
      echo('Error adding news: ' . $mysql_error());
      exit();
   }else{
   mysql_close($link);
   echo('Success!<br><a href="add.php">Click here</a> to add more news.<br><a href="edit.php">Click here</a> to edit news.<br><a href="../index.php">Click here</a> to return to the main page.');
   }
}else{
?>
<form name="form1" method="post" action="<? echo $PHP_SELF; ?>">
  <table width="50%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td width="50%">Name</td>
      <td><input name="name" type="text" id="name"></td>
    </tr>
    <tr>
      <td>Email</td>
      <td><input name="email" type="text" id="email"></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td>Headline</td>
      <td><input name="headline" type="text" id="headline"></td>
    </tr>
    <tr>
      <td>News Story</td>
      <td><textarea name="story" id="story"></textarea></td>
    </tr>
    <tr>
      <td colspan="2"><div align="center">
          <input name=$_POST["hiddenField"] == "add_n") {type="hidden" value="add_n">
          <input name="add" type="submit" id="add" value="Submit">
        </div></td>
    </tr>
  </table>
  </form>
<? } ?>
</body>
</html>
Thanks!

Re: News php code

Posted: Mon Mar 26, 2012 5:35 am
by requinix

Code: Select all

$query = "INSERT INTO news(name, email, headline, story, timestamp)"VALUES ('"mysql_real_escape_string($name), "VALUES ('"mysql_real_escape_string($email), "VALUES ('"mysql_real_escape_string($headline), "VALUES ('"mysql_real_escape_string($story), NOW())";
The problem is... well, everything. It's all messed up.

Code: Select all

$query = "INSERT INTO news (name, email, headline, story, timestamp) VALUES ('" . mysql_real_escape_string($name) . "', "' . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($headline) . "', '" . mysql_real_escape_string($story) . "', NOW())";
Then there's the other problems. Most of them I mentioned already but a new one is

Code: Select all

<input name=$_POST["hiddenField"] == "add_n") {type="hidden" value="add_n">
that. Also messed up.

Re: News php code

Posted: Mon Mar 26, 2012 5:57 am
by Shychild
Can you help me? I really do not know it.... pls.....

Thnx much!

Re: News php code

Posted: Mon Mar 26, 2012 6:04 am
by requinix
I did. Scroll up and (re)read my posts.

Re: News php code

Posted: Mon Mar 26, 2012 7:28 am
by Shychild
Thanks!
But there's another error. ;)

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /srv/disk4/741839/www/catapultphpmysql.eu.pn/testwebsite/news/add.php on line 20
pls help me fix this error. ;)

Re: News php code

Posted: Mon Mar 26, 2012 10:15 am
by requinix
Well that's not the error from before, and I don't see anything that would cause it in the latest code you've posted, so...

What's your code now?

Re: News php code

Posted: Mon Mar 26, 2012 11:16 pm
by Shychild
i dont know really where to grab $_SERVER theres no such $_SERVER in my code. pls help :)

here's the code.

Code: Select all

<html>
<head>
<title>Add News</title>
<meta http-equiv="Content-Type" content="text/html; charset="iso"-8859-1">
</head>

<body>
<?
$name = $_POST["name"];
   $link = @mysql_connect("", "", "");
   if(!$link){
      echo('Error connecting to the database: ' . $mysql_error());
      exit();
   }
   $db = @mysql_select_db('');
   if(!$db){
      echo('Error selecting database: ' . $mysql_error());
      exit();
   
   $query = "INSERT INTO news (name, email, headline, story, timestamp) VALUES ('" . mysql_real_escape_string($name) . "', "' . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($headline) . "', '" . mysql_real_escape_string($story) . "', NOW())";
   if(!$result){
      echo('Error adding news: ' . $mysql_error());
      exit();
   }else{
   mysql_close($link);
   echo('Success!<br><a href="add.php">Click here</a> to add more news.<br><a href="edit.php">Click here</a> to edit news.<br><a href="../index.php">Click here</a> to return to the main page.');
   }
}else{
?>
<form name="form1" method="post" action="<? echo $PHP_SELF; ?>">
  <table width="50%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td width="50%">Name</td>
      <td><input name="name" type="text" id="name"></td>
    </tr>
    <tr>
      <td>Email</td>
      <td><input name="email" type="text" id="email"></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td>Headline</td>
      <td><input name="headline" type="text" id="headline"></td>
    </tr>
    <tr>
      <td>News Story</td>
      <td><textarea name="story" id="story"></textarea></td>
    </tr>
    <tr>
      <td colspan="2"><div align="center">
          <input name=$_POST["hiddenField"] == "add_n") {type="hidden" value="add_n">
          <input name="add" type="submit" id="add" value="Submit">
        </div></td>
    </tr>
  </table>
  </form>
<? } ?>
</body>
</html>

Re: News php code

Posted: Tue Mar 27, 2012 7:30 am
by requinix
There's a typo in what I posted. Try to find it, it's not that hard.

Re: News php code

Posted: Tue Mar 27, 2012 9:35 am
by Shychild
There's another prob.

Code: Select all

Parse error: syntax error, unexpected T_VARIABLE in /srv/disk4/741839/www/catapultphpmysql.eu.pn/testwebsite/news/add.php on line 10

Code: Select all

<html>
<head>
<title>Add News</title>
<meta http-equiv="Content-Type" content="text/html; charset="iso"-8859-1">
</head>

<body>
<?
if (isset($_POST["hiddenField"]) /* still need that add_n thing though so */
$name = $_POST["name"];
   $link = @mysql_connect("", "", "");
   if(!$link){
      echo('Error connecting to the database: ' . $mysql_error());
      exit();
   }
   $db = @mysql_select_db('');
   if(!$db){
      echo('Error selecting database: ' . $mysql_error());
      exit();
   
   $query = "INSERT INTO news (name, email, headline, story, timestamp) VALUES ('" . mysql_real_escape_string($name) . "', '" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($headline) . "', '" . mysql_real_escape_string($story) . "', NOW())";
   if(!$result){
      echo('Error adding news: ' . $mysql_error());
      exit();
   }else{
   mysql_close($link);
   echo('Success!<br><a href="add.php">Click here</a> to add more news.<br><a href="edit.php">Click here</a> to edit news.<br><a href="../index.php">Click here</a> to return to the main page.');
   }
}else{
?>
<form name="form1" method="post" action="<? echo $PHP_SELF; ?>">
  <table width="50%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td width="50%">Name</td>
      <td><input name="name" type="text" id="name"></td>
    </tr>
    <tr>
      <td>Email</td>
      <td><input name="email" type="text" id="email"></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td>Headline</td>
      <td><input name="headline" type="text" id="headline"></td>
    </tr>
    <tr>
      <td>News Story</td>
      <td><textarea name="story" id="story"></textarea></td>
    </tr>
    <tr>
      <td colspan="2"><div align="center">
          <input name=$_POST["hiddenField"] == "add_n") {type="hidden" value="add_n">
          <input name="add" type="submit" id="add" value="Submit">
        </div></td>
    </tr>
  </table>
  </form>
<? } ?>
</body>
</html> 
pls help O_O thnkx

Re: News php code

Posted: Tue Mar 27, 2012 9:53 am
by requinix
You're missing a closing ) and an opening {.

You found the typo. Good. Proves you can find little things like it. So try to find these other little things too, okay?

Re: News php code

Posted: Tue Mar 27, 2012 11:57 pm
by Shychild
new prob.

Code: Select all

Parse error: syntax error, unexpected '[' in /srv/disk4/741839/www/catapultphpmysql.eu.pn/testwebsite/news/add.php on line 9

Code: Select all

<html>
<head>
<title>Add News</title>
<meta http-equiv="Content-Type" content="text/html; charset="iso"-8859-1">
</head>

<body>
<?
if (isset($_POST)["hiddenField"]) { /* still need that add_n thing though so */
$name = $_POST["name"];
   $link = @mysql_connect("", "", "");
   if(!$link){
      echo('Error connecting to the database: ' . $mysql_error());
      exit();
   }
   $db = @mysql_select_db('');
   if(!$db){
      echo('Error selecting database: ' . $mysql_error());
      exit();
   
   $query = "INSERT INTO news (name, email, headline, story, timestamp) VALUES ('" . mysql_real_escape_string($name) . "', '" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($headline) . "', '" . mysql_real_escape_string($story) . "', NOW())";
   if(!$result){
      echo('Error adding news: ' . $mysql_error());
      exit();
   }else{
   mysql_close($link);
   echo('Success!<br><a href="add.php">Click here</a> to add more news.<br><a href="edit.php">Click here</a> to edit news.<br><a href="../index.php">Click here</a> to return to the main page.');
   }
}else{
?>
<form name="form1" method="post" action="<? echo $PHP_SELF; ?>">
  <table width="50%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td width="50%">Name</td>
      <td><input name="name" type="text" id="name"></td>
    </tr>
    <tr>
      <td>Email</td>
      <td><input name="email" type="text" id="email"></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td>Headline</td>
      <td><input name="headline" type="text" id="headline"></td>
    </tr>
    <tr>
      <td>News Story</td>
      <td><textarea name="story" id="story"></textarea></td>
    </tr>
    <tr>
      <td colspan="2"><div align="center">
          <input name=$_POST["hiddenField"] == "add_n") {type="hidden" value="add_n">
          <input name="add" type="submit" id="add" value="Submit">
        </div></td>
    </tr>
  </table>
  </form>
<? } ?>
</body>
</html> 
thanks