-1

I'm working on a frequently asked questions, but for administration I want to be able to see the current frequently asked questions that have been stored in the database, and below that a form to post a new question & answer, which upon submitting will refresh the page with the new question and answer.

Here's the thing:

I've gotten it to post just fine, but I can only display the most recent one...

here's my code so far:

Getting:

<?php

        //select database table
          $sql = "SELECT question, answer FROM faq";
          $queryresult = mysql_query($sql) or die (mysql_error());

        //Request Values
          while ($row = mysql_fetch_array($queryresult)){
            $faqQuestion = $row['question'];
            $faqAnswer = $row['answer'];
          }

        //echo variables
          echo "<p>$faqQuestion</p>" . "<p>$faqAnswer</p>" . "<br />";

        //if question and answer have null values
          if ((empty($faqQuestion))&&(empty($faqAnswer))){
            echo("<div><p>No Questions available</p></div>");
          } 
      ?>
      <?php
        mysql_free_result($queryresult);
        mysql_close($conn);
      ?>

Posting:

<?php
    include("database_conn_dcs.php");

    if($_POST){

      $question = ($_POST['question'])? $_POST['question']:null;
      $answer = ($_POST['answer'])? $_POST['answer']:null;

      $sql="INSERT INTO faq (talen_idtalen, question, answer)
            VALUES ('$idtalen', '$question', '$answer')";

      if (!mysql_query($sql)) {
        die('Error: ' . mysql_error());
      }

      header("location: faq_admin.php");
    }
?>

My other issue is that it also posts blank stuff. how do i prevent PHP sending null values to the database (it's already stated the variables are non-null?

Thank you so much in advance!!!

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Hayo Friese
  • 83
  • 10
  • 1
    *"how do i prevent PHP sending null values to the database"* - Do as you did in `if ((empty($faqQuestion))&&(empty($faqAnswer)))` while telling it what action you want it to execute. Pass or stop. *Don't pass GO, fine $200* - Make it `die()` or `exit()` till it meets the requirements. – Funk Forty Niner Aug 15 '14 at 18:51
  • 1
    Don't use mysql* extensions in php . They are deprecated already for newer php versions. Just for side note and for preventing to store blank spaces in the database use the trim(); function – Mubo Aug 15 '14 at 18:53
  • 1
    Adding to what @Mubo said, your code looks subject to SQL injection. You should also use parameterized queries instead of dynamic queries. Look into PDO or MySQLi, and read http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php on how to avoid SQL injection – Alvaro Montoro Aug 15 '14 at 19:00

1 Answers1

1

First, your echo should be in the while loop, otherwise each time it loops, your two variables are being overwritten.

Secondly, you only want to display no questions available if no results were returned, which is checked by the mysql_num_rows.

Thirdly, your input code is vulnerable to SQL Injection, which could get your website compromised. To prevent this, use prepared statements, and bind your user input ($_POST variables) instead of including them directly in the query. 

<?php

        //select database table
          $sql = "SELECT question, answer FROM faq";
          $queryresult = mysql_query($sql) or die (mysql_error());

        //Request Values
          while ($row = mysql_fetch_array($queryresult)){
            $faqQuestion = $row['question'];
            $faqAnswer = $row['answer'];

            //echo variables
            echo "<p>$faqQuestion</p>" . "<p>$faqAnswer</p>" . "<br />";
          }
          if(mysql_num_rows($queryresult) <= 0) {
            echo("<div><p>No Questions available</p></div>");
           }


        mysql_free_result($queryresult);
        mysql_close($conn);
?>
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Nick
  • 3,096
  • 3
  • 20
  • 25