Not showing form variables

music_man

When I submit the form with an error on it, it does not echo the value of the fields that were filled in.

I have been trying to incorporate: http://nz.php.net/mysql_real_escape_string

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="css/style.css" />
<title></title>
</head>
<body>
<div id="container">
<div id="header">
<h2>Blog</h2>
</div>
<br />
<div id="navigation">
<ul><li><a href="index.php">Home/Write entry</a></li><li><a href="index.php?do=edit">Edit/Delete entries</a></li></ul>
</div>
<br />
<div id="content">

<?php
$phpself = $_SERVER['PHP_SELF'];
/************************************************************\
* Show the editing form
\************************************************************/
function showeditform()
{
    echo "<h3>Edit/Delete entries</h3>";
    echo "<br />";
    echo "<form method=\"POST\" action=\"$phpself\">";
    echo "<div class=\"form\">";
    echo "<label for=\"title\">Title:</label><input type=\"text\" name=\"title\" value=\"$row[1]\" />";
    echo "<br />";
    echo "<label for=\"content\">Content:</label>";
    echo "<textarea name=\"content\" cols=\"60\" rows=\"20\" />$row[2]</textarea>";
    echo "<br />";
    echo "<input type=\"hidden\" name=\"action\" value=\"edit\" />";
    echo "<input type=\"hidden\" name=\"id\" value=\"$row[0]\" />";
    echo "<input type=\"submit\" name=\"submit\" value=\"Edit entry\">";
    echo "</div>";
    echo "</form>";
}
/************************************************************\
* Show the writing form
\************************************************************/
function showwriteform()
{
    echo "<h3>Write entry</h3>";
    echo "<br />";
    echo "<form method=\"POST\" action=\"$phpself\">";
    echo "<div class=\"form\">";
    echo "<label for=\"title\">Title:</label><input type=\"text\" name=\"title\" value=\"$title\" />";
    echo "<br />";
    echo "<label for=\"content\">Content:</label>";
    echo "<textarea name=\"content\" cols=\"60\" rows=\"20\" />$content</textarea>";
    echo "<br />";
    echo "<input type=\"hidden\" name=\"action\" value=\"write\" />";
    echo "<input type=\"submit\" name=\"submit\" value=\"Publish entry\">";
    echo "</div>";
    echo "</form>";
}
/************************************************************\
* Connect to database
\************************************************************/
function dbconnect()
{
    $host = "";
    $user = "";
    $pass = "";
    $db = "";
    mysql_connect($host, $user, $pass) or die ("Unable to connect!");
    mysql_select_db($db) or die ("Unable to select database!");
}
/************************************************************\
* Disconnect from database
\************************************************************/
function dbdisconnect()
{
    mysql_close();
}
/************************************************************\
* Protect from SQL injections
\************************************************************/
function quote_smart($value)
{
   // Stripslashes
   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }
   // Quote if not a number or a numeric string
   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value) . "'";
   }
   return $value;
}

$showform = TRUE;

/************************************************************\
* Do posting things
\************************************************************/
if (isset($_POST['submit']))
{
    $error = '';
    $errors = '';
    $title = $_POST['title'];
    $content = $_POST['content'];
    $date = date("jS\/F\/Y");
    if(!$title)
    {
        $error[] = "Title";
    }
    if(!$content)
    {
        $error[] = "Content";
    }
    if($error)
    {
        foreach ($error as $value)
        {
            $errors .= "<li>" . $value . "</li>";
        }
        $message = '<p class="error">Please check your</p><ul>' . $errors . '</ul>';
        $showform = TRUE;
    }
    else
    {
        if($action=="write")
        {
            dbconnect();

$query = sprintf("INSERT INTO blog (title, content, date) VALUES (%s, %s, '$date')",
           quote_smart($_POST['title']),
           quote_smart($_POST['content']));
$result = mysql_query($query);

        dbdisconnect();
        $message = '<p class="notice">Posted.</p>';
        $showform = FALSE;
    }
    if($action=="edit")
    {
        dbconnect();
        $query = "UPDATE blog SET title = '$title', content = '$content', date = '$date' WHERE id=$id";
        $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
        dbdisconnect();
        $message = '<p class="notice">Entry edited. <a href="index.php?do=edit">Back</a></p>';
        $showform = FALSE;
    }
}
}
switch($act)
{
    case "change":
    dbconnect();
    $query = "SELECT id, title, content, date FROM blog WHERE id='$id'";
    $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
    $row = mysql_fetch_row($result);
    echo $message;
    if($showform);
    {
        showeditform();
    }
    dbdisconnect();
    break;
    case "delete":
    dbconnect();
    $id = $_GET["id"];
    $query = "DELETE FROM blog WHERE id='$id'";
    $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
    dbdisconnect();
    break;
}
switch($do)
{
    case "edit":
    dbconnect();
    $query = "SELECT id, title, content, date FROM blog";
    $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
    if (mysql_num_rows($result) > 0)
    {
        echo "<ul>";
        while($row = mysql_fetch_row($result))
        {
            echo "<li>";
            echo "<a href=" . $_SERVER['PHP_SELF'] . "?do=edit&amp;act=change&id=" . $row[0] .">".$row[1]."</a> | <a href=" . $_SERVER['PHP_SELF'] . "?do=edit&amp;act=delete&id=" . $row[0] .">Delete</a></li>";
        }
        echo "</ul>";
    }
    else
    {
        echo "<p class=\"notice\">You have published no entries</p>";
    }
    dbdisconnect();
    break;
    default:
    echo $message;
    if($showform);
    {
        showwriteform();
    }
}
?>

</div>
</div>
</body>
</html>

notaloser

you have a lot of code. if you want help from most people, you will have to supply only the lines we need to see to help you, or both the entire scrpit and then what part of the script we need to pay attention to.

music_man

It is the "Show editing form" function that is not getting the ID.

I have tried adding $id = $_GET["id"]; but it won't pick it up when displaying:

case "change":
    dbconnect();
    $query = "SELECT id, title, content, date FROM blog WHERE id='$id'";
    $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
    $row = mysql_fetch_row($result);
    echo $message;
    if($showform);
    {
        showeditform();
    }
    dbdisconnect();
    break;

thorpe

$row does not exist within your showeditform() function. You need to read the manual on [man]functions[/man] and scope.

music_man

So...

$makefoo = true;

/* We can't call foo() from here
   since it doesn't exist yet,
   but we can call bar() */

bar();

if ($makefoo) {
  function foo()
  {
   echo "I don't exist until program execution reaches me.\n";
  }
}

$makefoo does affect that function as an argument?

So could I go:

showeditform($row)

cahva

So could I go:
showeditform($row)
?

Yes. And the same goes for showwriteform() which is also using variables outside the script($title and $content).