bradgrafelman wrote:It's good that you showed us the SQL error, but we also need to see what the query looked like that the DB received.
In other words, if you stored the SQL query in a variable $query, echo() out $query and paste the output for us to examine.
I am not exactly sure what you mean but here is the code (I think). If this isn't it, let me know where I can find the query:
<?php
include './includes/config.php';
include './includes/connect.php';
include './includes/functions.php';
// Set flag vars to use throughout the script
switch($_GET['action']) {
case 'add':
$add = TRUE;
$edit = FALSE;
break;
case 'edit':
$add = FALSE;
$edit = TRUE;
}
// Put category IDs,names into a local array
//======================================
$categories = array();
$sql = 'SELECT ID,name FROM categories';
$result = mysql_query( $sql ) or die( 'QUERYING FOR CATEGORY NAMES:'.mysql_error() );
while($row = mysql_fetch_assoc( $result )) {
$categories[] = array('name'=>$row['name'], 'ID'=>$row['ID']);
}
//======================================
// No post, so display form
if(!$_POST) {
// If editing, get product record
if($edit) {
// Query
if((isset( $_GET['ID'] )) && (is_numeric( $_GET['ID'] ))) {
$sql = "SELECT products.*, categories.name AS cat_name ";
$sql.= "FROM products, categories WHERE products.category_ID = categories.ID ";
$sql.= "AND products.ID = ".$_GET['ID'];
$result = mysql_query( $sql ) or die( 'Could not retrieve product record.' );
}
}
?>
<html>
<head>
<!-- tinyMCE -->
<script type="text/javascript" src="includes/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
<script language="javascript" type="text/javascript">
tinyMCE.init({
mode : "textareas",
theme : "advanced",
theme_advanced_disable : "help,hr,removeformat,anchor,styleselect,fontselect,formatselect,visualaid,indent,outdent"
});
</script>
<!-- /tinyMCE -->
<link rel="stylesheet" href="./css/style.css" type="text/css" />
</head>
<body>
<!--CONTAINER TABLE FIRST COLUMN-->
<table id="container" cellpadding="0" cellspacing="0">
<tr>
<td class="left-column" valign="top">
<!--MAIN MENU TABLE-->
<?php include './includes/main_menu.php'; ?>
<br />
<!--CONTAINER TABLE SECOND COLUMN-->
</td><td valign="top">
<!--MAIN TABLE-->
<table class="main-content">
<tr class="table-header">
<td class="table-header">
<?php echo ($edit) ? 'Edit' : 'Add'; ?> Product
</td>
</tr>
<tr>
<td class="content">
<table width="100%" cellspading="0" cellpadding="0">
<form method="post" action="">
<tr>
<td>
<table width="100%">
<?php
if($edit) {
while($row = mysql_fetch_assoc( $result )) { ?>
<tr>
<td style="width:160px;"><b>Product name:</b></td>
<td>
<input type="text" name="name" id="name"
value="<?php echo stripslashes($row['name']); ?>" />
</td>
</tr>
<tr>
<td><b>Image filename:</b></td>
<td>
<input type="text" name="image" id="image"
value="<?php echo stripslashes($row['image']); ?>"/>
</td>
</tr>
<tr>
<td><b>Category:</b></td>
<td>
<select id="category" name="category">
<?php
foreach($categories as $cat) {
echo '<option value="'.$cat['ID'].'" ';
echo ($cat['name'] == $row['cat_name']) ? 'selected="selected">' : '>';
echo $cat['name'].'</option>';
} ?>
</select>
</td>
</tr>
<tr>
<td valign="top">
<b>Short description:</b>
</td>
<td>
<textarea id="desc_short" name="desc_short" style="width:100%;">
<?php echo stripslashes($row['desc_short']); ?>
</textarea>
</td>
</tr>
<tr>
<td valign="top">
<b>Long description:</b>
</td>
<td>
<textarea id="desc_long" name="desc_long" style="width:100%;">
<?php echo stripslashes($row['desc_long']); ?>
</textarea>
</td>
</tr>
<?php
$id = $row['ID'];
} // end while
}else{
?> <tr>
<td style="width:160px;"><b>Product name:</b></td>
<td>
<input type="text" name="name" id="name" />
</td>
</tr>
<tr>
<td><b>Image filename:</b></td>
<td>
<input type="text" name="image" id="image" />
</td>
</tr>
<tr>
<td><b>Category:</b></td>
<td>
<select id="category" name="category">
<?php
foreach($categories as $cat) {
echo '<option value="'.$cat['ID'].'">';
echo $cat['name'].'</option>';
} ?>
</select>
</td>
</tr>
<td valign="top">
<b>Short description:</b>
</td>
<td>
<textarea id="desc_short" name="desc_short" style="width:100%;">
</textarea>
</td>
</tr>
<tr>
<td valign="top">
<b>Long description:</b>
</td>
<td>
<textarea id="desc_long" name="desc_long" style="width:100%;">
</textarea>
</td>
</tr>
<?php } ?>
</table>
<br /><br />
<input type="hidden" name="ID" id="id" value="<?php echo $ID; ?>" />
<input class="submit"
type="submit"
value="<?php echo ($edit) ? 'Edit ' : 'Add '; ?>Product"
id="<?php echo ($edit) ? 'edit' : 'add'; ?>save"
name="<?php echo ($edit) ? 'edit' : 'add'; ?>save" />
</td>
</tr>
</form>
</table>
<!--MAIN TABLE-->
</td>
</tr>
</table>
<!--CONTAINER TABLE-->
</td>
</tr>
</table>
</body>
</html>
<?php
// A form was posted, so process the data
}else{
/*
* Use htmlspechialchars() on parts of the string
* that are NOT inside HTML tags (i.e., don't convert
* the double quotes used for attributes)
*/
foreach( $_POST as $key => $val )
{
if( strpos( $val, '<' !== FALSE ) )
{
$pattern = '/(<(?:[^<>]+(?:"[^"]*"|\'[^\']*\')?)+>)/';
$arr = preg_split( $pattern, $val, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY );
if( strpos( $val, '<' ) === FALSE )
{
$tmp[] = htmlspecialchars( $val );
}else{
$tmp[] = $val;
}
$new_val = '';
foreach( $tmp as $v )
{
$new_val.= $v;
}
$converted[$key] = $new_val;
}else{
$converted[$key] = $val;
}
}
foreach( $converted as $key => $val )
{
$safe[$key] = mysql_real_escape_string( $val );
}
// ADD PRODUCT
if( $_POST['addsave'] )
{
$sql = "INSERT INTO products ";
$sql.= "SET name = '".$safe['name']."', ";
$sql.= "category_ID = '".$safe['category']."', ";
$sql.= "desc_short = '".$safe['desc_short']."', ";
$sql.= "desc_long = '".$safe['desc_long']."', ";
$sql.= "image = '".$safe['image']."', ";
$result = mysql_query( $sql ) or die( 'WHILE INSERTING:'.mysql_error() );
// header() doesn't work here... not sure why
echo '<META http-equiv="refresh" content="0;URL=http://www.new.rosaceans.com/admin/index.php">';
exit;
// EDIT PRODUCT
}else if( $_POST['editsave'] ) {
$sql = 'UPDATE products ';
$sql.= "SET name = '".$safe['name']."', ";
$sql.= "desc_short = '".$safe['desc_short']."', ";
$sql.= "desc_long = '".$safe['desc_long']."', ";
$sql.= "image = '".$safe['image']."', ";
$sql.= "category_ID = '".$safe['category']."', ";
$sql.= "WHERE ID = ".$safe['id'];
$result = mysql_query( $sql ) or die( 'WHILE EDITING:'.mysql_error() );
// header() doesn't work here... not sure why
echo '<META http-equiv="refresh" content="0;URL=http://www.new.rosaceans.com/admin/index.php">';
exit;
/*foreach($safe as $k=>$v) {
echo '<b>Key:</b> '.$k.'<br /><b>Value:</b> '.$v.'<br /><br />';
}*/
}
}
?>
