Miscellaneous > Programming & Networking
PHP scripts failing to use SQL functions
reactosguy:
Hello. I made a couple of PHP scripts to insert and update data, but they do not work. Why?
--- Code: ---<?php
$id = $_POST['id'];
$cont = $_POST['elm1'];
$head = $_POST['header'];
$tit = $_POST['title'];
$cxn = mysqli_connect("localhost","********","*******","msuck");
$query = "UPDATE articles SET title='$tit', header='$head', content='$cont' WHERE id='$id'";
$result = mysqli_query($cxn, $query);
?>
<html>
<head>
<script type="text/javascript">
window.location = "index.php?loc=msuck&id=<?php echo $id; ?>";
</script>
</head>
</html>
--- End code ---
UPDATE script
--- Code: ---<?php
$id = $_POST['id'];
$cont = $_POST['elm1'];
$head = $_POST['header'];
$tit = $_POST['title'];
$dat = date('Y-m-d');
$tim = date('H:i:s');
$cxn = mysqli_connect("localhost","********","*******","msuck");
$query = "INSERT INTO articles (content,id,author,date,time,title,header) VALUES ($cont,$id,'Administrator',$dat,$tim,$tit,$head)";
$result = mysqli_query($cxn, $query);
header("Location: index.php?loc=msuck&id={$_POST['id']}");
?>
--- End code ---
INSERT script
Sorry if you notice "elm1", I'm using a TinyMCE editor.
I notice no problems, and I feel that I followed it the same way that the book I'm using (PHP & MySQL Web Development All In One Desk Reference for Dummies, 3rd Edition by Janet Valade, ISBN: 978-0-470--16777-9) does. Do you have any answers? (8-)
Refalm:
Try not using Javascript for updating the content.
Also, you should look at "strip_tags", your website is open to SQL insert attacks.
reactosguy:
--- Quote from: Refalm on 29 September 2010, 09:54 ---Try not using Javascript for updating the content.
--- End quote ---
I have to, header statements only work at the beginning. If I do it at the beginning, the insert or update functions for SQL won't work because the page was redirected before.
--- Quote from: Refalm on 29 September 2010, 09:54 ---Also, you should look at "strip_tags", your website is open to SQL insert attacks.
--- End quote ---
I forgot about that, but the site isn't live (It's on localhost), so the only problem is accessing my computer via botnet or physical access to do so.
Refalm:
Why is "window.location" javascript in the <head> tag?
I'm not sure that even does anything when you implement it that way.
Also, you could try this:
--- Code: (PHP) ---<?php
echo '<meta http-equiv="refresh" content="0;url=index.php?loc=msuck&id=$_POST['id']" />';
?>
--- End code ---
instead of using header.
reactosguy:
--- Quote from: Refalm on 1 October 2010, 09:56 ---Why is "window.location" javascript in the <head> tag?
I'm not sure that even does anything when you implement it that way.
--- End quote ---
It works perfectly. I tried it.
--- Quote from: Refalm on 1 October 2010, 09:56 ---Also, you could try this:
--- Code: (PHP) ---<?php
echo '<meta http-equiv="refresh" content="0;url=index.php?loc=msuck&id=$_POST['id']" />';
?>
--- End code ---
instead of using header.
--- End quote ---
I was thinking about that as well. I just didn't know how to do it.
EDIT: This article said that too many meta redirects on a site leads to one being flagged as spam on a search engine.
So, are there any problems with my SQL queries? That's exactly what I want answered.
Navigation
[0] Message Index
[#] Next page
Go to full version