• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

PHP UPADTE

Im trying to update an article on one of my web pages via a CMS. However, the article will update neither on the web page or in MySQL data base.
0
rafique12
Asked:
rafique12
  • 20
  • 12
  • 7
  • +2
2 Solutions
 
GawaiCommented:
are u getting any error mesg ? can u post the code ?
0
 
MasterXPCommented:
When you use the DML Update, you are updating the MySQL Database not the web page. The web page only query the MySQL DB and is filled.

0
 
rafique12Author Commented:
I am not getting any error msg. Here is the code
<?php
mysql_connect("127.0.0.1", "root", "rafiqd") or die(mysql_error()); 
mysql_select_db("content") or die(mysql_error()); 
 
if(isset($_GET['id']))
{
   $query  = "SELECT id, article, reviews ".
             "FROM pagecontent ".
             "WHERE id = '{$_GET['id']}'";
   $results = mysql_query($query) or die('Error : ' . mysql_error());
   list($id, $article, $reviews) = mysql_fetch_array($results, MYSQL_NUM);
 
   $reviews = htmlspecialchars($reviews);
}
else if(isset($_POST['save']))
{
   $id = $_POST['id'];
   $article = $_POST['article'];
   $reviews = $_POST['reviews'];
 
   if(!get_magic_quotes_gpc())
   {
      $article = addslashes($article);
      $reviews = addslashes($reviews);
   }
 
 
// then remove the cached file
   $cacheDir = dirname(__FILE__) . '/cache/';
   $cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
 
   @unlink($cacheFile);
 
   // and remove the index.html too because the file list
   // is changed
   @unlink($cacheDir . 'index.html');
 
 
   // update the article in the database
   $query = "UPDATE pagecontent SET article = '$article' reviews = '$reviews' WHERE id = '$id'";
   mysql_query($query) or die('Error : ' . mysql_error());
 
   echo "Article '$article' updated";
 
   // now we will display $title & content
   // so strip out any slashes
   $article   = stripslashes($article);
   $reviews = stripslashes($reviews);
}
 
?>
 
And here is the form
 
 
<form method="post">
<input type="hidden" name="id" value="<?=$id;?>">
<table width="700" border="0" cellpadding="2" cellspacing="1" class="box">
<tr> 
<td width="100">Article</td>
<td><input name="article" type="text" class="box" id="article" value="<?=$article;?>"></td>
</tr>
<tr> 
<td width="100">Reviews</td>
<td><textarea name="reviews" cols="50" rows="10" class="box" id="reviews"><?=$reviews;?></textarea></td>
</tr>
<tr> 
<td width="100">&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr> 
<td colspan="2" align="center"><input name="UPDATE" type="submit" class="box" id="UPDATE" value="Update Article"></td>
</tr>
</table>
<p align="center"><h3><a href="CMSADMIN.php">Back to admin page</a></h3></p>
</form>
 
As you can see I am trying to update the review which is contained in MySQL and is uploaded onto my welcome.php page. So far the review is visible in both MySQL and welcome.php butn it will not update in neither

Open in new window

0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
Ray PaseurCommented:
This line is the only reference to "save"

else if(isset($_POST['save']))

There is no "save" in the POST input, so that conditional code will never get executed.  You might want to try changing it to this:

else if(isset($_POST['UPDATE'])) // check the submit button

HTH, ~Ray
0
 
rafique12Author Commented:
I have tried your solution but it still yields the same results. The article just won't update!!
0
 
rafique12Author Commented:
can anyone help with this ??
0
 
evcrCommented:
insert these two lines at line 41 of your code :

echo $query;
exit();

what does the query look like?



0
 
rafique12Author Commented:
I have inserted both lines at lines 41 of my code, still no change Im afraid!
0
 
GawaiCommented:
as Evcr asked u already. please try
and see the output of the below code and paste it here


<?php
mysql_connect("127.0.0.1", "root", "rafiqd") or die(mysql_error()); 
mysql_select_db("content") or die(mysql_error()); 
 
if(isset($_GET['id']))
{
   $query  = "SELECT id, article, reviews ".
             "FROM pagecontent ".
             "WHERE id = '{$_GET['id']}'";
   $results = mysql_query($query) or die('Error : ' . mysql_error());
   list($id, $article, $reviews) = mysql_fetch_array($results, MYSQL_NUM);
 
   $reviews = htmlspecialchars($reviews);
   echo "From GET :" $query;
 
}
else if(isset($_POST['save']))
{
   $id = $_POST['id'];
   $article = $_POST['article'];
   $reviews = $_POST['reviews'];
 
   if(!get_magic_quotes_gpc())
   {
      $article = addslashes($article);
      $reviews = addslashes($reviews);
   }
 
 
// then remove the cached file
   $cacheDir = dirname(__FILE__) . '/cache/';
   $cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
 
   @unlink($cacheFile);
 
   // and remove the index.html too because the file list
   // is changed
   @unlink($cacheDir . 'index.html');
 
 
   // update the article in the database
   $query = "UPDATE pagecontent SET article = '$article' reviews = '$reviews' WHERE id = '$id'";
   mysql_query($query) or die('Error : ' . mysql_error());
   
 
   echo $query;
 
   }
 
?>

Open in new window

0
 
GawaiCommented:

<?php
mysql_connect("127.0.0.1", "root", "rafiqd") or die(mysql_error()); 
mysql_select_db("content") or die(mysql_error()); 
 
if(isset($_GET['id']))
{
   $query  = "SELECT id, article, reviews ".
             "FROM pagecontent ".
             "WHERE id = '{$_GET['id']}'";
   $results = mysql_query($query) or die('Error : ' . mysql_error());
   list($id, $article, $reviews) = mysql_fetch_array($results, MYSQL_NUM);
 
   $reviews = htmlspecialchars($reviews);
   echo "From GET :$query";
 
}
else if(isset($_POST['save']))
{
   $id = $_POST['id'];
   $article = $_POST['article'];
   $reviews = $_POST['reviews'];
 
   if(!get_magic_quotes_gpc())
   {
      $article = addslashes($article);
      $reviews = addslashes($reviews);
   }
 
 
// then remove the cached file
   $cacheDir = dirname(__FILE__) . '/cache/';
   $cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
 
   @unlink($cacheFile);
 
   // and remove the index.html too because the file list
   // is changed
   @unlink($cacheDir . 'index.html');
 
 
   // update the article in the database
   $query = "UPDATE pagecontent SET article = '$article' reviews = '$reviews' WHERE id = '$id'";
   mysql_query($query) or die('Error : ' . mysql_error());
   
 
   echo "from POST : $query";
 
   }
 
?>

Open in new window

0
 
evcrCommented:
// update the article in the database
$query = "UPDATE pagecontent SET article = '$article' reviews = '$reviews' WHERE id = '$id'";

echo $query;
//you should be able to see what $query looks like here

mysql_query($query) or die('Error : ' . mysql_error());

exit();
//the PHP script will abort here so that you can see if there's an sql error

If you are not seeing this then the page that posts to this script is not running it.


0
 
rafique12Author Commented:
I am now getting this message in my browser having copied and paste your code.

From GET :SELECT id, article, reviews FROM pagecontent WHERE id = '17'

0
 
rafique12Author Commented:
This is how the code looks!
<?php
mysql_connect("127.0.0.1", "root", "rafiqd") or die(mysql_error()); 
mysql_select_db("content") or die(mysql_error()); 
 
if(isset($_GET['id']))
{
   $query  = "SELECT id, article, reviews ".
             "FROM pagecontent ".
             "WHERE id = '{$_GET['id']}'";
   $results = mysql_query($query) or die('Error : ' . mysql_error());
   list($id, $article, $reviews) = mysql_fetch_array($results, MYSQL_NUM);
 
   $reviews = htmlspecialchars($reviews);
   echo "From GET :$query";
 
}
else if(isset($_POST['UPDATE']))
{
   $id = $_POST['id'];
   $article = $_POST['article'];
   $reviews = $_POST['reviews'];
 
   if(!get_magic_quotes_gpc())
   {
      $article = addslashes($article);
      $reviews = addslashes($reviews);
   }
 
 
// then remove the cached file
   $cacheDir = dirname(__FILE__) . '/cache/';
   $cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
 
   @unlink($cacheFile);
 
   // and remove the index.html too because the file list
   // is changed
   @unlink($cacheDir . 'index.html');
 
 
   // update the article in the database
   $query = "UPDATE pagecontent SET article = '$article' reviews = '$reviews' WHERE id = '$id'";
   mysql_query($query) or die('Error : ' . mysql_error());
   
 
   echo "from POST : $query";
 
   }
 
?>
 
<form method="post">
<input type="hidden" name="id" value="<?=$id;?>">
<table width="700" border="0" cellpadding="2" cellspacing="1" class="box">
<tr> 
<td width="100">Article</td>
<td><input name="article" type="text" class="box" id="article" value="<?=$article;?>"></td>
</tr>
<tr> 
<td width="100">Reviews</td>
<td><textarea name="reviews" cols="50" rows="10" class="box" id="reviews"><?=$reviews;?></textarea></td>
</tr>
<tr> 
<td width="100">&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr> 
<td colspan="2" align="center"><input name="UPDATE" type="submit" class="box" id="UPDATE" value="Update Article"></td>
</tr>
</table>
<p align="center"><h3><a href="CMSADMIN.php">Back to admin page</a></h3></p>
</form>

Open in new window

0
 
evcrCommented:
I don't know how your populating the id hidden form object so i changed it to text for this . you can change it back to hidden.

<form method="post">
<input type="text" name="id" value="<? if (isset($id)) {echo $id;} ?>">
<table width="700" border="0" cellpadding="2" cellspacing="1" class="box">
<tr> 
<td width="100">Article</td>
<td><input name="article" type="text" class="box" id="article" value="<? if (isset($article)) {echo $article;}?>"></td>
</tr>
<tr> 
<td width="100">Reviews</td>
<td><textarea name="reviews" cols="50" rows="10" class="box" id="reviews"><? if (isset($article)) {echo $article;} ?></textarea></td>
</tr>
<tr> 
<td width="100"> </td>
<td> </td>
</tr>
<tr> 
<td colspan="2" align="center"><input name="UPDATE" type="submit" class="box" id="UPDATE" value="Update Article"></td>
</tr>
</table>
<p align="center"><h3><a href="CMSADMIN.php">Back to admin page</a></h3></p>
</form>

Open in new window

0
 
evcrCommented:
oops
<form method="post">
<input type="text" name="id" value="<? if (isset($id)) {echo $id;} ?>">
<table width="700" border="0" cellpadding="2" cellspacing="1" class="box">
<tr> 
<td width="100">Article</td>
<td><input name="article" type="text" class="box" id="article" value="<? if (isset($article)) {echo $article;}?>"></td>
</tr>
<tr> 
<td width="100">Reviews</td>
<td><textarea name="reviews" cols="50" rows="10" class="box" id="reviews"><? if (isset($reviews)) {echo $reviews;} ?></textarea></td>
</tr>
<tr> 
<td width="100"> </td>
<td> </td>
</tr>
<tr> 
<td colspan="2" align="center"><input name="UPDATE" type="submit" class="box" id="UPDATE" value="Update Article"></td>
</tr>
</table>
<p align="center"><h3><a href="CMSADMIN.php">Back to admin page</a></h3></p>
</form>

Open in new window

0
 
rafique12Author Commented:
I tried changing input type to "text" but now all I get is the id being echoed in the top left hand when i browse! Can anyone help this is sooo frustrating.
0
 
rafique12Author Commented:
Could it have something to do with my php.ini file??
0
 
rafique12Author Commented:
Having pasted the code submitted by qawai: I am now getting the following error message:

Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in C:\Inetpub\wwwroot\strictly-invite.co.uk\strictlyinvite files\html\website\CMSEDIT.php on line 14
0
 
evcrCommented:
No.

You copied an pasted the form html I sent in place of the form html at the bottom your code and

changed the line:
 else if(isset($_POST['save'])) {
to:
else if(isset($_POST['UPDATE'])) {

If so it should be working, the problem is that the form is not posting the variables correctly.

The hidden ID value is set elsewhere i only turned it into a text field so that it is visible and settable.

You've probably got a link on another page which contains the link to this page with the id variable. This is set when your if(isset($_GET['id'])) { condition is TRUE

e.g. <a href="thispage.php?id=youridnum" /a>
0
 
rafique12Author Commented:
I have a link from another page to the edit/update page here's the code:

The page is called CMSEDIT.php should I remove the php echo id?
</td>
<td width="150" align="center">
<a href="welcome.php?id=<?php echo $id;?>" target="_blank">view</a> 
| <a href="CMSEDIT.php?id=<?php echo $id;?>" target="_blank">edit</a> 
| <a href=<?php echo $article;?>
"javascript:delArticle('<?php echo $id;?>', 
'<?php echo $article;?>');">delete</a></td>
</tr>
<?php
}
?>

Open in new window

0
 
rafique12Author Commented:
Come on guys you are the only people who can help!!
0
 
GawaiCommented:
can u post your updated code ?
0
 
evcrCommented:

Can't see where the $id variable is coming from in CMSEDIT.php.

Is welcome.php the edit page you posted earlier?

post the complete CMSEDIT.php and welcome.php files plz.

thx
0
 
rafique12Author Commented:
Welcome.php is where the article is viewed by page visitors. CMSEDIT.php is where articles will either be added, deleted or updated. I have posted both codes and I hope we can solve the problem of updating tha article, since both adding and deleting are working fine.
This is the code for welcome.php
<?php 
//This is only displayed if they have submitted the form 
if ($searching =="yes") 
{ 
echo "<h2>Results</h2><p>"; 
 
//If they did not enter a search term we give them an error 
if ($find == "") 
{ 
echo "<p>You forgot to enter a search term"; 
exit; 
} 
 
// Otherwise we connect to our Database 
mysql_connect("127.0.0.1", "root", "rafiqd") or die(mysql_error()); 
mysql_select_db("users") or die(mysql_error()); 
 
// We preform a bit of filtering 
$find = strtoupper($find); 
$find = strip_tags($find); 
$find = trim ($find); 
 
//Now we search for our search term, in the field the user specified 
$data = mysql_query("SELECT * FROM user WHERE upper($field) LIKE'%$find%'"); 
 
//And we display the results 
while($result = mysql_fetch_array( $data )) 
{ 
echo $result['name']; 
echo " "; 
echo $result['username']; 
echo "<br>"; 
echo $result['info']; 
echo "<br>"; 
echo "<br>"; 
} 
 
//This counts the number or results - and if there wasn't any it gives them a little message explaining that 
$anymatches=mysql_num_rows($data); 
if ($anymatches == 0) 
{ 
echo "Sorry, but we can not find an entry to match your query<br><br>"; 
} 
 
//And we remind them what they searched for 
echo "<b>Searched For:</b> " .$find; 
} 
?> 
 
<?php
 
mysql_connect("127.0.0.1", "root", "rafiqd") or die(mysql_error()); 
mysql_select_db("content") or die(mysql_error()); 
 
// if no id is specified, list the available articles
if(!isset($_GET['id']))
{
   $self = $_SERVER['PHP_SELF'];
 
   $query = "SELECT id, article, reviews FROM pagecontent ORDER BY id";
   $results = mysql_query($query) or die('Error : ' . mysql_error()); 
 
   // create the article list 
   $reviews = '<ol>';
   while($row = mysql_fetch_array($results, MYSQL_NUM))
   {
      list($id, $article) = $row;
      $reviews .= "<li><a href=\"$self?id=$id\">$article</a></li>\r\n";
   }
 
   $reviews .= '</ol>';
 
   $article = 'News and Info';
} else {
   // get the article info from database
   $query = "SELECT article, reviews FROM pagecontent WHERE id=".$_GET['id'];
   $results = mysql_query($query) or die('Error : ' . mysql_error()); 
   $row = mysql_fetch_array($results, MYSQL_ASSOC); 
 
   $article = $row['article'];
   $reviews = $row['reviews'];
} 
 
 
?>
 
<?php
 
 
$cacheDir = dirname(__FILE__) . '/cache/';
 
if (isset($_GET['id'])) {
   $cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
} else {
   $cacheFile = $cacheDir . 'index.html';
} 
 
if (file_exists($cacheFile))
{
   header("Content-Type: text/html");
   readfile($cacheFile);
   exit;
}
 
// ... more code coming
 
if(!isset($_GET['id']))
{
   $self   = $_SERVER['PHP_SELF'];
 
   $query  = "SELECT id, article FROM pagecontent ORDER BY id";
   $results = mysql_query($query) or die('Error : ' . mysql_error()); 
 
   $reviews = '<ol>';
   while($row = mysql_fetch_array($results, MYSQL_NUM))
   {
      list($id, $article) = $row;
      $reviews .= "<li><a href=\"$self?id=$id\">$article</a></li>\r\n";
   }
 
   $reviews .= '</ol>';
 
   $article = 'News and Info';
} else {
   // get the article info from database
   $query  = "SELECT article, reviews FROM pagecontent WHERE id=".$_GET['id'];
   $results = mysql_query($query) or die('Error : ' . mysql_error()); 
   $row    = mysql_fetch_array($results, MYSQL_ASSOC); 
 
   $article = $row['article'];
   $reviews = $row['reviews'];
} 
 
// ... still more code coming
 
ob_start();
 
 
?>
 
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Welcome</title>
 
<link href="../css/strictcss2.css" rel="stylesheet" type="text/css" />
 
<style type="text/css">
<!--
a:link {
	color: #CCCCCC;
	text-decoration: none;
}
a:visited {
	text-decoration: none;
	color: #CCCCCC;
}
a:hover {
	text-decoration: none;
	color: #999999;
}
a:active {
	text-decoration: none;
	color: #666666;
}
body,td,th {
	font-family: Arial, Helvetica, sans-serif;
}
-->
</style>
</head>
 
<body>
<div class="container">
 
<div class="bodysection">
 
<div class="content2">
<style type="text/css">
a:hover
{
color: white;
background-color: black;
}
</style>
<a href="members.php" target="_parent">Members Area |</a>
<a href="http://www.iconique.com"> Fashion |</a>
<a href="http://members.php"> Top Restaurants |</a>
<a href="http://members.php"> Hotel Reservations |</a>
<a href="login.php"> Logout |</a>
<br/>
<br/>
 
</div>
 
<div class="banner">
<img src="../images/private party banner.png" alt="strictly-invite.com" />
<?php 
echo date('l, F dS Y.'); 
?>
</div>
<div class="divider"></div>
<div class="content">
<?php
$username = $_POST['username'];
echo "<h4>Welcome to Strictly - Invite, $username this your homepage<h4>"; 
?>
 
<h1 align="center"><?php echo $article; ?></h1>
<?php 
echo $reviews;
 
// when displaying an article show a link
// to see the article list
if(isset($_GET['id']))
{ 
?>
<p>&nbsp;</p>
<p align="center">
<a href="<?php echo $_SERVER['PHP_SELF']; ?>">Back to top</a></p>
<?php
}
?>
 
 
</div>
 
<div class="search">Search for other members in strictly-invite or facebook.com
<form name="search" method="post" action="<?=$PHP_SELF?>">
Seach for: <input type="text" name="find" /> in 
<Select NAM.E="field">
<Option VALUE="name">Name</option>
<Option VALUE="username">Username</option>
<Option VALUE="info">Profile</option>
</Select>
<input type="hidden" name="searching" value="yes" />
<input type="submit" name="search" value="GO" />
</form></div>
 
<div class="members"></div>
 
</div> 
</div>
</body>
</html>
<?php
 
// get the buffer
$buffer = ob_get_contents();
 
// end output buffering, the buffer content
// is sent to the client
ob_end_flush();
 
// now we create the cache file
$fp = fopen($cacheFile, "w");
fwrite($fp, $buffer);
fclose($fp);
?>
 
And this is the code for CMSEDIT.php
 
<?php
mysql_connect("127.0.0.1", "root", "rafiqd") or die(mysql_error()); 
mysql_select_db("content") or die(mysql_error()); 
 
if(isset($_GET['id']))
{
   $query  = "SELECT id, article, reviews ".
             "FROM pagecontent ".
             "WHERE id = '{$_GET['id']}'";
   $results = mysql_query($query) or die('Error : ' . mysql_error());
   list($id, $article, $reviews) = mysql_fetch_array($results, MYSQL_NUM);
 
   $reviews = htmlspecialchars($reviews);
   echo "From GET :$query";
 
}
else if(isset($_POST['UPDATE']))
{
   $id = $_POST['id'];
   $article = $_POST['article'];
   $reviews = $_POST['reviews'];
 
   if(!get_magic_quotes_gpc())
   {
      $article = addslashes($article);
      $reviews = addslashes($reviews);
   }
 
 
// then remove the cached file
   $cacheDir = dirname(__FILE__) . '/cache/';
   $cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
 
   @unlink($cacheFile);
 
   // and remove the index.html too because the file list
   // is changed
   @unlink($cacheDir . 'index.html');
 
 
   // update the article in the database
   $query = "UPDATE pagecontent SET article = '$article' reviews = '$reviews' WHERE id = '$id'";
   mysql_query($query) or die('Error : ' . mysql_error());
   
 
   echo "from POST : $query";
 
   }
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>cms edit</title>
<link href="strictlyinvite files/html/css/strictcss3.css" rel="stylesheet" type="text/css" />
 
<style type="text/css">
<!--
.box {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
border: 1px solid #000000;
}
-->
</style>
</head>
 
<body>
<div class="container">
 
<form method="post">
<input type="hidden" name="id" value="<? if (isset($id)) {echo $id;} ?>">
<table width="700" border="0" cellpadding="2" cellspacing="1" class="box">
<tr> 
<td width="100">Article</td>
<td><input name="article" type="text" class="box" id="article" value="<? if (isset($article)) {echo $article;}?>"></td>
</tr>
<tr> 
<td width="100">Reviews</td>
<td><textarea name="reviews" cols="50" rows="10" class="box" id="reviews"><? if (isset($reviews)) {echo $reviews;} ?></textarea></td>
</tr>
<tr> 
<td width="100"> </td>
<td> </td>
</tr>
<tr> 
<td colspan="2" align="center"><input name="UPDATE" type="submit" class="box" id="UPDATE" value="Update Article"></td>
</tr>
</table>
<p align="center"><h3><a href="CMSADMIN.php">Back to admin page</a></h3></p>
</form>
 
</div>
</body>
</html>

Open in new window

0
 
evcrCommented:
fixed CMSEDIT.php below.
<?php
mysql_connect("127.0.0.1", "root", "rafiqd") or die(mysql_error()); 
mysql_select_db("content") or die(mysql_error()); 
 
if(isset($_GET['id'])) {
	$id = $_GET['id'];
  $query  = "SELECT id, article, reviews ".
             "FROM pagecontent ".
             "WHERE id = '{$_GET['id']}'";
   $results = mysql_query($query) or die('Error : ' . mysql_error());
   list($id, $article, $reviews) = mysql_fetch_array($results, MYSQL_NUM);
 
   $reviews = htmlspecialchars($reviews); 
   echo "From GET :$query :$id"; 
   
   
 
}
else if(isset($_POST['UPDATE']))
{
   $id = $_POST['id'];
   $article = $_POST['article'];
   $reviews = $_POST['reviews'];
 
   if(!get_magic_quotes_gpc())
   {
      $article = addslashes($article);
      $reviews = addslashes($reviews);
   }
 
 
// then remove the cached file
   $cacheDir = dirname(__FILE__) . '/cache/';
   $cacheFile = $cacheDir . '_' . $_POST['id'] . '.html';
 
   @unlink($cacheFile);
 
   // and remove the index.html too because the file list
   // is changed
   @unlink($cacheDir . 'index.html');
 
 
   // update the article in the database
   $query = "UPDATE pagecontent SET article = '$article' reviews = '$reviews' WHERE id = '$id'";
   mysql_query($query) or die('Error : ' . mysql_error());
 
   echo "from POST : $query";
 
   }
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>cms edit</title>
<link href="strictlyinvite files/html/css/strictcss3.css" rel="stylesheet" type="text/css" />
 
<style type="text/css">
<!--
.box {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
border: 1px solid #000000;
}
-->
</style>
</head>
 
<body>
<div class="container">
 
<form method="post" action="CMSEDIT.php">
<input type="hidhen" name="id" value="<? if (isset($id)) {echo $id;} ?>">
<table width="700" border="0" cellpadding="2" cellspacing="1" class="box">
<tr> 
<td width="100">Article</td>
<td><input name="article" type="text" class="box" id="article" value="<? if (isset($article)) {echo $article;}?>"></td>
</tr>
<tr> 
<td width="100">Reviews</td>
<td><textarea name="reviews" cols="50" rows="10" class="box" id="reviews"><? if (isset($reviews)) {echo $reviews;} ?></textarea></td>
</tr>
<tr> 
<td width="100"> </td>
<td> </td>
</tr>
<tr> 
<td colspan="2" align="center"><input name="UPDATE" type="submit" class="box" id="UPDATE" value="Update Article"></td>
</tr>
</table>
<p align="center"><h3><a href="CMSADMIN.php">Back to admin page</a></h3></p>
</form>
 
</div>
</body>
</html>

Open in new window

0
 
evcrCommented:
I tested this using a test link e.g. http://testdir/CMSEDIT.php?id=22

the problem was confusion with your GET id and POST id if else condition, plus the fact that there was no action on the form, so when you submitted it, the page was reloading http://testdir/CMSEDIT.php?id=22 instead of loading CMSEDIT.php

There was also use of $_GET['id'] inside your if $_POST['id'] condition which wouldn't work.

I hope that's ok now.


0
 
rafique12Author Commented:
Thankyou at least we are getting somewhere. However, i am now getting this error message when I update the reviews section and hit the submit button:

Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'reviews = 'This is the most exclusive *************************' at line 1. The sentence has been edited out.

0
 
Ray PaseurCommented:
If you want some help with the error in SQL syntax, please post the SQL statement.  We're only experts, not mind readers!

;-)

Ray
0
 
evcrCommented:

1. Is addslashes working?

if(!get_magic_quotes_gpc())
   {
      $article = addslashes($article);
      $reviews = addslashes($reviews);
   }

Add the following lines after the above code and check that $reviews and $articles printed on the screen has it's text escaped, there should be slashes before any quote marks and special characters in the text
echo $article;
echo $reviews;
exit();

2. Depending on How MySQL is set up on your host machine, you will get errors if the text you are trying to input is longer than the it's table field can hold. So if your reviews field is e.g. VARCHAR(255) and $reviews text is longer than 255 characters it will produce an error or in some cases chop the end of the text off. If this is the problem make the field length longer or change the field type to meduimtext or longtext.

0
 
Ray PaseurCommented:
I think MySQL simply truncates data when the data exceeds the table's field length.  This is not a syntax error when it happens, IIRC.

Also, with respect to addslashes, a preferred practice is mysql_real_escape_string.  It's a little bit smarter about exactly what needs to be escaped.  Worth a read here:

http://us3.php.net/manual/en/function.mysql-real-escape-string.php

HTH, ~Ray
0
 
rafique12Author Commented:
The error msg reads:

Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'reviews = 'This ' WHER' at line 1
0
 
evcrCommented:

Ray:
IIRC in Mysql If SQL strict mode is switched on it'll error if the data doesn't fit, if strict mode is off it truncates the data.

Rafique12:
You're going to have to tell us what $reviews, $article & $query have in them otherwise we can't help you...
0
 
Ray PaseurCommented:
We don't need the error message as much as we need the SQL statement itself - the statement that generated the error!
0
 
rafique12Author Commented:
In MySql reviews = text
articles = text

When the previous code you sent to me is inserted I get the updated version of reviews displaying on the screen. like this: Beauberry house this is the most exclusive venue in the suburbs of south london
Other than that I cannot provide anymore information unless you can be more specific pls :-(
0
 
Ray PaseurCommented:
Hope this is specific enough: What is the content of the MySQL query?  It looks like it might be in the variable named $query.  Print that out just before you execute the query and post it here, along with the mysql_error message.  Thanks, ~Ray
0
 
rafique12Author Commented:
The sql statement has been generated via the CMSEDIT.php script. The error message occurs when the update function is executed!

   $query = "UPDATE pagecontent SET article = '$article' reviews = '$reviews' WHERE id = '$id'";
   mysql_query($query) or die('Error : ' . mysql_error());



0
 
rafique12Author Commented:
Sorry! the error msg occurs in my browser and reads as follws:

Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'reviews = 'This ' WHER' at line 1
0
 
Ray PaseurCommented:
OK, we may be making progress here!

Try changing to something like the code snippet and run it again.  Note that I added a comma!  If you get an error, please post the ENTIRE CONTENTS of $query with all the variables resolved, along with the ENTIRE error message.

Thanks and regards, ~Ray
$article = mysql_real_escape_string($article);
$reviews = mysql_real_escape_string($reviews);
 
$query = "UPDATE pagecontent SET article = \"$article\",  reviews = \"$reviews'" WHERE id = \"$id\" ";
   
mysql_query($query) or die('Error : ' . mysql_error());

Open in new window

0
 
rafique12Author Commented:
Sorry Ray :-(

Parse error: syntax error, unexpected T_STRING in C:\Inetpub\wwwroot\strictly-invite.co.uk\strictlyinvite files\html\website\CMSEDIT.php on line 71

<?php
mysql_connect("127.0.0.1", "root", "rafiqd") or die(mysql_error()); 
mysql_select_db("content") or die(mysql_error()); 
 ?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>cms edit</title>
<link href="strictlyinvite files/html/css/strictcss3.css" rel="stylesheet" type="text/css" />
 
<style type="text/css">
<!--
.box {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
border: 1px solid #000000;
}
-->
</style>
</head>
 
<body>
 
<div class="container">
 
 <?php
if(isset($_GET['id'])) {
	$id = $_GET['id'];
  $query  = "SELECT id, article, reviews ".
             "FROM pagecontent ".
             "WHERE id = '{$_GET['id']}'";
   $results = mysql_query($query) or die('Error : ' . mysql_error());
   list($id, $article, $reviews) = mysql_fetch_array($results, MYSQL_NUM);
 
   $reviews = htmlspecialchars($reviews); 
   echo "From GET :$query :$id"; 
   
   
 
}
else if(isset($_POST['UPDATE']))
{
   $id = $_POST['id'];
   $article = $_POST['article'];
   $reviews = $_POST['reviews'];
 
   if(!get_magic_quotes_gpc())
   {
      $article = addslashes($article);
      $reviews = addslashes($reviews);
   }
   
 
// then remove the cached file
   $cacheDir = dirname(__FILE__) . '/cache/';
   $cacheFile = $cacheDir . '_' . $_POST['id'] . '.html';
 
   @unlink($cacheFile);
 
   // and remove the index.html too because the file list
   // is changed
   @unlink($cacheDir . 'index.html');
 
 
   // update the article in the database
$article = mysql_real_escape_string($article);
$reviews = mysql_real_escape_string($reviews);
 
$query = "UPDATE pagecontent SET article = \"$article\",  reviews = \"$reviews'" WHERE id = \"$id\" ";
   
mysql_query($query) or die('Error : ' . mysql_error()); 
 
 
   echo "from POST : $query";
 
   }
  
?>
 
<form method="post" action="CMSEDIT.php">
<input type="hidden" name="id" value="<? if (isset($id)) {echo $id;} ?>">
<table width="700" border="0" cellpadding="2" cellspacing="1" class="box">
<tr> 
<td width="100">Article</td>
<td><input name="article" type="text" class="box" id="article" value="<? if (isset($article)) {echo $article;}?>"></td>
</tr>
<tr> 
<td width="100">Reviews</td>
<td><textarea name="reviews" cols="50" rows="10" class="box" id="reviews"><? if (isset($reviews)) {echo $reviews;} ?></textarea></td>
</tr>
<tr> 
<td width="100"> </td>
<td> </td>
</tr>
<tr> 
<td colspan="2" align="center"><input name="UPDATE" type="submit" class="box" id="UPDATE" value="Update Article"></td>
</tr>
</table>
<p align="center"><h3><a href="CMSADMIN.php">Back to admin page</a></h3></p>
</form>
 
</div>
</body>
</html>

Open in new window

0
 
evcrCommented:

Ray was right about the missing comma ... didn't see that :-)

Try this line in place of the previous one.
$query = "UPDATE pagecontent SET article = '".$article."',  reviews = '".$reviews."' WHERE id = '".$id."'";

k
0
 
Ray PaseurCommented:
Sorry - my typo.  Change to this.
$query = "UPDATE pagecontent SET article = \"$article\",  reviews = \"$reviews\" WHERE id = \"$id\" ";

Open in new window

0
 
rafique12Author Commented:
YOU GUYS YOU GUYS!!! Its WORKING AT LAST !!!!!!!! Thankyou so much, EE is the best.
0
 
rafique12Author Commented:
Fantastic!!
0
 
evcrCommented:
Whew.. thanks
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 20
  • 12
  • 7
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now