Page 1 of 1

Form not updating database

Posted: Sat Mar 07, 2009 4:37 am
by Greg19
Hello all, have a form that's supposed to insert data into a database, pretty simple but I managed to screw it up. Does anyone see what the problem could be? -Thanks a bunch.

Code: Select all

<?php
session_start(); 
if(!isset($_SESSION['adminctrl'])){ 
    header('Location: admin.php'); die('<a href="admin.php">Login first!</a>');
   }
$access = mysql_connect("*******", "*******", "*******") or die(mysql_error());
mysql_select_db('Support', $access) or die(mysql_error());
 
$error = array();
if(isset($_POST['message'])) {
$result = @mysql_query('SELECT message FROM `message` WHERE message = \''.mysql_real_escape_string($_POST['message']).'\'');
if($row = @mysql_fetch_row($result)) {
array_push($error, 'already in the Database. Please write a another.');
}
$header = ($_POST['header']);
$message = ($_POST['message']);
@mysql_query("INSERT INTO `message` (header, message) VALUES ($header, $message)");
if(!$error) {
echo"Update was successful.";
}
}
?> 
 
<form method="post" action="update_notif.php">
Header:<br/>
<input type="text" name="header" />
<br/>Message<br/>
<textarea rows="8" name="message" cols="30">
</textarea>
<br/>
<input type="submit" name="submit" value="Update!" />
</form>

Re: Form not updating database

Posted: Sat Mar 07, 2009 4:46 am
by BomBas

Code: Select all

mysql_query("INSERT INTO `message` (header, message) VALUES ('$header', '$message')");
By the way, you really should escape the data from the user.

Code: Select all

 
$message = mysql_real_escape_string($_POST['message']);