Stop Microsoft
Miscellaneous => Programming & Networking => Topic started by: reactosguy on 29 September 2010, 00:46
-
Hello. I made a couple of PHP scripts to insert and update data, but they do not work. Why?
<?php
$id = $_POST['id'];
$cont = $_POST['elm1'];
$head = $_POST['header'];
$tit = $_POST['title'];
$cxn = mysqli_connect("localhost","********","*******","msuck");
$query = "UPDATE articles SET title='$tit', header='$head', content='$cont' WHERE id='$id'";
$result = mysqli_query($cxn, $query);
?>
<html>
<head>
<script type="text/javascript">
window.location = "index.php?loc=msuck&id=<?php echo $id; ?>";
</script>
</head>
</html>
UPDATE script
<?php
$id = $_POST['id'];
$cont = $_POST['elm1'];
$head = $_POST['header'];
$tit = $_POST['title'];
$dat = date('Y-m-d');
$tim = date('H:i:s');
$cxn = mysqli_connect("localhost","********","*******","msuck");
$query = "INSERT INTO articles (content,id,author,date,time,title,header) VALUES ($cont,$id,'Administrator',$dat,$tim,$tit,$head)";
$result = mysqli_query($cxn, $query);
header("Location: index.php?loc=msuck&id={$_POST['id']}");
?>
INSERT script
Sorry if you notice "elm1", I'm using a TinyMCE editor.
I notice no problems, and I feel that I followed it the same way that the book I'm using (PHP & MySQL Web Development All In One Desk Reference for Dummies, 3rd Edition by Janet Valade, ISBN: 978-0-470--16777-9) does. Do you have any answers? (8-)
-
Try not using Javascript for updating the content.
Also, you should look at "strip_tags", your website is open to SQL insert attacks.
-
Try not using Javascript for updating the content.
I have to, header statements only work at the beginning. If I do it at the beginning, the insert or update functions for SQL won't work because the page was redirected before.
Also, you should look at "strip_tags", your website is open to SQL insert attacks.
I forgot about that, but the site isn't live (It's on localhost), so the only problem is accessing my computer via botnet or physical access to do so.
-
Why is "window.location" javascript in the <head> tag?
I'm not sure that even does anything when you implement it that way.
Also, you could try this:
<?php
echo '<meta http-equiv="refresh" content="0;url=index.php?loc=msuck&id=$_POST['id']" />';
?>instead of using header.
-
Why is "window.location" javascript in the <head> tag?
I'm not sure that even does anything when you implement it that way.
It works perfectly. I tried it.
Also, you could try this:
<?php
echo '<meta http-equiv="refresh" content="0;url=index.php?loc=msuck&id=$_POST['id']" />';
?>instead of using header.
I was thinking about that as well. I just didn't know how to do it.
EDIT: This (http://webdesign.about.com/od/metataglibraries/a/aa080300a.htm) article said that too many meta redirects on a site leads to one being flagged as spam on a search engine.
So, are there any problems with my SQL queries? That's exactly what I want answered.
-
Check if $time and $date are in the right format. Sometimes the values for date are actually month-day-year. And maybe time input is without seconds. Just check the database.
You also need put strings between '
-
Check if $time and $date are in the right format. Sometimes the values for date are actually month-day-year. And maybe time input is without seconds. Just check the database.
You also need put strings between '
The database uses a DATE in one of the columns of the tables. It's usually interpreted as Year-Month-Day.
Also, TIME column does do seconds, if I remember correctly.
EDIT: I changed both of them to VARCHARs so there shouldn't be many new problems.