Code: Select all
<?php
session_start();
include "<my database connection>";
//Bands
if(isset($_POST['bandadd'])){
function checkEntry($entery,$ecode,$local){
$clean = mysql_real_escape_string($_POST[$entery]);
if (ctype_space($clean) || $clean == ''){header('Location: control.php?error='.$ecode.'#'.$local);die();}
else {return $clean;}
}
//check if an old band is selected
if (is_numeric(mysql_real_escape_string(substr($_POST['bandlist'],19,9)))){$ban = mysql_real_escape_string(substr($_POST['bandlist'],19,9));}
if ($ban != NULL){header('Location: control.php?error=0#bands');die();}
//check if new bands name already exists and required fields are filled
$bandname = checkEntry("bandname","1","bands");
$descript = checkEntry("description","2","bands");
$result = mysql_query("SELECT * FROM bands WHERE name = '$bandname'", $SCdbConn);
if(mysql_num_rows($result) >= 1) {header('Location: control.php?error=0#bands');die();}
$specials = mysql_real_escape_string($_POST['specials']);
mysql_query("INSERT INTO bands (name, desc, special) VALUES ('$bandname', '$descript', '$specials')",$SCdbConn);
header('Location: control.php#bands');die();
}//end of adding band
this is the form if it helps
Code: Select all
<div style="padding:20px; background-color:#AEBEC1; width:480px; margin:10px">
<form name="dabands" action="surfcms.php" method="post">
<?php
if ($error != NULL){echo "<span class='warning'>".$errz[$error]."</span><br />";}
$bandsq = mysql_query("SELECT * FROM bands ORDER BY name ASC", $SCdbConn); ?>
<select name="bandlist" id="select" ONCHANGE="location = this.options[this.selectedIndex].value;">
<option value="control.php"></option>
<?php while ($bandsf = mysql_fetch_array($bandsq, MYSQL_ASSOC)) { ?>
<option id="1" value="control.php?bandid=<?=$bandsf['entid']?>" <?php
if ($bandid == $bandsf['entid']){ echo "selected='selected'";} ?> >
<?=stripslashes($bandsf["name"])?></option>
<?php } ?>
</select><br />
Band Name<br /><input type="text" name="bandname" class="userpass" placeholder="bandname" value="<?=$bandfill['name']?>" required><br />
Description<br /><textarea name="description" class="details" placeholder="Message" required="required"><?=$bandfill['desc']?></textarea><br />
Specials<br /><textarea name="specials" class="details" placeholder="Message"><?=$bandfill['special']?></textarea><br />
<input class="butt" type="submit" name="bandadd" value="ADD" /><input class="butt" type="submit" name="bandchange" value="change" /><input class="butt" type="submit" name="banddelete" value="delete" />
</form>
</div>