...

View Full Version : PHP form submission with sessions



n4te02
10-27-2009, 11:22 PM
Hey everyone... So, I have a form that submits a message, name, userid, category, and datetime into the database. It all works fine except the userid... I had it working before, but now I have no clue why it stopped working :(

If a person is logged in, the "username" field becomes a dropdown menu and they can choose between Anonymous or their Username. I want it to insert the users 'id' (users table in the DB) into the post as well as update a post count in the users table.

It confuses the hell out of me because the same exact fetch array to display their info if they're logged in or not works perfectly (using sessions)... but for w/e reason it's not working in this particular INSERT function.

Anyway, here's the add_post.php which displays errors or success, then processes the function if it's a success - db_connect(); is a function to connect to the DB:


<?php
require_once('functions.php');
db_connect();

$message = $_POST['guestbook_message'];
$name = $_POST['guestbook_name'];
$datetime = $_POST['datetime'];
$category = $_POST['category'];

if (strlen($message) < 50)
{
$msgerror = "<strong>Error:</strong> Your message length is too short.";
}
if ($category == 1)
{
$msgerror = "<strong>Error:</strong> Please choose a category.";
}

$bad_word_list = "<object, </object>, <script, <param, </script>, </param>, <a href, &#106;&#97;&#118, &#0000106&#0000097&#0000118&, &#x6A&#x61&#x76&#x61&#x73, &#x09;, &#x0A;, &#x0D;, alert\(, <iframe, <embed, <meta, http://, www., .com, .net, .org, dot com, dot net, dot org, (dot) com, (dot) net, (dot) org";
$bad_words = explode(", ",$bad_word_list);
foreach ($bad_words as $word)
{
if (false !== stripos($message, $word))
{
$msgerror = "<strong>Error:</strong> Your message might contain unauthorized words.";
}
}

if($msgerror)
{
$postmsg = $msgerror;
echo "<span class='posterror'>". $postmsg ."</span>";
}
else
{
add_post($message, $name, $userid, $datetime, $category);
$postmsg = "<strong>Success!</strong> Your comment has been posted.
<script type=\"text/javascript\"><!--
setTimeout('Redirect()',1000);
function Redirect()
{
location.href = 'index.php';
}
// --></script>";
echo "<span class='postsuccess'>". $postmsg ."</span>";
}
?>


And here is the function:


function add_post($message, $name, $userid, $datetime, $category)
{
$name = mysql_real_escape_string($name);
$message = mysql_real_escape_string(stripslashes(ereg_replace("\r\n", "<br />", $message)));
$time = strtotime("now");
$time = $time + 3600;
$datetime = date("m/d/y @ h:i:sa", $time);

$connection = db_connect();
$username = $_SESSION['user']['username'];
$user_array = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"));
$userid = $user_array['id'];

$query = "INSERT INTO `posts`(name, userid, content, datetime, category) VALUES('$name', '$userid', '$message', '$datetime', '$category')";
mysql_query($query, $connection);

// find the user and update comment count
$sql = "SELECT * FROM `users` WHERE `id` = '$userid'";
$result = mysql_query($sql);
$rows = mysql_fetch_array($result);

if ($rows)
{
$max_post = $rows['posts'] + 1;
}
else
{
$max_post = 1;
}

$q = "UPDATE `users` SET `posts` = '$max_post' WHERE `id` = '$userid'";
mysql_query($q);

db_close($connection);
}


And I am not sure this is needed but this is the code that works fine, displaying whether or not they're logged in:


$session = $_SESSION['in'];
if ($session)
{
$username = $_SESSION['user']['username'];
}

if($session != "yes") // generate login form
{
$login = '<form action="login.php" method="post">
<p>
<label class="loginField">Username:</label>
<input class="login" type="text" name="log" id="log" value="" />
</p>
<p>
<label class="loginField">Password:</label>
<input class="login" type="password" name="pwd" id="pwd" value="" />
</p>
<div style="text-align: right;">
<input type="submit" name="submitlogin" value="Submit" class="button_login" id="submit" />
</div>

</form><br />
<div id="loginajax"><a href="#submit_register" name="modal"><strong>Sign up</strong>
</a> | <a href="forgot.php">Forgot Password?</a></div>';
}
else
{
db_connect();
$username = $_SESSION['user']['username'];
$user_array = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"));

$login = 'Welcome back, <strong>'. $user_array['name'] .'</strong>. &nbsp;<a href="logout.php" name="logout" id="logout">Logout</a><br /><br /><br />
<a href="settings.php">Edit Profile</a> | <a href="profile.php?user='. $username .'">View Profile</a>';
}


Like I said...that fetch array brings up the appropriate info, but for w/e reason does not work in the add_post function :( Any help would be greatly appreciated!!! :)

Fumigator
10-28-2009, 12:21 AM
First thing you should do now and forever more, is check your mysql_query() function calls to make sure they worked. You should develop a good error routine that gives you enough information to determine what went wrong with your query.

I'm not 100% positive your query is even failing here. But that's the point-- No one knows! Believe me when I tell you this will save your own sanity.

Example:



$query = "SELECT whatever FROM wherever";
$result = mysql_query($query);
//check that query, make sure it worked
if (!$result) {
die("Oops! Query failure! Query is $query<br/>error text: ".mysql_error());
}

n4te02
10-28-2009, 01:23 AM
Thanks for the response. I did what you said and nothing.. no errors or anything, so now I am more confused lol.

Fumigator
10-28-2009, 01:28 AM
Something else you can try is display the $_SESSION array using print_r.



echo "<pre>".print_r($_SESSION,true)."</pre>";


This tells you if your session is working and if the data is what you'd expect it should be.

n4te02
10-28-2009, 02:10 AM
good catch! for some reason it's not picking the session up, very weird....
I did this to check if it's picking it up:


if($msgerror)
{
$postmsg = $msgerror;
echo "<span class='posterror'>". $postmsg ."</span>";
}
else
{
//add_post($message, $name, $userid, $datetime, $category);
/*$postmsg = "<strong>Success!</strong>
<script type=\"text/javascript\"><!--
setTimeout('Redirect()',1000);
function Redirect()
{
location.href = 'index.php';
}
// --></script>";*/
echo "<span class='postsuccess'>". $postmsg ."</span>";
$username = $_SESSION['user']['username'];
echo "<span class='postsuccess'>". $username ."</span>";
}


And nothing showed up what so ever... Not really sure why it';s doing this since the session control is in the header (i posted this code in my initial post, the login code) :/

n4te02
10-28-2009, 02:51 AM
lol, simplest thing and it works. I needed to add session_start(); to add_post.php :P Thanks for helping me debug :D

Fumigator
10-28-2009, 05:06 AM
I needed to add session_start(); to add_post.php :P Thanks for helping me debug :D

That was going to be my next guess :p



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum