3

I have a form im trying to submit, into my MySQL database and its submitting all the records fine accept the 'content' field in my blog table.

Im not sure if this matters but i am using a textarea framework from nicedit.com

UPDATE: I have removed the NicEdit framework and it worked fine submitting as a normal textarea, im not really sure where to go with this now i'll try and take my support over to NicEdit and post a response when i have found a solution to this issue.

HOWEVER i am having another issue and would hate to open a new post about it, my date is inserting as 0000-00-00 and not the current date. Any solution to that?

heres the php post method

<?php
include_once"dbconnection.php";
session_start();
$connect = mysql_connect($host, $username, $password) or die (@mysql_error());
$selectdb = mysql_select_db($database, $connect) or die (@mysql_error());
if(isset($_POST['postblog'])){
    $blogtitle = $_POST['blogtitle'];
    $blogcontent = $_POST['blogcontent'];
    $author = 'Admin';
    $query = mysql_query("INSERT INTO blog SET date='date()', title='$blogtitle', author='$author', published='1', content='$blogcontent'");
    if ($query == false){
        echo "false";
    } else {
        echo "true";
    }
}
?>

and the html form

<form action='postblog.php' method='post'>
    <input class="inputMed" type="text" name="blogtitle"> <br />
    <textarea style="width: 600px;" name="blogcontent"></textarea> <br />
    <input type="submit" name="postblog" id="postblog" value="Post Blog" />
</form>

Thanks in advance

NodeDad
  • 1,519
  • 2
  • 19
  • 48
  • 3
    I smell SQL injection. [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – ThiefMaster Jan 01 '13 at 00:08
  • Just a guess, you have un-escaped characters in your 'blog content' that MySQL does not like. Try sanitizing your content before insertion. – Vaibhav Desai Jan 01 '13 at 00:10
  • any mysql errors? it looks fine to me. what Vaibhav said is most likely though. – kennypu Jan 01 '13 at 00:11
  • @ThiefMaster thanks i'll keep that in mind, for now i want to get my functionally down, i'll worry about security later. Or do you think im going at it the wrong way? – NodeDad Jan 01 '13 at 00:15
  • @VaibhavDesai i changed it from a textarea to input and it worked just fine... so it must be an issue within the framework is what your saying? – NodeDad Jan 01 '13 at 00:17
  • 1
    You're setting yourself up for failure if you don't worry about MySQL security as you're writing code. I suggest you read up on prepared statements, they're lifesavers when it comes to preventing SQL Injections. – troytc Jan 01 '13 at 00:22
  • 1
    @AaronRussell It's almost definitely in the NicEdit framework. See the answer I provide below. – Chris Ostmo Jan 01 '13 at 00:31
  • 1
    For the date problem, get rid of the quotes around `date()`. They're preventing it from running the function. – Barmar Jan 01 '13 at 00:44
  • After reading @ThiefMaster articles posted ive decided to go with MySQLi and i am VERY thankful for that information provided by him. If i wouldnt have known that information i would have really been stuck re coding a lot of things in the future – NodeDad Jan 01 '13 at 03:20

4 Answers4

1

It is possible your editor is submitting to a different variable (or not submitting it at all). One way to tell would be to have your PHP do something like this:

print_r($_REQUEST);

Put that in your script temporarily to see what gets submitted and by what name. If you see it, great. If you don't see your content you will know that the problem isn't PHP related and you will have to look into the nicedit side of things.

Ryan
  • 216
  • 1
  • 7
1

In regards to your HOWEVER date issue. Your 'date()' is being parsed as a string not a function, and you have not defined your parameters. Change to-

$query = mysql_query("INSERT INTO blog SET date='".date('Y-m-d')."', title='$blogtitle', author='$author', published='1', content='$blogcontent'");

Or using MySQL NOW()-

$query = mysql_query("INSERT INTO blog SET date=NOW(), title='$blogtitle', author='$author', published='1', content='$blogcontent'");

Or using MySQL CURDATE()-

$query = mysql_query("INSERT INTO blog SET date=CURDATE(), title='$blogtitle', author='$author', published='1', content='$blogcontent'");

see also - PHP function inside single quotes display is as text

Community
  • 1
  • 1
Sean
  • 12,443
  • 3
  • 29
  • 47
0

According to this post: NicEdit data not in POST, you will need something like this:

<INPUT type=submit name="submit" value="Send" onclick="nicEditors.findEditor('blogContent').saveContent();">

And possibly something along the lines of this:

var editor = new nicEditors.findEditor('blogContent');
var content = editor.getContent();

That should point you in the right direction. If you want a specific answer, you will need to specifically direct your question to someone who knows and/or uses NicEdit, because your issue is specifically related to how it (NicEdit) is wrapping your DOM in a non-standard way.

Community
  • 1
  • 1
Chris Ostmo
  • 1,202
  • 1
  • 10
  • 21
  • where in his post does it say he's using NiceEdit? – kennypu Jan 01 '13 at 00:27
  • In the part where he says "Im not sure if this matters but i am using a textarea framework from nicedit.com." Please don't down-vote answers until you have read about that upon which you are commenting. – Chris Ostmo Jan 01 '13 at 00:28
  • If the docs [here](http://wiki.nicedit.com/w/page/521/Javascript%20API) say what they appear to be saying, adding the `onClick` event method above to your submit button should work, as should adding that method to a form `onSubmit` event – Chris Ostmo Jan 01 '13 at 00:41
  • Hey @ChrisOstmo thanks for your answer! I didnt your answer before updating my post. But your right, i'll give that a try and see where it takes me. Thanks! – NodeDad Jan 01 '13 at 00:42
0

For The date problem you can use mysql currdate function like

   mysql_query("INSERT INTO blog SET date='DATE: Auto CURDATE()', title='$blogtitle', author='$author', published='1', content='$blogcontent'");

And for Nicedit Try This

   try this code
   <html>
   <head>
    <script src="http://js.nicedit.com/nicEdit-latest.js" type="text/javascript"></script>
    <script type="text/javascript">bkLib.onDomLoaded(nicEditors.allTextAreas);</script>
   </head>

   <body>
    <form action='postblog.php' method='post'>
     <input class="inputMed" type="text" name="blogtitle"> <br />
     <textarea style="width: 600px;" name="blogcontent"></textarea> <br />
     <input type="submit" name="postblog" id="postblog" value="Post Blog" />
   </form>
  </body>
  </html>
Girish Sahu
  • 475
  • 4
  • 12
  • And for the NicEdit are you using multiple text area in the html? Please post the entire html code as i have used nicEdit many Times and it works fine. – Girish Sahu Jan 01 '13 at 03:25
  • My coding has changed a lot as i switched to MySQLi and am using prepared statements, i would rather open another topic on it. I have found more useful information regarding this issue, im appending all my divs that display the different forms. And have tried many different textarea plugins now. And none are working, so im certain its the fact that im appending my divs and its just not recognizing because one thing i noticed to is that in all of the plugins i've used, none of them let me actually click any of the buttons. Will post link ASAP – NodeDad Jan 03 '13 at 01:27