PDA

Click to See Complete Forum and Search --> : Help with my message form

adeang_1
03-23-2008, 08:46 AM
My form will not insert the content into my database

<?php

/**
* @author
* @copyright 2008
*/


$their_gulf = $_GET["id"];
if (isset($_POST['Submit']))
{
$nickname = $_SESSION['nickname'];


$message = (trim(strip_tags(($_POST['message']))));

$con = mysql_connect("localhost","adeang","123");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("adeang", $con);

mysql_query("INSERT INTO wall (message, sent_from, sent_to)
VALUES ('$message', '$nickname', '$their_gulf')");

mysql_close($con);
}





?>

<form name="Message_submit" method="post" action="sent_message.php" id="Form1">
<div id="wb_Text3" style="position:width:49px;height:14px;z-index:9" align="left">
<font style="font-size:11px" color="#000000" face="Arial">Message</font></div>
<textarea name="message" id="TextArea1" style="position:width:200px;height:226px;z-index:10" rows="11" cols="17" tabindex="1">TYPE YOUR MESSAGE HERE!!!!</textarea>
<input type="submit" id="Button1" name="Button1" value="Submit" style="position:width:96px;height:25px;z-index:11" tabindex="2">
</form>

okay so here are some of the values are found:
when someone clicks someones nickname they are set to their wall and then the id is in the link aka http://localhost/their_profile.php?id=adeang

and the session is set and uses a nickname IE adeang or whatever

the form contains a text area
and submit button

I cannot get it to actually insert the data. plz help
knowj
03-23-2008, 08:59 AM
code defensively and cover yourself for all errors:

<?php

/**
* @author
* @copyright 2008
*/


$their_gulf = $_GET["id"];
if (isset($_POST['Submit']))
{
$nickname = $_SESSION['nickname'];


$message = (trim(strip_tags(($_POST['message']))));

$con = mysql_connect("localhost","adeang","123");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("adeang", $con) or die(mysql_error());

mysql_query("INSERT INTO wall (message, sent_from, sent_to)
VALUES ('$message', '$nickname', '$their_gulf')") or die(mysql_error());

mysql_close($con);
}





?>

<form name="Message_submit" method="post" action="sent_message.php" id="Form1">
<div id="wb_Text3" style="position:width:49px;height:14px;z-index:9" align="left">
<font style="font-size:11px" color="#000000" face="Arial">Message</font></div>
<textarea name="message" id="TextArea1" style="position:width:200px;height:226px;z-index:10" rows="11" cols="17" tabindex="1">TYPE YOUR MESSAGE HERE!!!!</textarea>
<input type="submit" id="Button1" name="Button1" value="Submit" style="position:width:96px;height:25px;z-index:11" tabindex="2">
</form>



On another note unless your server has magic quotes enabled i could nuke your table and possibly your whole database with a few words via $_GET['id'] look into http://uk3.php.net/mysql_real_escape_string and always cover your back.

One last note don't use the <font> tag it has been depreciated for years and makes it hard to actually debug things. take a look at the contact form on my site as a simple example.
adeang_1
03-24-2008, 07:55 AM
Man thanks for the help but my form will still now work.

<?php

/**
* @author
* @copyright 2008
*/


$their_gulf = mysql_real_escape_string($_GET["id"]);
if (isset($_POST['Submit']))
{
$nickname = $_SESSION['nickname'];


$message = (trim(strip_tags(($_POST['message']))));

$con = mysql_connect("localhost","adeang","123");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("adeang", $con) or die(mysql_error());

mysql_query("INSERT INTO wall (message, sent_from, sent_to)
VALUES ('$message', '$nickname', '$their_gulf')") or die(mysql_error());

mysql_close($con);
}
?>
<form name="Message_submit" method="post" action="<?php echo $PHP_SELF; ?>" id="Form1">
<div id="wb_Text3" style="position:width:49px;height:14px;z-index:9" align="left">
<font style="font-size:11px" color="#000000" face="Arial">Message</font></div>
<textarea name="message" id="TextArea1" style="position:width:200px;height:226px;z-index:10" rows="11" cols="17" tabindex="1">TYPE YOUR MESSAGE HERE!!!!</textarea>
<input type="submit" id="Button1" name="Button1" value="Submit" style="position:width:96px;height:25px;z-index:11" tabindex="2">
</form>
knowj
03-24-2008, 08:34 AM
didn't you get any error messages?
adeang_1
03-24-2008, 05:09 PM
well actually I didnt I mean the form passes and everything works fine its just that it does insert anything into the db I guess Im not that great at this stuff yet.
adeang_1
03-24-2008, 06:29 PM
for some reason it wont allow me to insert data when I am using a form that submits to self but If i just send to a page it will work....
Yelgnidroc
03-24-2008, 06:41 PM
I think it's because you're checking:

if (isset($_POST['Submit']))

and you should be checking

if (isset($_POST['Button1])) // which has a value of Submit
adeang_1
03-24-2008, 07:18 PM
thanks man i appreciate it!