I have put the following code together in an attempt to insert data into my DB. It isnt producing any error messages just posting to self returning back to the start again.
try to check if you are actually connect to the sql server by
$connect = mysql_connect($localhost, $dbuser, $dbpass) or die ('could not connect to SQL server');
mysql_select_db($dbname, $connect) or die ('could not select');
if the connection is fine, check the errors for your sql_query by
mysql_query($query) or die (mysql_error();
<?php // no output should be sent before starting a session - or sending a header redirect ( below ) session_start();
// make this safe $self = htmlentities(basename($_SERVER['PHP_SELF']));
// why define these as vars ? put them direct in the mysql_connect .... $localhost = 'localhost'; $dbuser = 'root'; $dbpass = 'password'; $dbname = 'north';
// connect with built in debug $connect = mysql_connect($localhost, $dbuser, $dbpass) or die('Can not connect to MYSQL:'. mysql_error()); mysql_select_db($dbname, $connect); or die('Can not select database:'. mysql_error());
// if the form has been submitted.. if(isset($_POST['submit'])) {
// A fast way to prep data. foreach($POST as $key => $value) { // ALWAYS mysql_real_escape_string your data before injecting in to MYSQL $_SESSION[$key] = mysql_real_escape_string($value); }
// set up query - this is a yuck way ... $query = "INSERT INTO url VALUES ('','{$_SESSION['id']}','{$_SESSION['title']}','{$_SESSION['description']}','{$_SESSION['keywords']}')"; // I would to this .. $query = "INSERT INTO url set id = '{$_SESSION['id']}', title = '{$_SESSION['title']}', description = '{$_SESSION['description']}', keywords = '{$_SESSION['keywords']}'";
// run the query - with built in debug mysql_query($query) or die('Query Error:'. mysql_error());
// on success - redirect. header("location: home.php");
Since then I decided to re-write the script completely to incorporate an edit function too. I have the DB connect file elsewhere now to keep things neat.
Here is the new script, let me know your thoughts:
PHP Code:
<?php
// creates the new/edit record form
function renderForm($page = '', $title = '', $descr = '', $keywords = '', $error = '', $id = '')
{ ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>
<?php if ($id != '') { echo "Edit Record"; } else { echo "New Record"; } ?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<h1><?php if ($id != '') { echo "Edit Record"; } else { echo "New Record"; } ?></h1>
<?php if ($error != '') {
echo "<div style='padding:4px; border:1px solid red; color:red'>" . $error
. "</div>";
} ?>
<form action="" method="post">
<div>
<?php if ($id != '') { ?>
<input type="hidden" name="id" value="<?php echo $id; ?>" />
<p>ID: <?php echo $id; ?></p>
<?php } ?>
<strong>First Name: *</strong> <input type="text" name="page"
value="<?php echo $page; ?>"/><br/>
<strong>Last Name: *</strong> <input type="text" name="title"
value="<?php echo $title; ?>"/>
<strong>Desc: *</strong> <input type="text" name="descr"
value="<?php echo $descr; ?>"/>
<strong>Desc: *</strong> <input type="text" name="keywords"
value="<?php echo $keywords; ?>"/>
<p>* required</p>
<input type="submit" name="submit" value="Submit" />
</div>
</form>
</body>
</html>
<?php }
/*
EDIT RECORD
*/
// if the 'id' variable is set in the URL
if (isset($_GET['id']))
{
// if the form's submit button is clicked process
if (isset($_POST['submit']))
{
// make sure the 'id' in the URL is valid
if (is_numeric($_POST['id']))
{
// get variables from the URL/form
$id = $_POST['id'];
$page = htmlentities($_POST['page'], ENT_QUOTES);
$title = htmlentities($_POST['title'], ENT_QUOTES);
$descr = htmlentities($_POST['descr'], ENT_QUOTES);
$keywords = htmlentities($_POST['keywords'], ENT_QUOTES);
// check that page and title are both not empty
if ($page == '' || $title == '' || $descr == '')
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($page, $title, $descr, $keywords, $error, $id);
}
else
{
// if everything is fine, update the record
if ($stmt = $mysqli->prepare("UPDATE URL SET page = ?, title = ?, descr = ?, keywords = ?
WHERE id=?"))
{
$stmt->bind_param("ssssi", $page, $title, $descr, $keywords, $id);
$stmt->execute();
$stmt->close();
}
// show an error message if the query has an error
else
{
echo "ERROR: could not prepare SQL statement.";
}
// redirect the user once the form is updated
header("Location: view.php");
}
}
// if the 'id' variable is not valid, show an error message
else
{
echo "Error!";
}
}
// if the form hasn't been submitted yet, get the info from the database and show the form
else
{
// make sure the 'id' value is valid
if (is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// get 'id' from URL
$id = $_GET['id'];
// get the recod from the database
if($stmt = $mysqli->prepare("SELECT * FROM URL WHERE id=?"))
{
$stmt->bind_param("i", $id);
$stmt->execute();
$stmt->bind_result($id, $page, $title, $descr, $keywords);
$stmt->fetch();
// show the form
renderForm($page, $title, $descr, $keywords, NULL, $id);
$stmt->close();
}
// show an error if the query has an error
else
{
echo "Error: could not prepare SQL statement";
}
}
// if the 'id' value is not valid, redirect the user back to the view.php page
else
{
header("Location: view.php");
}
}
}
/*
NEW RECORD
*/
// if the 'id' variable is not set we must be creating a new record
else
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// get the form data
$page = htmlentities($_POST['page'], ENT_QUOTES);
$title = htmlentities($_POST['title'], ENT_QUOTES);
$descr = htmlentities($_POST['descr'], ENT_QUOTES);
$keywords = htmlentities($_POST['keywords'], ENT_QUOTES);
// check that page and title are both not empty
if ($page == '' || $title == '' || $descr == '' || $keywords == '')
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($page, $title, $descr, $keywords, $error);
}
else
{
// insert the new record into the database
if ($stmt = $mysqli->prepare("INSERT INTO URL (page, title, descr, keywords) VALUES (?, ?, ?, ?)"))
{
$stmt->bind_param("ssss", $page, $title, $descr, $keywords);
$stmt->execute();
$stmt->close();
}
// show an error if the query has an error
else
{
echo "ERROR: Could not prepare SQL statement.";
}
// redirec the user
header("Location: view.php");
}
}
// if the form hasn't been submitted yet, show the form
else
{
renderForm();
}
}
// close mysqli connection
$mysqli->close();
Reply With Quote
;
Bookmarks