I am new at PHP and MySQL, but feel I have learnt heaps; mainly from cutting, pasting and modifying various tutorials. The following, similar, code I got to work elsewhere, but I can't seem to repeat its success.

The following if-statement never evalutes as true and thus my update doesn't take place

if(isset($POST['firstname']))
{
$id = $POST['id'];
$firstname = $POST['firstname'];
$surname = $POST['surname'];
$email = $POST['email'];
$public = $POST['public'];
$entry = $_POST['entry'];

if(!get_magic_quotes_gpc())
{
    $firstname   = addslashes($firstname);
    $surname = addslashes($surname);
	$entry = addslashes($entry);
}

// update the article in the database
$query = "UPDATE tblguestbook ".
         "SET firstname = '$firstname', surname = '$surname', email = '$email', public = '$public', entry = '$entry' ".
         "WHERE id = '$id'";
mysql_query($query) or die('Error : ' . mysql_error());

// then remove the cached file
$cacheDir  = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';

@unlink($cacheFile);

// and remove the index.html too because the file list
// is changed
@unlink($cacheDir . 'index.html');

echo "<p align='center'>Article updated</p>";

// now we will display $title & content
// so strip out any slashes
$firstname   = stripslashes($firstname);
$surname   = stripslashes($surname);
$entry = stripslashes($entry);

}

'firstname' is set in the following code, which is part of the form which has method="post"

<input name="firstname" type="text" id="firstname" value="<?=$firstname;?>">

What am I doing wrong?

    Are you sure the form method is set to post?

    Is the firstname input inside the form that's being sent?

    It shouldn't effect the first if statement, but there's both $POST and $GET variables in that code, which is impossible....

      Try to iron it out with:
      if(isset($_REQUEST['firstname']))

        Thanks for the reply. What does $_Request do?

        You can see the full code listed at http://baselmania.madpage.com/other/phpproblem.txt . It's something I got off the Net (and I though I understood). I've used it successfully before.

        I can't see what I've done wrong.

        You say I can't use $GET and $POST together.... why is that?

          $_REQUEST is an array all of the get and post data. Haven't tried it, but I don't see why this wouldn't work to set both get and post vars:

          <form action="somefile.php?foo=bar" method="post">

            I don't really understand what I'm doing but the following seems to have worked for all but the public variable

            else if(isset($REQUEST['firstname']))
            {
            $id = $            REQUEST['id'];
            $firstname = $REQUEST['firstname'];
            $surname = $            REQUEST['surname'];
            $email = $REQUEST['email'];
            $public = $            REQUEST['public'];
            $entry = $_REQUEST['entry'];

            if(!get_magic_quotes_gpc())
{
    $firstname   = addslashes($firstname);
    $surname = addslashes($surname);
	$entry = addslashes($entry);
}

// update the article in the database
$query = "UPDATE tblguestbook ".
         "SET firstname = '$firstname', surname = '$surname', email = '$email', public = '$public', entry = '$entry' ".
         "WHERE id = '$id'";
mysql_query($query) or die('Error : ' . mysql_error());

// then remove the cached file
$cacheDir  = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';

@unlink($cacheFile);

// and remove the index.html too because the file list
// is changed
@unlink($cacheDir . 'index.html');

echo "<p align='center'>Article updated</p>";

// now we will display $title & content
// so strip out any slashes
$firstname   = stripslashes($firstname);
$surname   = stripslashes($surname);
$entry = stripslashes($entry);

            }

            Public is set in the form using the following code
            <?php
            if ($public==1) {echo "<input name='public' type='checkbox' id='public' checked>";}
            else
            {echo "<input name='public' type='checkbox' id='public'>";}
            ?>

              You probably need checked='checked'

              Also, since you are using $REQUEST you might want a line of security validation on the sticky in 'public', at least to strip out html tags. Personally I'd use a regex on even a button unless it was limited to $POST.

                So much thanks for everyones input.

                As you can gather, I'm totally new at this.... where can I read up about what you (masonbarge) are saying, as it is totally greek to me.

                  Beginners have no idea how important, or how hard, security is. At some point you're going to have to learn how to use regular expressions, and it's hard sledding. Here's a really good tutorial (although you'll feel nauseated after reading a couple of paragraphs, LOL). If you read like one paragraph per day maybe it will be easier:


                  Basically you use one of two functions, ereg() or preg_match(), to make sure someone didn't try to put something unwanted in a form response. Yes it is happens every day, some hacker types the right stuff into a form on an unprotected page and corrupts or wipes out the entire file and database system running it.

                  My first regex was learned from Ullman's "PHP and MYSQL for Dynamic Websites". He has a good way of explaining things so that they aren't so confusing.

                  You should Google "php mysql security" or something and read a couple of articles about it.

                    Write a Reply...