0

For some reason this script isn't updating the database properly according to the query. Does anybody have any idea why the script isn't updating? Please let me know!

<?php
session_start();
include '../connect.php';
if(!isset($_SESSION['id'])){
    header("Location: ../index.php");
}
if(isset($_POST['submit'])){
    $id=$_POST['id'];
    $postid=$_POST['postid'];
    $content=$_POST['content'];
    $title=$_POST['title'];
    echo "<pre>";
    print_r($_POST);
if(!empty($content)){
    $content = mysql_real_escape_string($content);
} else {
    echo 'You need to write something in your comment!';
}

    $upd=mysql_query("UPDATE replies SET reply_content='$content' WHERE reply_id='$postid'");
    if(!$upd){
        echo 'Error: '.mysql_error();
    }
} else {
    if (isset($_GET['id'])){
      $postid = $_GET['id'];
      $id=$_SESSION['id'];
            $q = mysql_query("SELECT * FROM `replies` where `reply_id`='$postid'");
            if(!$q){
                    echo 'Error: '.mysql_error();
            }
        $res = mysql_fetch_assoc($q);
        $q2 = mysql_query("SELECT topic_subject FROM `topics` where `topic_id`='$postid'");
        $res2 = mysql_fetch_assoc($q2);
        if(!q2){
            echo 'Error: '.mysql_error();
        }
        if ($res['reply_by'] == $id){

        } else {
            header("Location: ../pagenotfound.html");
        }
}
?>

<form action="edit.php">
    <input type="text" name="title" value="<?php echo $res2['topic_subject'] ?>" disabled="disabled" />
    <br />
    <textarea rows="20" name="content" cols="50"><?php echo $res['reply_content']?></textarea>
    <input type="hidden" name="postid" value="<?php echo $postid ?>" />
    <br />
    <input type="submit" name="submit" value="Submit" />
</form>
<?php
}
?>

If you need more info let me know!

Update: The issue is that when I click submit, it sends me to a page which still lists the form. I noticed this isuee when I tried to print_r($_POST) because it didn't actually print $_POST, I believe there is something wrong with either the form or where it checks if isset submit.

Kevin Harrison
  • 335
  • 1
  • 10
  • presume you've connected etc already? depending on your version of PHP you should check because `mysql` functions have been deprecated for a long time now, you should be using `mysqli`. what does `mysql_error()` give you? – scrowler Oct 13 '13 at 22:23
  • Apart from using [the deprecated `mysql` functions](http://php.net/manual/en/mysqlinfo.api.choosing.php) and [leaving yourself wide open to SQL injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php), what precisely does "not updating properly" mean? Are you getting an error? The wrong result? – IMSoP Oct 13 '13 at 22:23
  • Oh, and this if statement is backwards and broken: `if(empty($content))` - as written here, if you submit an empty comment, it will try to escape it (but nothing else); if you submit a non-empty one it will echo a warning, then save it anyway. – IMSoP Oct 13 '13 at 22:26

1 Answers1

1

Try with:

if(!empty($content)){
    $content = mysql_real_escape_string($content);
} else {
    echo 'You need to write something in your comment!';
    // if $content is mandatory, you should put a die("error") here
}

You should check your $_POST array with a simple 

echo "<pre>";
print_r($_POST);

and ensure that POST has vars you are looking for (first of all: submit)

EDIT: put print_r($_POST) BEFORE using it just before: 

if(isset($_POST['submit'])){

ERROR: you forgot to set form method type. Try with:

<form action="edit.php" method="post">

Without that, form will send parameters as $_GET.

Here's a simple php-form tutorial. http://php.net/manual/en/tutorial.forms.php

Daniele Vrut
  • 2,835
  • 2
  • 22
  • 32
  • I think the error has to do with something else, let me update the post with full document and tell you whats wrong, check the update. – Kevin Harrison Oct 13 '13 at 22:53