Post is not Updating

Question

I am currently trying to make a type blog site and I'm having trouble uploading the post in the edition of a post already created .

I'm currently using the Bootstrap and do not know if this will influence my code or not but the php error is in the lines of the form table.

<?php

  include("includes/connect.php");

  if (isset($_GET['edit'])) {

    $edit_id = $_GET['edit'];

    $edit_query = "select * from posts where post_id='$edit_id'";

    $run_edit = mysql_query($edit_query);

    while ($edit_row=mysql_fetch_array($run_edit)) {

      $post_id = $edit_row['post_id'];
      $post_title = $edit_row['post_title'];
      $post_author = $edit_row['post_author'];
      $post_keywords = $edit_row['post_keywords'];
      $post_image = $edit_row['post_image'];
      $post_content = $edit_row['post_content'];

      } 

    }

  ?>

<div class="col-md-10" id="content-area">
      <div class="container">
<div class="row">
  <h2>Edit Post</h2>
  <form method="post" action="edit_post.php?edit_form=<?php echo $edit_id ?>" enctype="multipart/form-data">
    <fieldset class="form-group">
      <label for="title">Title</label>
      <input type="text" name="title" class="form-control" id="title" placeholder="title" value="<?php echo $post_title; ?>">
    </fieldset>
    <fieldset class="form-group">
      <label for="author">Author</label>
      <input type="text" name="author" class="form-control" id="author" placeholder="author" value="<?php echo $post_author; ?>">
    </fieldset>
    <fieldset class="form-group">
      <label for="keywords">Keywords</label>
      <input type="text" name="keywords" class="form-control" id="keywords" placeholder="keywords" value="<?php echo $post_keywords; ?>">
    </fieldset>
    <fieldset class="form-group">
      <label for="image">Image</label>
      <input type="file" name="image" class="form-control" id="image" placeholder="image">
      <img src="../images/<?php echo $post_image; ?>" width="100" height="100">
    </fieldset>
    <fieldset class="form-group">
      <label for="content">Content</label>
      <textarea name="content" cols="20" rows="20" class="form-control" id="content" placeholder="content"><?php echo $post_content; ?></textarea>
    </fieldset>
    <input class="btn btn-primary" type="submit" name="submit" value="Update Post"></input>
  </form>

</div>

  </div>

</div>

</body>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="../js/bootstrap.min.js"></script>
</html>

<?php

  if (isset($_POST['update'])) {

    $update_id = $_GET['edit_form'];
    $post_title1 = $_POST['title'];
    $post_date1 = date('m-d-y');
    $post_author1 = $_POST['author'];
    $post_keywords1 = $_POST['keywords'];
    $post_content1 = $_POST['content'];
    $post_image1 = $_FILES['image']['name'];
    $image_tmp = $_FILES['image']['tmp_name'];

    if($post_title1=='' or $post_author1=='' or $post_keywords1=='' or $post_content1=='' or $post_image1=='') {

      echo "<script>alert('Preencha todos os campos')</script>";
      exit();
    }

    else {

      move_uploaded_file($image_tmp, "../images/$post_image1");

      $update_query = "update posts set post_title='$post_title1',post_date='$post_date1',post_author='$post_author1',post_image='$post_image1',post_keywords='$post_keywords1',post_content='$post_content1' where post_id='update_id'";

      if (mysql_query($update_query)) {

        echo "<script>alert('O seu post foi atualizado')</script>";

        echo "<script>window.open('view_posts.php','_self')</script>";

      }

    }

  }

?>

You seem to be using a mixture of $_GET and $_POST. ... That could be a problem... — WillardSolutions, May 06 '16 at 20:50
`post_id='update_id'` it's `$update_id` a variable, starting with `$` — u_mulder, May 06 '16 at 20:53
`mysql_*` functions are deprecated since PHP 5.5 (and **removed entirely** in PHP 7) and you should [stop using them](http://stackoverflow.com/q/12859942) if you can. You should choose another API that allows you to use prepared statements (which you *really should*), like `mysqli_*` or PDO - see [choosing an API](http://php.net/manual/en/mysqlinfo.api.choosing.php) - because your code is [**vulnerable to SQL-injection**](http://stackoverflow.com/q/60174/) — Qirel, May 06 '16 at 21:23
You check for `if (isset($_POST['update'])) {`, but you have no forum-inputs with the name-attribute `update`. Also, troubleshooting is difficult without knowing A) is there any errors? B) If no, did you *check for them*? C) What happens, and isn't happening? — Qirel, May 06 '16 at 21:26

score 0 · Answer 1 · answered May 06 '16 at 21:00

0

First of all, you should prevent SQL Injection.

Change this line:

$edit_id = $_GET['edit'];

To this:

$edit_id = (int)$_GET['edit'];

This way, php will always assume that the variable is an int.

The same on update code:

$update_id = $_GET['edit_form'];

To:

$update_id = (int)$_GET['edit_form'];

And then, you forgot to put $ inside SQL query, on update_id variable to run as a PHP variable:

  $update_query = (...) where post_id='$update_id'";

answered May 06 '16 at 21:00

Tiago Luz

129
6

"*you should prevent SQL Injection.*" You are indeed right, but the definitively best approach for this is using prepared statements with placeholders. – Qirel May 06 '16 at 21:21
Yes, prepared statements is a better approach for experts. In my opinion, (int) approach is better for begginers in this case. – Tiago Luz May 07 '16 at 23:34
If they are beginners, they should start off by learning prepared statements ;-) And if they're not beginners, they should learn prepared statements ;) – Qirel May 08 '16 at 13:35
I don´t agree. I think beginners should learn simple thinks first. – Tiago Luz May 08 '16 at 21:45
Hey thanks all for the tips.. I 'm still in php learning start so i am a beginner in php. Thanks for the tip Tiago but i still have a problem in the code and still could not decipher. I will search a little more in order to solve the problem. – André Brás May 09 '16 at 18:02

Post is not Updating

1 Answers1