Programming Forums
User Name Password Register
 

RSS Feed
FORUM INDEX | TODAY'S POSTS | UNANSWERED THREADS | ADVANCED SEARCH

Reply
 
Thread Tools Display Modes
Old Mar 29th, 2005, 8:55 AM   #1
stakeknife
Newbie
 
Join Date: Mar 2005
Posts: 16
Rep Power: 0 stakeknife is on a distinguished road
Problem with a script i wrote... not sure though!
I wrote this script which simply lists articles in a database by their title and allows the user the option to add an article to the database... i've been working on it for the last two days now and it doesnt compile in apache. It's beginning to really get up my back...

Could people in the know have a look and tell me if they're is anything noticeably out of place...

Thanks

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

<?php

if (isset($_GET['addarticle'])):
<echo> '<form action = $_SERVER['PHP_SELF']; method ="post">';
<echo> '<tr><td height="19" valign="top">Title: </td><td valign="top"><input type="text" name="title"></td></tr>';
<echo> '<tr><td height="19" valign="top">Sub Title: </td><td valign="top"><input type="text" name="subtitle"></td></tr>';
<echo> '<tr><td height="19" valign="top">Author: </td><td valign="top"><input type="text" name="author"></td></tr>';

//fills the drop down menu with article categories taken from the database

$query = "SELECT category_name FROM core_article_category";
$result = mysql_query($query);
if(mysql_num_rows($result))
{
while($row = mysql_fetch_row($result))
{

<echo> '<select name="categories">';
print("<option value=\"$row[0]\">$row[0]</option>\n");}
}
else
{
print("<option value=\"\">No categories created yet</option>");
}

<echo> '<tr><td height="17" valign="top">Body: </td><td rowspan="2" valign="top"><textarea name="body" cols="65" rows="35"></textarea></td></tr>';
<echo> '</select>';
<echo> '<input type="submit" value="SUBMIT">';
<echo> '</form>';

else:

include("db.php");

$today = date("dmY");

if (isset($_POST['title'], isset($_POST['subtitle'], isset($_POST['author'], isset($_POST['categories'], isset($_POST['body']))
{
$title=$_POST['title'];
$subtitle=$_POST['subtitle'];
$author=$_POST['author'];
$categories=$_POST['categories'];
$body=$_POST['body'];

$addarticle = "'$title','$subtitle','$author','$categories','$body',1,'$today'";
mysql_query ("INSERT INTO core_article (title,subtitle,author_id,cat_id,body,enabled,timestamp) VALUES ($addarticle)");

}


echo '<p>List of articles in the database:</p>';
$results = @mysql_query('SELECT title FROM core_article');
if (!$results){
exit ('<p>Error performing query on the database:' .mysql_error(). '</p>');
}

while ($row = mysql_fetch_array($results)) {
echo '<li>' .$row['title']. '</li>';
}

echo '<p><a href="'.$_SERVER['PHP_SELF'].'?addarticle=1">Add an Article</a></p>';

endif;
?>
stakeknife is offline   Reply With Quote
Old Mar 29th, 2005, 9:09 AM   #2
tempest
Programming Guru
 
tempest's Avatar
 
Join Date: Oct 2004
Posts: 1,041
Rep Power: 5 tempest is on a distinguished road
Send a message via ICQ to tempest Send a message via AIM to tempest Send a message via Yahoo to tempest
i'm not sure of the if: else: endif; syntax, but i have heard of it before. Never used it though.

But all i can see is change:
(Toggle Plain Text) 
$title=$_POST['title'];
$subtitle=$_POST['subtitle'];
$author=$_POST['author'];
$categories=$_POST['categories'];
$body=$_POST['body'];

To:
(Toggle Plain Text) 
$title      = addslashes($_POST['title']);
$subtitle   = addslashes($_POST['subtitle']);
$author     = addslashes($_POST['author']);
$categories = addslashes($_POST['categories']);
$body       = addslashes($_POST['body']);

To avoid SQL injection vulnerabilities.
tempest is offline   Reply With Quote
Old Mar 29th, 2005, 9:44 AM   #3
stakeknife
Newbie
 
Join Date: Mar 2005
Posts: 16
Rep Power: 0 stakeknife is on a distinguished road
the if: elseif: else: endif: is apparently just another way of writing if endif statements

i incorporated the addslashes... thanks....

nothing that solves the error though, that error being the script just doesnt run... blank page :mad: :eek:
stakeknife is offline   Reply With Quote
Old Mar 29th, 2005, 9:46 AM   #4
stakeknife
Newbie
 
Join Date: Mar 2005
Posts: 16
Rep Power: 0 stakeknife is on a distinguished road
as a note, even if I use the ol'

if (statement)
{
blah;
}
else
{
blah;
}

setup it still doesnt work
stakeknife is offline   Reply With Quote
Old Mar 29th, 2005, 9:53 AM   #5
Berto
Programming Guru
 
Join Date: Aug 2004
Posts: 1,022
Rep Power: 6 Berto is on a distinguished road
Send a message via AIM to Berto Send a message via MSN to Berto
do you get any output, look at the html by viewing the source ot see if there is anything there if not add

echo 'test 123';

directly under the <?php line to check the php is working correctly.
Berto is offline   Reply With Quote
Old Mar 29th, 2005, 10:08 AM   #6
stakeknife
Newbie
 
Join Date: Mar 2005
Posts: 16
Rep Power: 0 stakeknife is on a distinguished road
no i get absolutely nothing...

the php is setup and working properly because this is just part of a bigger script, the rest is working...

though when i have an error in my programs i dont get an error page i just get a blank page...
stakeknife is offline   Reply With Quote
Old Mar 29th, 2005, 11:15 AM   #7
Jonnno
Newbie
 
Join Date: Mar 2005
Posts: 13
Rep Power: 0 Jonnno is on a distinguished road
As Berto suggests I would sprinkle some error checking points in your script, one inside each if/else/loop/part of loop saying something like;

echo "execution reached checkpoint 1";

etc.

it can help you know if your logic is faulty and where the execution flow is and isn't going.

Also echo out all your get & post variables, maybe your script isn't being passed what you think it is.

If you actually have an error, like a syntax error in your script, the PHP parser will return an error message to your web server (Apache) to display, usually something like 'Parse error at line: 53, unexpected T-string', or whatever.

If you have something like MySQL on your server, check what's in your database and make sure your field names match your SQL statements.

Hope this helps,

J.
Jonnno is offline   Reply With Quote
Old Mar 29th, 2005, 11:41 AM   #8
tempest
Programming Guru
 
tempest's Avatar
 
Join Date: Oct 2004
Posts: 1,041
Rep Power: 5 tempest is on a distinguished road
Send a message via ICQ to tempest Send a message via AIM to tempest Send a message via Yahoo to tempest
A few questions... where do you open and close the MySQL connection?

Try adding error_reporting(E_ALL); to the top and see what messages it produces...
tempest is offline   Reply With Quote
Old Mar 29th, 2005, 11:44 AM   #9
stakeknife
Newbie
 
Join Date: Mar 2005
Posts: 16
Rep Power: 0 stakeknife is on a distinguished road
Ill give that a go Jonnno and report back. Thanx

Tempest:


include("db.php"); is the database connection in a module
stakeknife is offline   Reply With Quote
Old Mar 30th, 2005, 11:38 AM   #10
stakeknife
Newbie
 
Join Date: Mar 2005
Posts: 16
Rep Power: 0 stakeknife is on a distinguished road
hi folks,

thanks for the help, i decided to rewrite the code without help of the web or anything and this is what i have written, all the functions such as add article and view article etc are now working but what i wanted to do was create links from the function menu() to the different functions such as addArticle(). Is this possible in PHP. Im a beginner here so go easy ( ;

I'm really unsure how to do this... had some ideas but they all didnt work in the end... grrr....

also, whilst the code works and the articles and categories are added to the database, the else statement in the code block that adds the information to the database still claims there are errors in the addition to the database, along the lines of:

There was an error adding your category: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''Site Updates','Information on site updates for users of the si

and thats it

anyway, here is my new code: thanks again!



<?php

include("db.php");
if (isset($_POST['createArticle']))
{

$today = date("dmY");
$addarticle = "'".$_POST['title']."','".$_POST['subtitle']."','".$_POST['author']."',1,'".$_POST['body']."',1,'$today'";
mysql_query ("INSERT INTO core_article (title,subtitle,author_id,cat_id,body,enabled,timestamp) VALUES ($addarticle)");

if(@mysql_query($addarticle))
{
echo '<td><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif"><p>Your article has been successfully added.</p></font></td>';
}
else
{
echo '<td><font color="#000000" size="2" face="Verdana, Arial, Helvetic, sans-serif"><p>There was an error adding your article: '.mysql_error().'</p></font></td>';
}
}

else if (isset($_POST['addCategory']))
{
$addCategory = "'".$_POST['category']."','".$_POST['description']."'";
mysql_query ("INSERT INTO core_article_category (category_name,category_description) VALUES ($addCategory)");

if(@mysql_query($addCategory))
{
echo '<td><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif"><p>Your category has been successfully added.</p></font></td>';
}
else
{
echo '<td><font color="#000000" size="2" face="Verdana, Arial, Helvetic, sans-serif"><p>There was an error adding your category: '.mysql_error().'</p></font></td>';
}

}
else
{
menu();
}

function viewArticles()
{
echo '<font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong><p>List of articles in the database:</p></strong></font><br>';
$results = @mysql_query('SELECT title,timestamp FROM core_article');

if (!$results)
{
exit ('<p>Error performing query on the database:' .mysql_error(). '</p>');
}

while ($row = mysql_fetch_array($results))
{
echo '<p><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif"> Article Title: ' .$row['title']. ' || Date Posted: '.$row['timestamp']. '</p></font>';
}
}
function addCategory()
{
echo '<table border="0" cellspacing="4" cellpadding="0" align="center">';
echo '<tr><td><p><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif"><Strong>Add an article</strong></font></p></td></tr>';
echo '<form action="article.php" method="post">';
echo '<table border="0" cellspacing="4" cellpadding="0" align="center">';
echo '<tr><td><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Category Title: </font></td><td><input type="text" name="category" value="'.htmlspecialchars($_POST['category']).'"></td></tr>';
echo '<tr><td><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Category Description: </font></td><td rowspan="2" valign="top"><textarea name="description" cols="35" rows="15" value="'.htmlspecialchars($_POST['description']).'"></textarea></td></tr>';
echo '<tr><td height="10">&nbsp;</td></tr>';
echo '<td height="15" colspan="2" valign="top"><input type="submit" name="addCategory" value="Submit"><input type="reset" name="resetform" value="Reset"></td>';
echo '</table>';
echo '</form>';
echo '</table>';

}


function addArticle()
{
$today = date("dmY");

echo '<table border="0" cellspacing="4" cellpadding="0" align="center">';
echo '<tr><td><p><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif"><Strong>Add an article</strong></font></p></td></tr>';
echo '<form action="article.php" method="post">';
echo '<table border="0" cellspacing="4" cellpadding="0" align="center">';
echo '<tr><td><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Title: </font></td><td><input type="text" name="title" value="'.htmlspecialchars($_POST['title']).'"></td></tr>';
echo '<tr><td><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Sub Title:</font> </td><td><input type="text" name="subtitle" value="'.htmlspecialchars($_POST['subtitle']).'"></td></tr>';
echo '<tr><td><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Author:</font> </td><td><input type="text" name="subtitle" value="'.htmlspecialchars($_POST['author']).'"></td></tr>';


$query = "SELECT category_name FROM core_article_category";
$result = mysql_query($query);

if(mysql_num_rows($result))
{
echo '<tr><td><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Category:</font> </td><td>';
// we have at least one user, so show all users as options in select form
while($row = mysql_fetch_row($result))
{
echo '<select name="categories">';
print("<option value=\"$row[0]\">$row[0]</option>");
}
}
else
{
echo '<tr><td><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">';
print("<option value=\"\">No categories created yet</option>");
echo '</font></td>';
}

echo '</td></tr>';
echo '</select>';
echo '<tr><td height="19" valign="top"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Body:</font></td><td rowspan="2" valign="top"><textarea name="body" cols="65" rows="15" value="'.htmlspecialchars($_POST['body']).'"></textarea></td></tr>';
echo '<tr><td height="10">&nbsp;</td></tr>';
echo'<td height="15" colspan="2" valign="top"><input type="submit" name="createArticle" value="Submit"><input type="reset" name="resetform" value="Reset"></td>';
echo '</table>';
echo '</form>';
echo '</table>';
}

menu()
{
}

?>
stakeknife is offline   Reply With Quote
Reply

Bookmarks

« Previous Thread in Forum | Next Thread in Forum »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Contact Us - DaniWeb IT Discussion Community - Privacy Statement - Top


DaniWeb IT Discussion Community
All times are GMT -5. The time now is 11:52 PM.

Powered by vBulletin® Version 3.7.0, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2007 DaniWeb® LLC