Forum Moderators: coopster
<!-- Begin Content Section -->
<?php
include("config.php"); if($submit)
{
$headline = mysql_real_escape_string($_POST['headline']);
$body = mysql_real_escape_string($_POST['body']);
if(!$headline){
echo "Error: News title is a required field. Please fill it.";
exit();
}
$result = mysql_query("INSERT INTO news (headline, body, date)
VALUES ('$headline', '$body', NOW())",$connect);
echo "<b>Thank you! News added Successfully!<br>You'll be redirected to Home Page after (4) Seconds";
echo "<meta http-equiv=Refresh content=4;url=index.php>";
}
else
{
?>
<form method="post" action="<?php echo $PHP_SELF?>">
<table align="center">
<tr>
<td>Headline:</td><td><INPUT TYPE="text" SIZE="30" NAME="headline"></td>
</tr>
<tr>
<td>The News:</td><td><TEXTAREA NAME="body" COLS="40" ROWS="5"></TEXTAREA></td>
</tr>
<tr>
<td colspan="2" align="center"><INPUT TYPE="submit" NAME="submit" VALUE="Click Here to Submit News"></td>
</tr>
</table>
</FORM>
<?php
}
?>
<!-- End Content Section -->
Does someone see where this is messed up because it all looks correct to me.
Thanks!
Sounds like you have register globals OFF. Try:
if(isset($_POST['submit']))
dc
I have another question though. I'm building my scripts in piece to make sure they work before putting it all together. I have the following code to check the "users" table for a user name and password:
<?php
include("config.php");
if(isset($_POST['submit']))
{
$username = $_POST["username"];
$password = $_POST["password"]; $result = MYSQL_QUERY("SELECT * from users WHERE username='$username'and password='$password'") or die ("Name and password not found or not matched");
$worked = mysql_fetch_array($result);
$username = $worked[username];
$password = $worked[password];
if($worked)
echo "Welcome, ". $username;
}
else
{ ... an HTML form with two input fields named 'username' and 'password' and a submit button.
The "users" table only has one entry. A user named "demo" with a password of "pass" and an id of 1. If I submit with the user name and password it works fine and displays "Welcome, demo" on the page. If I enter the wrong information the die message "Name and password not found or not matched" doesn't appear.
Sorry for all the questions. I just started attempting to teach myself PHP on Tuesday.
It won`t return false because the way you have used die will only execute if there is a problem with the query. As it is, with the wrong username or password or no username and password, the query is still going to be ok. It just returns nothing. Hope that makes sense.
Try something like this instead:
if(isset($_POST['submit']))
{
$username = $_POST["username"];
$password = $_POST["password"];$result = MYSQL_QUERY("SELECT * from users WHERE username='$username'and password='$password' LIMIT 1") or die (mysql_error());
if (mysql_num_rows($result)>0)
{$worked = mysql_fetch_array($result);
echo "Welcome, ". stripslashes($worked['username']);
}
else
{
echo "Name and password not found or not matched";
}
}
Hope that helps. A couple of things to note. I have used the LIMIT clause as you are fetching only 1 row, stripslashes to display data and the mysql_error in your die clause. This is what you should use, as it will tell you if there is a problem with you query. mysql_num_rows checks to see how many rows are returned, which in this case would be 1, but that is all you need for the check.
dc
