I have some problems with some of my code .. have a form and a exec script ..but the exec script just bonce bakc ..
he's the code
(the html is for the in-game browser in EvE so it's crap I know)
The Form thingie
NewsDimz.php
<?php
include "NewsDimzConfig.php";
include "NewsTrust.php";
include "NewsDimzDB.php";
print "<html>\n";
print "<head>\n";
print " <title>News Form</title>\n";
print "</head>\n";
print "<body>\n";
if(isset($trust) && !$trust){
Print "<h3>Access Denied</h3><br>\n";
}
else
{
if ($_POST["password"]==$admin_password) {
if (isset ($_GET['edit'])) {
$id1 = $_GET['edit'];
$con = db_connect();
$sql = "SELECT * FROM NomadsNews WHERE ( nID = $id1)";
$result = mysql_query($sql,$con);
$row = mysql_fetch_array($result);
$title = $row['Titel'];
$news = $row['News'];
$name = $row['Name'];
print "<h1>Edit News Form</h1>\n";
print "<form method='POST' action='NewsDimz_exec.php?edit=$id1'>\n";
print "<input type='hidden' name='password' value='".$_POST["password"]."'>\n";
if(!$evebrowser){
print"<h3>Name</h3> <input type='text' name='name' size='75' value='$name'><br>\n";
}
else {
print"<input type='hidden' name='name' value='".$EvEHeader->CharName."'>\n";
}
print " <h3>Title</h3> <input type='text' name='title' size='75' value='$title'><br>\n";
print " <h3>The News</h3> <textarea name='news' cols='75' rows='15'>$news</textarea><br>\n";
print " <input type='submit'>\n";
print "</form>\n";
print "</body>\n";
print "</html>\n";
}
else if (isset ($_GET['delete'])){
$id2 = $_GET['delete'];
print "<h2>Er du sikker, du vil slette denne nyhed?</h2><br>\n";
print "<form method='POST' action='NewsDimz_exec.php?delete=$id2'>";
Print "<input type='hidden' name='password' value='".$_POST["password"]."'>\n";
print "<input type='submit' value='JA'></form>\n";
print " eller <br><a href='News.php'>NEJ</a>\n ";
}
else{
print "<h1>Add News Form</h1>\n";
print "<form method='POST' action='NewsDimz_exec.php'>\n";
print "<input type='hidden' name='password' value='".$_POST["password"]."'>\n";
if(!$evebrowser){
print"<h3>Name</h3> <input type='text' name='name' size='75'><br>\n";
}
else {
print"<input type='hidden' name='name' value='".$EvEHeader->CharName."'>\n";
}
print " <h3>Title</h3> <input type='text' name='title' size='75'><br>\n";
print " <h3>The News</h3> <textarea name='news' cols='75' rows='15'></textarea><br>\n";
print " <input type='submit'>\n";
print "</form>\n";
print "</body>\n";
print "</html>\n";
}
} else {
if (isset ($_GET['edit']))
{
$id1 = (int)$_GET['edit'];
print "<form method='POST' action='NewsDimz.php?edit=$id1'>\n";
print " <h3>Admin Password</h3> <input type='password' name='password'> <input type='submit'>\n";
print "</form>\n";
}
else if (isset ($_GET['delete']))
{
$id2 = (int)$_GET['delete'];
print "<form method='POST' action='NewsDimz.php?delete=$id2'>\n";
print " <h3>Admin Password</h3> <input type='password' name='password'> <input type='submit'>\n";
print "</form>\n";
}
else
{
print "<form method='POST' action='NewsDimz.php'>\n";
print " <h3>Admin Password</h3> <input type='password' name='password'> <input type='submit'>\n";
print "</form>\n";
}
}
}
?>
and here is the exec
NewsDimz_exec.php
<?php
include "NewsDimzConfig.php";
include "NewsDimzDB.php";
if ($_POST["password"]==$admin_password) {
$con = db_connect();
$title = mysql_escape_string($_POST["title"]);
$news = mysql_escape_string($_POST["news"]);
$name = mysql_escape_string($_POST["name"]);
if (isset ($_GET['edit'])) {
$id1 = (int)mysql_escape_string($_GET['edit']);
$sql = "UPDATE NomadsNews SET Name=".sql_quote($name).",Titel=".sql_quote($title).",News=".sql_quote($news)." WHERE ( nID = $id1)";
}
else if (isset ($_GET['delete'])){
$id2 = (int)mysql_escape_string($_GET['delete']);
$sql = "DELETE FROM NomadsNews WHERE (nID = $id2)";
}
else
{
$date = date("Y-m-d");
$db_date = mysql_escape_string($date);
$sql = "INSERT INTO NomadsNews (Name,Date,Titel,News) VALUES (".sql_quote($name).",".sql_quote($db_date).",".sql_quote($title).",".sql_quote($news).")";
}
$result = mysql_query($sql,$con);
if ($result!=false) {
// record added
$url = "News.php";
header("Location: ".$url);
} else {
// record not added
print "Problem Processing SQL [".$sql."]";
}
} else {
$url = $_SERVER["HTTP_REFERER"];
header("Location: ".$url);
}
?>
NewsDimzDB.php
<?php
// *************************************************************************
// DATABASE FUNCTIONS
// show_error()
// sql_quote()
// db_connect()
// db_disconnect()
// *************************************************************************
// function show_error()
// notes Displays an error code during a database operation
// returns nothing
// author Jonathan Beckett
// last changed 2002-08-15
function show_error()
{
die("Error " . mysql_errno() . " : " . mysql_error());
}
// function sql_quote()
// notes surrounds a string with single quotes
// returns string
// author Jonathan Beckett
// last changed 2002-08-15
function sql_quote($input)
{
return "'".$input."'";
}
// function db_connect()
// notes connects to the database
// returns connection object
// author Jonathan Beckett
// last changed 2002-08-15
function db_connect()
{
global $db_hostname;
global $db_username;
global $db_password;
global $db_name;
$con = mysql_connect($db_hostname,$db_username,$db_password);
if (!(mysql_select_db($db_name,$con)))
{
show_error();
}
return $con;
}
// function db_disconnect()
// notes disconnects from the database
// returns nothing
// author Jonathan Beckett
// last changed 2002-08-16
function db_disconnect($con)
{
close($con);
}
?>
The problem is that the exec don't goes into the IF and uses the header to bounce back ... What's wrong with my POST and GET
😕
