Posting form to db?

theDog

Hi,

I'm trying to post the results of a popular rich text editor, to a database.

<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
	<title>Edit Page")</title>
	<script language="JavaScript" type="text/javascript" src="richtext.js"></script>
</head>
<body>

<h2>Edit Promotional Page</h2>

<form name="RTEDemo" action="" method="post">

<script language="JavaScript" type="text/javascript">


<?
//MY STUFF
REQUIRE("./connx.php");

$data = @mysql_query("SELECT * FROM post");
WHILE ($row = mysql_fetch_array($data)){
	$strHTML = ($row[text]);
}
//END MY STUFF
$content = "$strHTML";
$content = RTESafe($content);
?>
//writeRichText(fieldname, html, width, height, buttons)
writeRichText('rte1', '<?=$content?>', 520, 200, true);

//uncomment this section to see a demo of multiple RTE's on one page
//document.writeln('<br><br>');
//writeRichText('rte2', '', 450, 100, true);
//-->
</script>
<noscript><p><b>Javascript must be enabled to use this form.</b></p></noscript>

<p>Click submit to show the value of the text box.</p>

<!--// MORE MY STUFF //-->
<p><input type="button" name="post_text" value="Submit"></p>
</form>
<?
if ($post_text == "Submit") {
	$sql = "UPDATE TABLE post SET
	text = "$rte1"; //unexpected T_Variable?
}
?>
<!--// END MORE MY STUFF //-->
</body>
</html>
<?
//php example
function RTESafe($strText) {
	//returns safe code for preloading in the RTE
	$tmpString = trim($strText);

//convert all types of single quotes
$tmpString = str_replace(chr(145), chr(39), $tmpString);
$tmpString = str_replace(chr(146), chr(39), $tmpString);
$tmpString = str_replace("'", "&#39;", $tmpString);

//convert all types of double quotes
$tmpString = str_replace(chr(147), chr(34), $tmpString);
$tmpString = str_replace(chr(148), chr(34), $tmpString);
//	$tmpString = str_replace("\"", "\"", $tmpString);

//replace carriage returns & line feeds
$tmpString = str_replace(chr(10), " ", $tmpString);
$tmpString = str_replace(chr(13), " ", $tmpString);

return $tmpString;
}
?>

As it stands, i've got the contents of the 'text' field loading into the editor. But the bit where i try to submit the edited text back to the database generates a syntax error, (unexpected T_VARIABLE in the line that says text = "$rte1"; ). I dunno, it looks to me just like the examples in my book. It wouldn't surprise me if i was using the wrong variables for the procedure, but i'm baffled that PHP doesn't expect one at all.

Anyway the original RTE distribution is attached, unmolested, in case anyone needs a reference to see what i screwed up, or just needs a rich text editor. 😉 It's nice and small.

The original file used a js function to post the results to an alert box. I REALLY hope i don't need javascript to make this work, because i never had any skillz whatsoever with that.

TIA,
JB

scoppc

a quick look at your code, I would suggest you to fix this:

<?
if ($post_text == "Submit") {
	$sql = "UPDATE TABLE post SET
	text = "$rte1"; //unexpected T_Variable?
}
?>

<?
if ($post_text == "Submit") {
	$sql = "UPDATE TABLE post SET";
	text = $rte1; 
}
?>

oh yes, your SQL statement isnt complete. There must be something after the "SET"

theDog

Originally posted by scoppc
oh yes, your SQL statement isnt complete. There must be something after the "SET"

Then i must be confused about what SET does, because i thought text = "$rte1"; was the something after it. That's why i didn't put a semi-colon where you did. Shouldn't it update the field in my db called 'text' with the contents of the editor form?

I'm working out of a book, and the statement is verbatim what's in there, except i changed 'INSERT INTO' to 'UPDATE_TABLE', because i want to update what's in the text field, not insert a new row.

😕

scoppc

then u should do it this way:

$sql="UPDATE table_name SET field_name='$foo'";

Notice the single and double quotes. They must be properly used and closed

theDog

Thanks! That's much improved, considering the page at least displays. But nothing happens. 🙁 Waaah... I mean the database doesn't change.

<p><input type="submit" name="post_text" value="SUBMIT"></p>

if ($post_text == "SUBMIT") { 
    $sql="UPDATE post SET text='$rte1'";
  }
 if (@mysql_query($sql)) {
	echo("OK");
 } else {
   echo("ERROR: " .
	   mysql_error());
 }

I even put an error check in there, and it says "OK." Considering the code up there^ is it possible i'm using the wrong variable to post the edited text from the editor? I tried "$content" because that's what i called the stuff i retrieved from the database to stick in the editor, and i tried "$rte1" because that seems to be the name of the text box. I think.

Seems to me something should happen, even if it's wrong.

EDIT: Cuz i changed the submit button, and i left out a squiggly bracket.

theDog

theDog

Hrm maybe my asking talents are deficient. Let me try it this way...

I've got the editor/textarea form working, it posts the contents of the textarea to a new page as $event1. I know the variable and it's contents are being successfully posted because i can echo the variable on the new page.

So now i want to update my database with that variable. My code looks like this:

<INPUT TYPE=SUBMIT Name="save" VALUE="Save Page" />  

<? 
if ($save == "SUBMIT") { 
    $sql="UPDATE post SET text='$event1'";
  }
 if (@mysql_query($sql)) {
	echo("OK");
 } else {
   echo("ERROR: " .
	   mysql_error());
 }
?>
</form>

Clicking the button produces the error "Query was empty." Or rather, it did the first time i clicked it and now the error is echoed when the page is loaded.

Thanks,
JB

theDog

Maybe i asked too much, or the wrong way, or something. But if you guys could see my pain you'd take pity on me. I've RTFM, several in fact, and i've scoured the web and this forum. I just can't find a similar example, and i think i'm too confused to recognize it if i did.

Please, at least point me at an example for what i'm trying to accomplish?

The most recent code is:

<form method="post" action="<?=$PHP_SELF?>">
<INPUT TYPE=SUBMIT Name="save" VALUE="Save Page" />
<? 
if ($save == "Save Page") { 
    $sql="UPDATE post SET event='$event1'";
  }
 if (@mysql_query($sql)) {
	echo("OK");
 } else {
   echo("<br />" . "ERROR: " .
	   mysql_error());
 } 
?>
</form>

This produces the error "Query was empty" on page load, and "OK" when i push the button. The query empties the contents of my 'event' field.

The variable '$event1' is being posted to the page from the editor/textarea form. This page is for reviewing changes before saving, so i have it ECHO'd and i can see what i just typed into the editor.

Why is the query empty? And/or why is there a query at all before i push the button?

Thanks,
JB

EDIT: ECHO("$sql");
displays the string
UPDATE post SET event=''

...so i guess the query really is empty. Which brings me to the same question, i think... why is it empty when the page loads, and why is there even a query before i push the button to make one? I mean the query shouldn't execute until after the first IF is satisfied, right?

theDog

OK, i got the variables to stick and to post to the database, either using $_GET() or by finally figuring out the hidden form thing.

The problem is that my query is still executing as soon as the review page loads. (see_it.php) IOW, if i type "foo" in the textarea and push "Update Page" then "foo" gets written to the database without even clicking the "Save Page" button on the next page.

This is potentially bad from the user's standpoint. But besides that, i need to do something next. If the query executes without pushing the button, then i can't put a redirect in there because it redirects as soon as the page loads.

PLEASE? I must be doing something obviously n00b that someone can spot right off. I don't want the query to run unless the button is pushed, and i thought that's what IF meant.

The code changed again...

<form method="post">
<input type=submit name="save" value="Save Page" />
<input type="hidden" name="post_event" value="$post_event" />
<input type="hidden" name="post_promo" value="$post_promo" />
&nbsp;&nbsp;<input type=submit name="return" value="Return To Editor" />
<?
if ($post_event) {
  $sql = "UPDATE post SET event='$post_event', promo='$post_promo' ";
  $result = mysql_query($sql);
  }
	if (@mysql_query($sql)) {
	("<br />" . "Query OK" . "<br />");
	} else {
   echo("ERROR: " .
	   mysql_error());
 }
  if ($return) {
	  $return = "admin.php";
	  echo("<meta http-equiv = refresh content=0;url=".$return.">");
  }
?>
</form>

I don't have an ACTION for the form because the redirect works for the "Return to Editor" button. If i define an action then it does that instead.

Should i be using SWITCH or something instead of the IFs?

-JB

mtimdog

mysql_query returns either true or false.

Saying if (@()) is equivalent to saying
if (query doesn't fail) not if (query was run)

try something like this

if ($_POST[save]=="Save Page" ) { 
    $sql = "UPDATE post SET event='$_POST[post_event]', promo='$_POST[post_promo]' "; 
    if (@mysql_query($sql)) { 
        echo "<br />" . "Query OK" . "<br />"; 
    }else { 
        echo "ERROR: " . mysql_error(); 
    } 

}else{ //it is probly return
    echo("<meta http-equiv = refresh content=0;url=admin.php>"); 
 }