Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 10 of 10

Thread: News-Script

  1. #1
    Junior Member
    Join Date
    Jan 2003
    Posts
    10
    Member #
    477
    I have a news script that is very simple. I Just started coding in PHP. I want to make a simple interface where I can add news. All my attempts have failed.
    Code:
    <html>
    <head>
    <title>Add News to Blackhole</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    </head>
    
    <body bgcolor="#5B7B93" text="#000000">
    <form name="form1" method="post" action="writetodb.php">
      <p> 
         <input name="$title" type="text" id="$title" value="Title"> 
       </p> 
       <p>  
         <input name="$name" type="text" id="$name" value="Name"> 
       </p> 
       <p>  
         <input name="$date" type="text" id="$date" value="Date"> 
       </p> 
       
      <p> 
        <textarea name="$body" cols="50" rows="10" id="$body">Body</textarea>
        <br>
        <input type="submit" name="Submit" value="Submit">
      </p> 
     </form>
    </body>
    </html>
    That is my add.php
    My writetodb.php is
    Code:
    <title>Added News to DB!</title>
    <?
    include("config.php");
    $connection = mysql_connect($dbhost, $dbname, $dbpass) or die ("Unable to 
    connect!"); 
      
    mysql_select_db("$dbbase") or die ("Unable to select database!"); 
    
    $query = "INSERT INTO $table (title,name,date,body) VALUES ('$title','$name','$date','$body')"; 
      
    $result = mysql_query($query) or die ("Error in query: $query. " . 
    mysql_error()); 
      
    mysql_close($connection);
    ?>
    If I am doing anything wrong, or you have a suggestion I would really appreciate it. Thanks in advance.

  2.  

  3. #2
    Senior Member filburt1's Avatar
    Join Date
    Jul 2002
    Location
    Maryland, US
    Posts
    11,774
    Member #
    3
    Liked
    21 times
    If you're using PHP 4.2.0 or higher or otherwise have register_globals off, you have to use $_GET['varname'] instead of $varname when getting stuff from the URL ($_POST['varname'] for post variables).
    filburt1, Web Design Forums.net founder
    Site of the Month contest: submit your site or vote for the winner!

  4. #3
    Junior Member
    Join Date
    Jan 2003
    Posts
    10
    Member #
    477
    Ok register_globals is off. But I'm not sure what you're saying for the URL post vars.

  5. #4
    Senior Member filburt1's Avatar
    Join Date
    Jul 2002
    Location
    Maryland, US
    Posts
    11,774
    Member #
    3
    Liked
    21 times
    Let's say you had this script and viewed it as test.php?testvar=1:
    PHP Code:
    <?
    if (empty($testvar)) echo "testvar is empty";
    else echo 
    "testvar is $testvar";
    ?>
    With register_globals on, it would echo "testvar is 1". With register_globals off, it would echo "testvar is empty." This script however would work correctly:
    PHP Code:
    <?
    echo "testvar is " $_GET['testvar'];
    ?>
    So if the arguments to a page are passed through the URL, use $_GET; otherwise, use $_POST. Don't turn on register_globals because (1) it's a bad habit now that's been off in PHP by default for a long time, and (2) it can open up security holes in your scripts.
    filburt1, Web Design Forums.net founder
    Site of the Month contest: submit your site or vote for the winner!

  6. #5
    Junior Member
    Join Date
    Jan 2003
    Posts
    10
    Member #
    477
    Forgive me, but I'm still lost hehe. I don't think I know what I'm doing

  7. #6
    Senior Member filburt1's Avatar
    Join Date
    Jul 2002
    Location
    Maryland, US
    Posts
    11,774
    Member #
    3
    Liked
    21 times
    Try changing this:
    PHP Code:
    $query "INSERT INTO $table (title,name,date,body) VALUES ('$title','$name','$date','$body')"
    to this:
    PHP Code:
    $title addslashes($_POST['title']);
    $name addslashes($_POST['name']);
    $date addslashes($_POST['date']);
    $body addslashes($_POST['body']);
    $query "INSERT INTO $table (title,name,date,body) VALUES ('$title','$name','$date','$body')"
    (BTW, addslashes() is there to avoid people from breaking the query by using quotes)
    filburt1, Web Design Forums.net founder
    Site of the Month contest: submit your site or vote for the winner!

  8. #7
    Junior Member
    Join Date
    Jan 2003
    Posts
    10
    Member #
    477
    Hmm, I did that, and for some reason, it makes the query, but it isn't taking the info from the text fields and adding it to the query. It just adds a query that is blank, and the output is blank on my index.php

  9. #8
    Senior Member filburt1's Avatar
    Join Date
    Jul 2002
    Location
    Maryland, US
    Posts
    11,774
    Member #
    3
    Liked
    21 times
    Also change [minicode]<input name="$title"...[/minicode] to [minicode]<input name="title"...[/minicode], etc.
    filburt1, Web Design Forums.net founder
    Site of the Month contest: submit your site or vote for the winner!

  10. #9
    Junior Member
    Join Date
    Jan 2003
    Posts
    10
    Member #
    477
    Thank you very much for all your help, it works beautifully now. You are the man

  11. #10
    Senior Member filburt1's Avatar
    Join Date
    Jul 2002
    Location
    Maryland, US
    Posts
    11,774
    Member #
    3
    Liked
    21 times
    Glad to help
    filburt1, Web Design Forums.net founder
    Site of the Month contest: submit your site or vote for the winner!


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 05:02 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com