0

I'm trying to get my PHP/HTML back up to scratch, and I've started by designing my own little news/whatever system. What I'm trying to do for efficiency is to run the Add/Edit/Delete all from the one process.php file via a switch($x), but for some reason it won't insert any data, and it won't give me any errors. I'm completely lost on what to do here. If anyone could help me out the code for both files is as below.

process.php

    <?php
include("config.php");
if (!isset($_GET['x'])) {
    $x = $_GET[x];
        switch($x) {
            case "add":
                $title = $_POST['title'];
                $text = $_POST['text'];
                $date = $_POST['date'];
                $author = $_POST['author'];

                mysql_query("INSERT INTO posts(id, title, text, date, author) VALUES(null, '$title', '$text', '$date', '$author')") or die(mysql_error());
                echo("Article inserted. Click <a href=\"index.php\" />here</a> to return.");
            break;
            case "gohome":
                echo("Looks like you've taken a wrong turn. Click <a href=\"index.php\">here</a> to return.");
            default:
                echo("Go home.");
            break;
        }
} else {
    $x = 'gohome';
}
?>

index.php (adding data)

<html>
<head>
<link rel="stylesheet" type="text/css" href="includes/style.css" />
</head>

<body>
    <div align="center" /><font size="20px;" />test</font></div>
    <?php include("includes/navigation.php"); ?>
    <div align="center" />

    <fieldset><legend>Submit an article</legend>
        <form action="includes/process.php?x=add" method="post" />
        <input name="title" type="text" value="Title" onfocus="if(this.value=='Title') this.value='';" onblur="if(this.value=='') this.value='Title';"/><br />
        <input name="date" type="text" value="Date" onfocus="if(this.value=='Date') this.value='';" onblur="if(this.value=='') this.value='Date';"/><br />
        <textarea rows="4" cols="50" name="text" /></textarea><br />
        <input name="author" type="text" value="Author" onfocus="if(this.value=='Author') this.value='';" onblur="if(this.value=='') this.value='Author';"/><br />
        <input type="submit" />
        </form>
    </fieldset>
</body>
</html>
Nathan Kreider
  • 516
  • 3
  • 7
  • 16
  • Have you run the query from the command line? Have you verified the query is correct? – John Conde Oct 27 '13 at 02:31
  • 1
    [Please, don't use `mysql_*` functions in new code](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). **You are also wide open to [SQL injections](http://stackoverflow.com/q/60174)** – John Conde Oct 27 '13 at 02:32
  • @JohnConde This is only being run on my PC through XAMPP and I have everything pretty locked down. I'm just trying to get the basics down. Thanks for the links, btw! – Nathan Kreider Oct 27 '13 at 02:34
  • That's no excuse. This code is obsolete and insecure. You should *never* write code like that. – John Conde Oct 27 '13 at 12:13

1 Answers1

3

This code:

if (!isset($_GET['x'])) {
    $x = $_GET[x];

should be:

if (isset($_GET['x'])) {
    $x = $_GET['x'];

You had the test backwards, so when the parameter was set you weren't going into the switch.

Barmar
  • 741,623
  • 53
  • 500
  • 612