I'm doing a program where I try to save data every time the user press 'submit'. I have managed to save in my table 'answers' the data of the columns: exercise_id_fk, student_id and difficulty_student, but I can not save the data from the column: choice_answer. Every time I try to save it, it stops me from saving the other columns. I'm trying to store in the database multiple choice answers. Can you help me see what is wrong?
This is my program where im trying to store in the column 'choice_anser' from the multiple choice answers:
<?php
// Start the session
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "project";
$conn = new mysqli($servername, $username, $password, $dbname);
/*echo*/ $id=$_GET['id'];
$sql = "SELECT * FROM exercises where exercise_id='$id'";
$result = $conn->query($sql); /*Check connection*/
?>
<div id="centered_B" class="header">
<?php
$row = $result->fetch_assoc();
echo '<h1>' . $row["exercise_id"]. ". " . $row["title"] . '</h1>' . "<br>" . '<p>' . $row["text"] . '</p> <img width="603" height="auto" src="' . $row["image_path"] . '"><br><br>
<form method="post" >
<input type="radio" name="choice" value= "1" /><img src="' . $row["image_path_A"] . '"/><br>
<input type="radio" name="choice" value= "2" /><img src="' . $row["image_path_B"] . '"><br>
<input type="radio" name="choice" value= "3" /><img src="' . $row["image_path_C"] . '"><br>';
echo '</form>';
/*var_dump($id)*/
?>
<br><br><br><!--- Select difficulty --->
<p2>Select difficulty level:</p2>
<form action='' method='post'>
<select name="choose" id="choose">>
<option value="1" <?php if($row["difficulty"]=="1") { echo "selected"; } ?> >1</option>
<option value="2" <?php if($row["difficulty"]=="2") { echo "selected"; } ?> >2</option>
<option value="3" <?php if($row["difficulty"]=="3") { echo "selected"; } ?> >3</option>
<option value="4" <?php if($row["difficulty"]=="4") { echo "selected"; } ?> >4</option>
<option value="5" <?php if($row["difficulty"]=="5") { echo "selected"; } ?> >5</option>
</select>
<br><br><br><!--- Button --->
<!-- <button class="buttonSubmit" >Submit</button>-->
<input type="submit" name="submit" value="Submit">
<button class="buttonNext" >Next Question</button>
</form>
</div><!--- end of centered_B div --->
<?php
if (isset($_POST['submit'])) {
$user_id = $_SESSION['user_id'];
$user_check_query = "SELECT * FROM users WHERE id='$user_id'";
if(isset($_POST['choice'])){
if(isset($_POST['choose'])){
$choice_answer=$_POST['choice'];
$difficulty=$_POST['choose'];
// */$user_id = $_SESSION['user_id'];*/
$query = "INSERT INTO answers (exercise_id_fk, student_id, difficulty_student, choice_answer) VALUES ('$id','$user_id', '$difficulty', '$choice_answer')";
$sql=mysqli_query($conn,$query);
}
}
}
?>
<?php
// Start the session
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "project";
$conn = new mysqli($servername, $username, $password, $dbname);
/*echo*/ $id=$_GET['id'];
$sql = "SELECT * FROM exercises where exercise_id='$id'";
$result = $conn->query($sql); /*Check connection*/
?>
<div id="centered_B" class="header">
<?php
$row = $result->fetch_assoc();
?>
<h1><?php echo $row["exercise_id"] ?></h1><br/>
<p><?php echo $row["text"] ?></p>
<img width="603" height="auto" src="<?php $row["image_path"]?>"><br/><br/>
<form action='' method='post'>
<input type="radio" name="choice" value= "1" /><img src="<?php echo $row["image_path_A"]; ?>"/><br>
<input type="radio" name="choice" value= "2" /><img src="<?php echo $row["image_path_B"] ; ?>"><br>
<input type="radio" name="choice" value= "3" /><img src="<?php echo $row["image_path_C"]; ?>"><br>
<!-- var_dump($id) -->
<br><br><br>
<p2>Select difficulty level:</p2>
<form action='' method='post'>
<select name="choose" id="choose">>
<option value="1" <?php if($row["difficulty"]=="1") { echo "selected"; } ?> >1</option>
<option value="2" <?php if($row["difficulty"]=="2") { echo "selected"; } ?> >2</option>
<option value="3" <?php if($row["difficulty"]=="3") { echo "selected"; } ?> >3</option>
<option value="4" <?php if($row["difficulty"]=="4") { echo "selected"; } ?> >4</option>
<option value="5" <?php if($row["difficulty"]=="5") { echo "selected"; } ?> >5</option>
</select>
<br><br><br><!--- Button --->
<button class="buttonSubmit" >Submit</button>
<input type="submit" name="submit" value="Submit">
<button class="buttonNext" >Next Question</button>
</form>
</div><!--- end of centered_B div --->
<?php
if (isset($_POST['submit'])) {
$user_id = $_SESSION['user_id'];
$user_check_query = "SELECT * FROM users WHERE id='$user_id'";
if(isset($_POST['choice'])){
if(isset($_POST['choose'])){
$choice_answer=$_POST['choice'];
$difficulty=$_POST['choose'];
// */$user_id = $_SESSION['user_id'];*/
$query = "INSERT INTO answers (exercise_id_fk, student_id, difficulty_student, choice_answer) VALUES ('$id','$user_id', '$difficulty', '$choice_answer')";
$sql=mysqli_query($conn,$query);
}
}
}
?>
You have to use the single form if you want to save everything when you click on submit.
<?php
// Start the session
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "project";
$conn = new mysqli($servername, $username, $password, $dbname);
/*echo*/ $id=$_GET['id'];
$sql = "SELECT * FROM exercises where exercise_id='$id'";
$result = $conn->query($sql); /*Check connection*/
?>
<div id="centered_B" class="header">
<?php
$row = $result->fetch_assoc();
echo '<h1>' . $row["exercise_id"]. ". " . $row["title"] . '</h1>' . "<br>" . '<p>' . $row["text"] . '</p> <img width="603" height="auto" src="' . $row["image_path"] . '"><br><br>
/*var_dump($id)*/
?>
<br><br><br><!--- Select difficulty --->
<p2>Select difficulty level:</p2>
<form action='' method='post'>
<input type="radio" name="choice" value= "1" /><img src="<?php $row["image_path_A"];?>"/><br>
<input type="radio" name="choice" value= "2" /><img src="<?php $row["image_path_B"];?>"><br>
<input type="radio" name="choice" value= "3" /><img src="<?php $row["image_path_C"];?>"><br>
<select name="choose" id="choose">
<option value="1" <?php if($row["difficulty"]=="1") { echo "selected"; } ?> >1</option>
<option value="2" <?php if($row["difficulty"]=="2") { echo "selected"; } ?> >2</option>
<option value="3" <?php if($row["difficulty"]=="3") { echo "selected"; } ?> >3</option>
<option value="4" <?php if($row["difficulty"]=="4") { echo "selected"; } ?> >4</option>
<option value="5" <?php if($row["difficulty"]=="5") { echo "selected"; } ?> >5</option>
</select>
<br><br><br><!--- Button --->
<!-- <button class="buttonSubmit" >Submit</button>-->
<input type="submit" name="submit" value="Submit">
<button class="buttonNext" >Next Question</button>
</form>
</div><!--- end of centered_B div --->
<?php
if (isset($_POST['submit'])) {
$user_id = $_SESSION['user_id'];
$user_check_query = "SELECT * FROM users WHERE id='$user_id'";
if(isset($_POST['choice'])){
if(isset($_POST['choose'])){
$choice_answer=$_POST['choice'];
$difficulty=$_POST['choose'];
// */$user_id = $_SESSION['user_id'];*/
$query = "INSERT INTO answers (exercise_id_fk, student_id, difficulty_student, choice_answer) VALUES ('$id','$user_id', '$difficulty', '$choice_answer')";
$sql=mysqli_query($conn,$query);
}
}
}
?>
Related
I'm working on a simple quiz. One question is displayed at a time with 3 possible answers on radio buttons. The answer for each question is stored in a table from a database called
SOLUTION:
What I’m trying to do in the program is to show a message of 'Try again!' every time the user answers the question badly after clicking on SUBMIT. I have implemented it in the following code but I do not know why I always get the message of 'Try again!' when I click submit. Maybe it is because I put an 'else' after an 'empty'? Or because I'm not comparing it well with the correct variable? Can you help me find out the mistake?
This is my code:
<?php
$Err = "";
$Try = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["choice"])) {
$Err = "Please select option";
}
else{
if($_POST["choice"] != "solution_number FROM solution WHERE exercise_id_fk=$id"){
$Try = "Try again!";
}
}
}
?>
<form action='' method='post'>
<input type="radio" name="choice" value= "1" /><img src="<?php echo $row["image_path_A"] ?>"/><br>
<input type="radio" name="choice" value= "2" /><img src="<?php echo $row["image_path_B"] ?>"><br>
<input type="radio" name="choice" value= "3" /><img src="<?php echo $row["image_path_C"] ?>"><br>
<br><br>
<span class="error"><?php echo $Err;?></span>
<span class="try"><?php echo $Try;?></span>
<br><br><br><!--- Select difficulty --->
<p2>Select difficulty level:</p2>
<form action='' method='post'>
<select name="choose" id="choose">>
<option value="1" <?php if($row["difficulty"]=="1") { echo "selected"; } ?> >1</option>
<option value="2" <?php if($row["difficulty"]=="2") { echo "selected"; } ?> >2</option>
<option value="3" <?php if($row["difficulty"]=="3") { echo "selected"; } ?> >3</option>
<option value="4" <?php if($row["difficulty"]=="4") { echo "selected"; } ?> >4</option>
<option value="5" <?php if($row["difficulty"]=="5") { echo "selected"; } ?> >5</option>
</select>
<input class="buttonSubmit" type="submit" name="submit" value="Submit">
<?php
if ($next_question_id >= 0) {
?>
<a href="?id=<?php echo $next_question_id; ?>&order=<?php echo $next_question_order; ?>" class="buttonNext" >Next Question</a>
<?php
}
?>
</form>
And my PHP:
<?php
if (isset($_POST['submit'])) {
$user_id = $_SESSION['user_id'];
$user_check_query = "SELECT * FROM users WHERE id='$user_id'";
if(isset($_POST['choice'], $_POST['choose'])){
$choice_answer=$_POST['choice'];
$difficulty=$_POST['choose'];
$query = "INSERT INTO answers (exercise_id_fk, student_id, difficulty_change, difficulty_student, choice_answer, correct_answer) VALUES ('$id','$user_id', (SELECT IF(difficulty='$difficulty','NO','YES') FROM exercises WHERE exercise_id=$id), '$difficulty', '$choice_answer', (SELECT IF(solution_number='$choice_answer','1','0') FROM solution WHERE exercise_id_fk=$id))";
$sql=mysqli_query($conn,$query);
}
}
?>
I want a first radio button to be checked by default. When I click get schedule I want to fetch the schedule of that radio selected train number using a WHERE clause.
<?php
while ($res = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td><input type = radio />" . $res['Train_no'] . "</td>";
?>
<form action="schedule.php" method="POST" class="form-inline">
<input type="submit" value="Get Schedule"/>
</form>
<?php
}
<?php
$con = mysql_connect("localhost", "root", "");
if ($con) {
$db = mysql_select_db('traindb', $con);
} else {
die('Could not connect: ' . mysql_error());
}
$selected_val = $_POST['Train_no']; // Storing Selected Value In Variable
echo "You have selected :" . $selected_val; // Displaying Selected Value
$result = mysql_query("SELECT * FROM train_detail WHERE Train_No='$selected_val'");
mysql_close($con);
?>
You can try this:
if(isset($_POST['Submit'])){
$selected_val = $_POST['Train_no']; // Storing Selected Value In
echo "You have selected :" .$selected_val; // Displaying Selected Value
$result = mysql_query("SELECT * FROM train_detail WHERE
Train_No='$selected_val'");
}
Here is one example of "select":
<form action="" method="post">
<select type="age" class="form-control" id="age" name="age">
<!-- <option value="disable" selected="">Please Select</option> -->
<option value="">Please select</option>
<option value="Under 35">Under 35</option>
<option value=">35 - 44">35 - 44</option>
<option value=">45 - 54">45 - 54</option>
<option value=">55 - 59">55 - 59</option>
<option value=">60 - 64">60 - 64</option>
<option value=">65 - 69">65 - 69</option>
<option value=">70 - 74">70 - 74</option>
<option value=">75 - 79">75 - 79</option>
<option value="80 +">80 +</option>
</select>
<input type="submit" value="Submit">
</form>
<?php
$age = $_POST['age'];
if (isset($_POST['age']) && $_POST['age'] == "")
echo "You did not choose any options. Pls try again.";
else {
echo $age;
}
?>
If you want embed PHP in select options, do it like this:
<option value="<?php echo $res['Train_no'] ?>"><?php echo $res['some_other'] ?></option>
For radio button it is like this:
<!DOCTYPE html>
<html>
<body>
<form action="/action_page.php">
<input type="radio" name="gender" value="<?php echo $res['Train_no'] ?>" checked><?php echo $res['some_other'] ?><br>
<input type="radio" name="gender" value="female"> Female<br>
<input type="radio" name="gender" value="other"> Other<br><br>
<input type="submit">
</form>
</body>
</html>
I am trying to submit a form value in a database with php. In form a select box value comes from database.
<?php include_once 'header.php';
$sql="SELECT uid,name FROM emitra_basic where block='$user'";
$result = $conn->query($sql);
//form validion
if(isset($_POST['submit']))
{
$eid =$_POST["eid"];
if($eid=="blank")
{
$flag=1;
$idErr="please Select E-MITRA";
}
$miatm =trim($_POST["miatm"]);
if(empty($miatm) || !preg_match("/^[a-zA-Z0-9 ]*$/",$miatm)) {
$flag=1;
$miErr="Please Enter Valid Id";
}
.............like this
if($flag==0)
{
$sqll="insert into **********";
}
//my form is
<form id="basic" method="post" name="basic">
<select class="select-style gender" name="eid">
<option value="blank">Please Select E-MITRA ID</option>
<?php
while($row=mysqli_fetch_array($result))
{
?>
<option value="<?php echo $row['uid']; ?>"><?php echo $row['uid']." (" . $row['name'] .")"; ?></option>
<?php
}
?>
</select>
<p class="contact"><label for="bid">Micro-ATM Serial No</label></p>
<input type="text" name="miatm" value ="<?php if (isset($miatm)) echo $miatm; ?>" /> <?php echo $miErr; ?>
<p class="contact"><label for="bid">Micro-ATM TID No</label></p>
<input type="text" name="tid" value ="<?php if (isset($tid)) echo $tid; ?>" /> <?php echo $tiErr; ?>
<input class="buttom" name="submit" id="submit" value="Add Me" type="submit">
Its seems Ok.but when i tried to submit the form if some of one field remain empty then its show blank value in select box.
how can i remain the same selected value in select box even if textbox remain empty.
You need to retain the value of drop down after form submit.
User selected attribute of select option.
<?php
if (isset($_POST['submit'])) {
$eid =$_POST["eid"];
if ($eid=="blank") {
$flag=1;
$idErr="please Select E-MITRA";
}
}
$sql="SELECT uid,name FROM emitra_basic where block='$user'";
$result = $conn->query($sql);
?>
<select class="select-style gender" name="eid">
<option value="blank">Please Select E-MITRA ID</option>
<?php
while($row=mysqli_fetch_array($result)) {
$selected = (isset($_POST["eid"]) && $_POST["eid"] == $row['uid']) ? 'selected="selected"' : '';
?>
<option value="<?php echo $row['uid']; ?>" <?php echo $selected;?>><?php echo $row['uid']." (" . $row['name'] .")"; ?></option>
<?php
}
?>
</select>
You need to use selected="" or selected="selected" after submission in your select tag as a attribute as:
<?
$sql="SELECT uid,name FROM emitra_basic where block='$user'";
$result = $conn->query($sql);
?>
<select class="select-style gender" name="eid">
<option value="blank">Please Select E-MITRA ID</option>
<?php
while($row=mysqli_fetch_array($result))
{
$selected = ((isset($_POST["eid"]) && $_POST["eid"] == $row['uid']) ? 'selected=""' : '');
?>
<option <?=$selected?> value="<?php echo $row['uid']; ?>"><?php echo $row['uid']." (" . $row['name'] .")"; ?></option>
<?php
}
if(isset($_POST['submit']))
{
$eid = $_POST["eid"];
if($eid=="blank")
{
$flag=1;
$idErr="please Select E-MITRA";
}
?>
</select>
Side Note:
In your question ist two lines are not inside the php, i hope this is type error.
I am trying to go back to the page i came from after the update is submitted.
the $pagefrom gets populated from the page before. that works fine. I get redirected to a page that says 302 found but its the same url as my current page.
<?php
{
$pagefrom= $_POST['pagename'];
echo $pagefrom;
if(isset($_POST['add']))
{
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
if(! get_magic_quotes_gpc() )
{
$Reg_F_Name = addslashes ($_POST['Reg_F_Name']);
$Reg_L_Name = addslashes ($_POST['Reg_L_Name']);
}
else
{
$Req_F_Name = $_POST["Req_F_Name"];
$Reg_L_Name = $_POST["Reg_L_Name"];
}
$Req_ID = $_POST["Req_ID"];
$Req_F_Name = $_POST["Req_F_Name"];
$Reg_L_Name = $_POST["Reg_L_Name"];
$Reg_Email = $_POST["Reg_Email"];
$Reg_Mod_Request = $_POST["Reg_Mod_Request"];
$Reg_Address_1 = $_POST["Reg_Address_1"];
$Reg_Address_2 = $_POST["Reg_Address_2"];
$Reg_City = $_POST["Reg_City"];
$Reg_State = $_POST["Reg_State"];
$Reg_Zip_Code= $_POST["Reg_Zip_Code"];
$Reg_ID= $_POST["Reg_ID"];
$Reg_Phone = $_POST["Reg_Phone"];
$Reg_Phone= str_replace("-","","$Reg_Phone");
$Reg_Approval_Status= $_POST["Reg_Approval_Status"];
$Reg_Status= $_POST["Reg_Status"];
$sql= "UPDATE $dbtable SET
Reg_F_Name = '$Reg_F_Name',
Reg_L_Name = '$Reg_L_Name',
Reg_Phone = '$Reg_Phone',
Reg_Email = '$Reg_Email',
Reg_Mod_Request = '$Reg_Mod_Request',
Reg_Address_1 = '$Reg_Address_1',
Reg_Address_2 = '$Reg_Address_2',
Reg_City = '$Reg_City',
Reg_State = '$Reg_State',
Reg_Zip_Code = '$Reg_Zip_Code',
Reg_Approval_Status='$Reg_Approval_Status',
Reg_Status='$Reg_Status'
WHERE Reg_ID = '$Reg_ID'";
mysql_select_db($database);
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
mysql_close($conn);
header('Location: '.$pagefrom);
}
else
{
?>
<?php
$con=mysqli_connect($dbhost, $dbuser, $dbpass, $database);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = mysqli_query($con, "SELECT * FROM $dbtable WHERE Reg_ID = '$Reg_ID'");
?>
<form method="post" action="" style="width: 500px">
<fieldset>
<p style="text-align: center">Update A Prayer Request</p>
<div style="width: 500px; float: left">
<?php
while($rows = mysqli_fetch_array($query))
{
?>
<input type="hidden" name="Reg_ID" value="<?=$rows['Reg_ID']?>">
Please pray for:
<br />First Name: <input name="Reg_F_Name" type="text" id="Reg_F_Name" value="<? echo $rows['Reg_F_Name']; ?>">
<br />Last Name: <input name="Reg_L_Name" type="text" id="Reg_L_Name" value="<? echo $rows['Reg_L_Name']; ?>">
<br />Original Prayer Request:
<br/><? echo $rows['Reg_Request']; ?>
<br />Update Prayer Request:
<br /><textarea name="Reg_Mod_Request" type="varchar" id="Reg_Mod_Request" rows="5" cols="30"><? echo $rows['Reg_Mod_Request']; ?></textarea>
<br />Primary Address: <input name="Reg_Address_1" type="varchar" id="Reg_Address_1" value="<? echo $rows['Reg_Address_1']; ?>">
<br />Secondary Address:<input name="Reg_Address_2" type="varchar" id="Reg_Address_2" value="<? echo $rows['Reg_Address_2']; ?>">
<br />City:<input name="Reg_City" type="char" id="Reg_City" value="<? echo $rows['Reg_City']; ?>">
<br />State:<input name="Reg_State" type="char" id="Reg_State" value="<? echo $rows['Reg_State']; ?>">
<br />Zip:<input name="Reg_Zip_Code" type="char" id="Reg_Zip_Code" value="<? echo $rows['Reg_Zip_Code']; ?>">
<br />Phone Number (555-555-5555):<input name="Reg_Phone" type="char" id="Reg_Phone" value="<? echo $rows['Reg_Phone']; ?>">
<br />Email Address:<input name="Reg_Email" type="varchar" id="Reg_Email" value="<? echo $rows['Reg_Email']; ?>">
<br />Approval Status: <select id="Approval" name="Approval">
<!--Call run() function-->
<option value="0" <?php echo $rows['Reg_Approval_Status'] == "0" ? "selected" : '' ?>>Waiting Approval</option>
<option value="1" <?php echo $rows['Reg_Approval_Status'] == "1" ? "selected" : '' ?>>Accept</option>
<option value="2" <?php echo $rows['Reg_Approval_Status'] == "2" ? "selected" : '' ?>>Decline</option>
</select>
<br />Enabled Request: <select id="Activate" name="Activate">
<option value="0" <?php echo $rows['Reg_Status'] == "0" ? "selected" : '' ?>>Disable</option>
<option value="1" <?php echo $rows['Reg_Status'] == "1" ? "selected" : '' ?>>Enable</option>
</select>
</div>
<input name="add" type="submit" id="add" value="Update Prayer Request">
</fieldset>
</form>
<?php
}
}
mysql_close();
}
?>
I think something is wrong with
header('Location: '.$pagefrom);
but everything i try i still can not get it to reload the page before.
Remove echo $pagefrom; from the top of your script or move the header line above it. Headers can not be sent after output has started.
See: header
Try adding die(); the next line you use Header('Location: ....'); - if you don't the php will continue working further.
Also you probably want to use the form in the page the source code is from. Here you dont provide the pagename anymore therefore when you use form from this page - the $pagefrom is empty and redirection goes to current page.
Try adding it as hidden input for this form, and it should work.
I've set up a form to update my blog and it was working fine up until about this morning. It keeps on turning up with an Invalid Entry ID error on the edit post page when I click the update button despite the fact that it updates the homepage.
All help is seriously appreciated.
<html>
<head>
<title>Ultan's Blog | New Post</title>
<link rel="stylesheet" href="css/editpost.css" type="text/css" />
</head>
<body>
<div class="new-form">
<div class="header">
</div>
<div class="form-bg">
<?php
mysql_connect ('localhost', 'root', 'root') ;
mysql_select_db ('tmlblog');
if (isset($_POST['update'])) {
$id = htmlspecialchars(strip_tags($_POST['id']));
$month = htmlspecialchars(strip_tags($_POST['month']));
$date = htmlspecialchars(strip_tags($_POST['date']));
$year = htmlspecialchars(strip_tags($_POST['year']));
$time = htmlspecialchars(strip_tags($_POST['time']));
$entry = $_POST['entry'];
$title = htmlspecialchars(strip_tags($_POST['title']));
if (isset($_POST['password'])) $password = htmlspecialchars(strip_tags($_POST['password']));
else $password = "";
$entry = nl2br($entry);
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$entry = addslashes($entry);
}
$timestamp = strtotime ($month . " " . $date . " " . $year . " " . $time);
$result = mysql_query("UPDATE php_blog SET timestamp='$timestamp', title='$title', entry='$entry', password='$password' WHERE id='$id' LIMIT 1") or print ("Can't update entry.<br />" . mysql_error());
header("Location: post.php?id=" . $id);
}
if (isset($_POST['delete'])) {
$id = (int)$_POST['id'];
$result = mysql_query("DELETE FROM php_blog WHERE id='$id'") or print ("Can't delete entry.<br />" . mysql_error());
if ($result != false) {
print "The entry has been successfully deleted from the database.";
exit;
}
}
if (!isset($_GET['id']) || empty($_GET['id']) || !is_numeric($_GET['id'])) {
die("Invalid entry ID.");
}
else {
$id = (int)$_GET['id'];
}
$result = mysql_query ("SELECT * FROM php_blog WHERE id='$id'") or print ("Can't select entry.<br />" . $sql . "<br />" . mysql_error());
while ($row = mysql_fetch_array($result)) {
$old_timestamp = $row['timestamp'];
$old_title = stripslashes($row['title']);
$old_entry = stripslashes($row['entry']);
$old_password = $row['password'];
$old_title = str_replace('"','\'',$old_title);
$old_entry = str_replace('<br />', '', $old_entry);
$old_month = date("F",$old_timestamp);
$old_date = date("d",$old_timestamp);
$old_year = date("Y",$old_timestamp);
$old_time = date("H:i",$old_timestamp);
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><input type="hidden" name="id" value="<?php echo $id; ?>" />
<strong><label for="month">Date (month, day, year):</label></strong>
<select name="month" id="month">
<option value="<?php echo $old_month; ?>"><?php echo $old_month; ?></option>
<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>
<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>
<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>
</select>
<input type="text" name="date" id="date" size="2" value="<?php echo $old_date; ?>" />
<select name="year" id="year">
<option value="<?php echo $old_year; ?>"><?php echo $old_year; ?></option>
<option value="2004">2004</option>
<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2007">2007</option>
<option value="2008">2008</option>
<option value="2009">2009</option>
<option value="2010">2010</option>
</select>
<strong><label for="time">Time:</label></strong> <input type="text" name="time" id="time" size="5" value="<?php echo $old_time; ?>" /></p>
<p><strong><label for="title">Title:</label></strong> <input type="text" name="title" id="title" value="<?php echo $old_title; ?>" size="40" /> </p>
<p><strong><label for="password">Password protect?</label></strong> <input type="checkbox" name="password" id="password" value="1"<?php if($old_password == 1) echo " checked=\"checked\""; ?> /></p>
<p><textarea cols="80" rows="20" name="entry" id="entry"><?php echo $old_entry; ?></textarea></p>
<p><input type="submit" name="update" id="update" value="Update"></p>
</form>
<p><strong>Be absolutely sure that this is the post that you wish to remove from the blog!</strong><br />
</p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="hidden" name="id" id="id" value="<?php echo $id; ?>" />
<input type="submit" name="delete" id="delete" value="Delete" />
</form>
</div>
</div>
</div>
<div class="bottom"></div>
</body>
</html>
As far as I can see, you use either $_GET['id'] or $_POST['id'] to identify the entry ID. So you must check on the two when you set the $id variable:
if (!isset($_REQUEST['id']) || !is_numeric($_REQUEST['id']))
die("Invalid entry ID.");
Or, more selectively:
if (isset($_GET['id']) && is_numeric($_GET['id']))
$id = intval($_GET['id']);
else if (isset($_POST['id']) && is_numeric($_POST['id']))
$id = intval($_POST['id']);
else
die('Invalid entry ID.');
The empty check is redundant to is_numeric: an empty string is not numeric. Also, empty returns true with 0, which, I believe, should not halt your system since 0 could be a valid ID.
I believe the issue here is the mixing of POST and GET
Your form uses the POST method:
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
So you need to change:
if (!isset($_GET['id']) || empty($_GET['id']) || !is_numeric($_GET['id'])) {
die("Invalid entry ID.");
}
else {
$id = (int)$_GET['id'];
}
to:
if (!isset($_POST['id']) || empty($_POST['id']) || !is_numeric($_POST['id'])) {
die("Invalid entry ID.");
}
else {
$id = (int)$_POST['id'];
}