Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Jun 2009
    Location
    MA
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts

    PHP form submission with sessions

    Hey everyone... So, I have a form that submits a message, name, userid, category, and datetime into the database. It all works fine except the userid... I had it working before, but now I have no clue why it stopped working

    If a person is logged in, the "username" field becomes a dropdown menu and they can choose between Anonymous or their Username. I want it to insert the users 'id' (users table in the DB) into the post as well as update a post count in the users table.

    It confuses the hell out of me because the same exact fetch array to display their info if they're logged in or not works perfectly (using sessions)... but for w/e reason it's not working in this particular INSERT function.

    Anyway, here's the add_post.php which displays errors or success, then processes the function if it's a success - db_connect(); is a function to connect to the DB:
    PHP Code:
    <?php
    require_once('functions.php');
    db_connect();

    $message $_POST['guestbook_message'];
    $name $_POST['guestbook_name'];
    $datetime $_POST['datetime'];
    $category $_POST['category'];

    if (
    strlen($message) < 50)
        {
        
    $msgerror "<strong>Error:</strong> Your message length is too short.";
        }
    if (
    $category == 1)
        {
        
    $msgerror "<strong>Error:</strong> Please choose a category.";
        }

    $bad_word_list "<object, </object>, <script, <param, </script>, </param>, <a href, ja&#118, &#0000106&#0000097&#0000118&, &#x6A&#x61&#x76&#x61&#x73, &#x09;, &#x0A;, &#x0D;, alert\(, <iframe, <embed, <meta, http://, www., .com, .net, .org, dot com, dot net, dot org, (dot) com, (dot) net, (dot) org";
    $bad_words explode(", ",$bad_word_list);
    foreach (
    $bad_words as $word)
        {
        if (
    false !== stripos($message$word))
            {
            
    $msgerror "<strong>Error:</strong> Your message might contain unauthorized words.";
            }
        }
        
    if(
    $msgerror)
        {
        
    $postmsg $msgerror;
        echo 
    "<span class='posterror'>"$postmsg ."</span>";
        }
    else
        {
        
    add_post($message$name$userid$datetime$category);
        
    $postmsg "<strong>Success!</strong> Your comment has been posted.
                    <script type=\"text/javascript\"><!--
                    setTimeout('Redirect()',1000);
                    function Redirect()
                    {
                      location.href = 'index.php';
                    }
                    // --></script>"
    ;
        echo 
    "<span class='postsuccess'>"$postmsg ."</span>";
        }
    ?>
    And here is the function:
    PHP Code:
    function add_post($message$name$userid$datetime$category)
        {
        
    $name mysql_real_escape_string($name);
        
    $message mysql_real_escape_string(stripslashes(ereg_replace("\r\n""<br />"$message)));
        
    $time strtotime("now");
        
    $time $time 3600;
        
    $datetime date("m/d/y @ h:i:sa"$time);

        
    $connection db_connect();
        
    $username $_SESSION['user']['username'];
        
    $user_array mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"));
        
    $userid $user_array['id'];
        
        
    $query "INSERT INTO `posts`(name, userid, content, datetime, category) VALUES('$name', '$userid', '$message', '$datetime', '$category')";
        
    mysql_query($query$connection);

        
    // find the user and update comment count
        
    $sql "SELECT * FROM `users` WHERE `id` = '$userid'";
        
    $result mysql_query($sql);
        
    $rows mysql_fetch_array($result);
        
        if (
    $rows)
            {
            
    $max_post $rows['posts'] + 1;
            }
        else
            {
            
    $max_post 1;
            }

        
    $q "UPDATE `users` SET `posts` = '$max_post' WHERE `id` = '$userid'";
        
    mysql_query($q);
        
        
    db_close($connection);
        } 
    And I am not sure this is needed but this is the code that works fine, displaying whether or not they're logged in:
    PHP Code:
    $session $_SESSION['in'];
    if (
    $session)
        {
        
    $username $_SESSION['user']['username'];
        }
        
    if(
    $session != "yes"// generate login form
        
    {
        
    $login '<form action="login.php" method="post">
        <p>
        <label class="loginField">Username:</label> 
        <input class="login" type="text" name="log" id="log" value="" />
        </p>
        <p>
        <label class="loginField">Password:</label> 
        <input class="login" type="password" name="pwd" id="pwd" value="" />
        </p>
        <div style="text-align: right;">
            <input type="submit" name="submitlogin" value="Submit" class="button_login" id="submit" />
        </div>

        </form><br />
        <div id="loginajax"><a href="#submit_register" name="modal"><strong>Sign up</strong>
        </a> | <a href="forgot.php">Forgot Password?</a></div>'
    ;
        }
    else
        {
        
    db_connect();
        
    $username $_SESSION['user']['username'];
        
    $user_array mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"));
        
        
    $login 'Welcome back, <strong>'$user_array['name'] .'</strong>. &nbsp;<a href="logout.php" name="logout" id="logout">Logout</a><br /><br /><br />
            <a href="settings.php">Edit Profile</a> | <a href="profile.php?user='
    $username .'">View Profile</a>';
        } 
    Like I said...that fetch array brings up the appropriate info, but for w/e reason does not work in the add_post function Any help would be greatly appreciated!!!

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    First thing you should do now and forever more, is check your mysql_query() function calls to make sure they worked. You should develop a good error routine that gives you enough information to determine what went wrong with your query.

    I'm not 100% positive your query is even failing here. But that's the point-- No one knows! Believe me when I tell you this will save your own sanity.

    Example:

    PHP Code:
    $query "SELECT whatever FROM wherever";
    $result mysql_query($query);
    //check that query, make sure it worked
    if (!$result) {
        die(
    "Oops!  Query failure! Query is $query<br/>error text: ".mysql_error());


  • #3
    New Coder
    Join Date
    Jun 2009
    Location
    MA
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the response. I did what you said and nothing.. no errors or anything, so now I am more confused lol.

  • #4
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Something else you can try is display the $_SESSION array using print_r.

    PHP Code:
    echo "<pre>".print_r($_SESSION,true)."</pre>"
    This tells you if your session is working and if the data is what you'd expect it should be.

  • #5
    New Coder
    Join Date
    Jun 2009
    Location
    MA
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts
    good catch! for some reason it's not picking the session up, very weird....
    I did this to check if it's picking it up:
    PHP Code:
    if($msgerror)
        {
        
    $postmsg $msgerror;
        echo 
    "<span class='posterror'>"$postmsg ."</span>";
        }
    else
        {
        
    //add_post($message, $name, $userid, $datetime, $category);
        /*$postmsg = "<strong>Success!</strong>
                    <script type=\"text/javascript\"><!--
                    setTimeout('Redirect()',1000);
                    function Redirect()
                    {
                      location.href = 'index.php';
                    }
                    // --></script>";*/
        
    echo "<span class='postsuccess'>"$postmsg ."</span>";
        
    $username $_SESSION['user']['username'];
        echo 
    "<span class='postsuccess'>"$username ."</span>";
        } 
    And nothing showed up what so ever... Not really sure why it';s doing this since the session control is in the header (i posted this code in my initial post, the login code) :/

  • #6
    New Coder
    Join Date
    Jun 2009
    Location
    MA
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts
    lol, simplest thing and it works. I needed to add session_start(); to add_post.php :P Thanks for helping me debug

  • #7
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Quote Originally Posted by n4te02 View Post
    I needed to add session_start(); to add_post.php :P Thanks for helping me debug
    That was going to be my next guess


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •