0

I've been reluctant to come back to Stackoverflow to ask this question. It's definitely been asked many times over, but every answer hasn't been able to fix the problem. I've attempted the Header() fix: https://stackoverflow.com/a/18820079/3831297 to no avail and now I have been trying to instead just validate and submit from the same page.

When I was using the Header redirect nothing would happen, no redirect to the next page while also not giving any errors for a reason. Which leaves me with the method below.. A mess of code that I've spent 60+ hours on trying to get to work from answers found on here as well as other websites.

What I've been trying to do with this version is validate with:

 if(empty()) {
   display error 
 }else{
   variable = true

 if(variable = true){ 
  post to database
 }

I apologize for the repeated question as well as for my complete lack of knowledge. I am learning as I go with these hands-on projects. 

<?php
    if (mysqli_connect_errno()) {
    echo "Connection to the database failed! Submitting a story will not work! Try again in a few minutes!" . mysqli_connect_error();
    }else{
        echo "<br>";
        echo "<h4>" . "Database connected successfully... It is safe to submit a story!" . "</h4>";
}
$TitleErr = $StoryErr = $AuthorErr = $DateErr = "";
$Title = $Story = $Author = $Date = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST["Title"])) {
        $TitleErr = "Title is required!";
    }else{
        $valid1 == true;
        }
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST["Story"])) {
        $StoryErr = "Story is required!";
    }else{
        $valid2 == true;
        }
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST["Author"])) {
        $AuthorErr = "Author is required!";

    }else{
        $valid3 == true;
        }
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if(empty($_POST["Date"])) {
        $DateErr = "Date is required!";

    }else{
        $valid4 == true;
        }
}
if ($valid1 = $valid2 = $valid3 = $valid4 = true) {
    $Title = mysqli_real_escape_string($con, $_POST['Title']);
    $Date = mysqli_real_escape_string($con, $_POST['Date']);
    $Author = mysqli_real_escape_string($con, $_POST['Author']);
    $Story = mysqli_real_escape_string($con, $_POST['Story']);

    $sql="INSERT INTO Moderate (Title, Story, Author, Date)
    VALUES ('$Title', '$Story', '$Author', '$Date')";
    if (!mysqli_query($con,$sql)) {
        die('Error: ' . mysqli_error($con));
        }else{
            echo "<br>";
            echo "Story submitted for moderation!";
            }
}


mysqli_close($con);

//Insert into database
//$sql="INSERT INTO Moderate (Title, Story, Author, Date)
//VALUES ('$Title', '$Story', '$Author', '$Date')";
?>
        <h2>Submit News</h2>
        <?php// echo htmlspecialchars($_SERVER["PHP_SELF"]);?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<span class="error">* <?php echo $TitleErr;?></span>
Title: <input type="text" name="Title">
<span class="error">* <?php echo $AuthorErr;?></span>
Author: <input type="text" name="Author">
<span class="error">* <?php echo $DateErr;?></span>
Date: <input type="date" name="Date">
<input type="submit"><br>

<span class="error">* <?php echo $StoryErr;?></span>
Story: <br><textarea type="textarea" rows="40" cols="100" name="Story" method="post"></textarea>
</form>
</div>
<?php

//// escape variables for security
//$Title = mysqli_real_escape_string($con, $_POST['Title']);
//$Story = mysqli_real_escape_string($con, $_POST['Story']);
//$Author = mysqli_real_escape_string($con, $_POST['Author']);
//$Date = mysqli_real_escape_string($con, $_POST['Date']);

//Insert into database


?>
Community
  • 1
  • 1
Codewow
  • 35
  • 6
  • There's no question here. As an aside, The reason your header redirect wasn't working is you left off `//` after `:` and also probably didn't include a `return;` which you need after a redirect attempt to stop the PHP script from continuing execution, printing stuff into the response, and thus ruining any chances of the redirect working. – developerwjk Aug 20 '14 at 23:51
  • @developerwjk Did you mean `exit` instead of `return`? – Marty Aug 20 '14 at 23:52
  • @Marty, If you're not in any function then `return` will work. If you're in a function, then yes, use `exit`. – developerwjk Aug 20 '14 at 23:53
  • Please use an IDE, it spots things like this straight away: `if ($valid1 = $valid2 = $valid3 = $valid4 = true)` – MrLore Aug 20 '14 at 23:53
  • @developerwjk Yes, sorry.. hit the button then realized I left out the question. I can confirm that the format was correct, though I did use exit; rather than return;. – Codewow Aug 21 '14 at 00:00

2 Answers2

0

I'm going to hazard an answer. Main thing I see is you are using == as assignment and = as comparison. This is backwards.

$valid4 == true; should be $valid4 = true;

if ($valid1 = $valid2 = $valid3 = $valid4 = true) should be if ($valid1 == $valid2 == $valid3 == $valid4 == true) or not really, since it actually has to be:

if ($valid1==true && $valid2==true && $valid3==true && $valid4==true)

With assignment you can stack up the operator, but with boolean comparison, combine the compares with and (&&).

Just some advise, don't make pages submit to themselves. Make a separate page to handle the form from the one that displays the form. That way if you ever want to upgrade to using Ajax, its much easier. Also after doing a db update like this you always need to redirect to another page to prevent double submit (unless using ajax). The page doing the db update should not print anything out but just do the db update and redirect, unless there's a validation error.

developerwjk
  • 8,619
  • 2
  • 17
  • 33
  • if ($valid1 == $valid2 == $valid3 == $valid4 == true) gives an error. - I'll continue to do what it takes to get it all working. Both from same-page and redirect. – Codewow Aug 21 '14 at 00:03
  • You sir, have just made my week. That worked! Thank you so much for saving me another 60 hours of headache. I will now try working on getting the redirect to work on a test page! – Codewow Aug 21 '14 at 00:09
0

Change your PHP to this:

if (isset($_POST['Title'],$_POST['Date'], $_POST['Author'], $_POST['Story'] )){

    $con = mysqli_connect("localhost", "my_user", "my_password", "db");

    /* check connection */
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }

    $title = $_POST['Title'];
    $date = $_POST['Date'];
    $author = $_POST['Author'];
    $story = $_POST['Story'];

    $query = "INSERT INTO Moderate (Title, Story, Author, Date) 
              VALUES (?, ?, ?, ?)"    

    /* create a prepared statement */
    if ($stmt = mysqli_prepare($con, $query)) {
        /* bind parameters for markers */
        mysqli_stmt_bind_param($stmt, "ssss", $city);    
        /* execute query */
        mysqli_stmt_execute($stmt);  
        /* close statement */
        mysqli_stmt_close($stmt);
    }   
    /* close connection */
    mysqli_close($con);
}
meda
  • 45,103
  • 14
  • 92
  • 122
  • I'll look into this code some more to learn about it. As far as it goes, developerwjk's code change worked perfectly for problem. – Codewow Aug 21 '14 at 00:14