Page 1 of 1

Posting data into MySql

Posted: Tue Jan 09, 2007 5:31 pm
by lauberge
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi,

Can anyone tell me why the following 'gets' the data fine from the database but wont post back in when clicking on the submit within the form (named as 'save'):

Code: Select all

<?php
require("inc/conn.php");
if(! isset($_COOKIE['admin'] )) {
header("Location: admin.php");
}
if(isset($_POST['save'])) {
$itemTitle = $_POST['itemTitle'];
$content = $_POST['content'];
$category = $_POST['category'];
$link = $_POST['link'];
if(isset($_POST['itemID'])) {
$itemID = $_POST['itemID'];
$sql = "UPDATE items SET itemTitle = '" . $itemTitle . "', content = '" . $content . "', category = '" . $category . "', link = '" . $link. "' WHERE itemID = " . $itemID;
if ($result = mysql_query($sql)) {
header("Location: controlpanel.php");
}
}

}
if(isset($_GET['itemID']) ) {
$itemID = $_GET['itemID'];
$sql = "SELECT * FROM items WHERE itemID = " . $_GET['itemID'];
if ($result = mysql_query($sql)) {
$row = mysql_fetch_array($result);
$itemTitle = $row['itemTitle'];
$content = $row['content'];
$category = $row['category'];
$link = $row['link'];

}
}else{
$name = 'new item';
}
?>

Cheers for the help.


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Jan 09, 2007 5:39 pm
by aaronhall
Read the posting guidelines...

Never place $_GET or $_POST values directly into queries -- it leaves you open to MySQL injection attacks. Run each through mysql_real_escape_string() first.

Check the values of $_POST['save'] and $_POST['itemID'] -- it's likely that one or both of these isn't being set.

Posted: Tue Jan 09, 2007 5:46 pm
by lauberge
Hi,

Thanks for the reply, this will probably sound daft but how do check the values of $_POST['save'] and $_POST['itemID']?

Cheers,

Posted: Tue Jan 09, 2007 6:12 pm
by jonathant
When debugging, like in this situation, I like to do something like this:

Code: Select all

<?php 
echo "POST DATA<br>";
print_f($_POST);
echo "GET DATA<br>";
print_f($_GET);
?>

Posted: Tue Jan 09, 2007 6:54 pm
by impulse()
lauberge wrote:Hi,

Thanks for the reply, this will probably sound daft but how do check the values of $_POST['save'] and $_POST['itemID']?

Cheers,

Code: Select all

echo $_POST['save'], $_POST['itemID'];