Forum Moderators: coopster
Here's how the script works. The user logs in (first page) and is sent to their user panel (second page). So far, so good. In the panel, the user can enter a userid number, press submit, and they are sent to an edit page (third page), where they see that database row information, plus an image (where they can edit the info). Here's where everything falls apart.
When I enter a userid number in the user panel and press "submit", I get the "Not understood!" error, as found in the script below. I am including the session.php script (with the header function) as well as the edit.php page (which I have shortened). See if you can find the problem?
session.php page code:
<?PHP
session_start();
if (!$_SESSION['user'] ¦¦!$_SESSION['pass']) {
header('Location: index.php');
die();
} else {
include("config.php" );
$result = @mysql_query("SELECT count(userid) FROM members WHERE password='$_SESSION[pass]' AND lastname='$_SESSION[user]'") or die("Couldn't query the user-database.");
$num = @mysql_result($result, 0);
if (!$num) {
header('Location: index.php');
die();
}
}
?>
edit.php code:
<?php
include("session.php");
include("config.php");
if( empty($_POST['action']) )
{
// Get the ID
}
else if( strcasecmp($_POST['action'], "Find Photo")==0 )
{
$result = mysql_query( "SELECT photo_filename,photo_category,code,firstname,lastname FROM members WHERE userid='".addslashes($_POST['userid'])."'" );
$nr = mysql_num_rows( $result );
if( $nr < 1 )
{
echo("Photo not found in DB!");
echo("<br><a href='admin.php'>Back to Administration Page</a>");
exit;
}
$row = mysql_fetch_array( $result );
mysql_free_result( $result );
echo("Picture ID: ".$_POST['userid']."<br><br>");
echo("<a href='index.php?cid=".$row['photo_category']."&pid=".$_POST['userid']."'><img src='".$images_dir."/tb_".$row[1]."' border='0' alt='".$row[0]."' /></a>");
// Build the Category List
$result = mysql_query( "SELECT category_id,category_name FROM other" );
while( $row2 = mysql_fetch_array( $result ) )
{
if( $row2["category_id"] == $row["photo_category"] )
{
$category_list .=<<<__HTML_END
<option value="$row2[0]" selected>$row2[1]</option>\n
__HTML_END;
}
else
{
$category_list .=<<<__HTML_END
<option value="$row2[0]">$row2[1]</option>\n
__HTML_END;
}
}
mysql_free_result( $result );
$category_list = '<select name="categoryid">'.$category_list.'</select>';
?>
<form name="photo_move" action="edit_photo.php" method="post">
<b>Update Information From Fill-Ins:</b><br /><br />
Update First Name: <input type="text" name="firstname" size="40" value="<?php echo($row["firstname"]);?>" /><br /><br />
Update Last Name: <input type="text" name="lastname" size="40" value="<?php echo($row["lastname"]);?>" /><br /><br />
___________________________________________________<br /><br />
<b>Approve Submission:</b><br /><br />
To approve, change this box
<input type="text" name="approval" size="2" value="<?php echo($row["code"]);?>" /><br />
<input type="hidden" value="<?php echo($_POST['userid']);?>" name="userid" /><br />
<input type="submit" value="Submit Changes" name="action" />
</form>
<br /><br />
<form name="photo_delete" action="edit_photo.php" method="post">
<b>Delete Submission:</b><br /><br />
Click the "Delete" button.<br /><br />
<input type="hidden" value="<?php echo($_POST['userid']);?>" name="userid" />
<input type="submit" value="Delete" name="action" onclick="return confirm('Are you sure?')" /><br /><br /><br />
</form>
<a href="admin.php">Back to Admin</a>
<?php
}
else
{
if( strcasecmp($_POST['action'], "Submit Changes")==0 &&!empty( $_POST['categoryid'] ) )
{
edit_photo($_POST['userid'], $_POST['code'], $_POST['firstname'], $_POST['lastname']);
}
else if( strcasecmp($_POST['action'], "Delete This Photo")==0 &&!empty( $_POST['userid'] ) )
{
delete_photo($_POST['userid']);
}
else
{
echo("Not understood!<br><a href='admin.php'>Back to Admin</a>"); exit;
}
echo("Process completed!<br><a href='admin.php'>Back to Admin</a>" );
}
// the functions here
function edit_photo( $userid, $new_code, $new_firstname, $new_lastname)
{
mysql_query( "UPDATE members SET code='".addslashes( $new_code )."', firstname='".addslashes( $new_firstname )."', lastname='".addslashes( $new_lastname )."' WHERE userid='".addslashes( $userid )."'" );
}
function delete_photo($userid)
{
global $images_dir;
$result = mysql_query("
SELECT photo_filename
FROM members
WHERE userid = '" . addslashes($userid) . "'
");
list($filename) = mysql_fetch_array($result);
mysql_free_result($result);
unlink($images_dir . '/' . $filename);
unlink($images_dir . '/tb_' . $filename);
mysql_query("
DELETE FROM members
WHERE userid='" . addslashes($userid) . "'
");
}
?>
error_reporting(1); on top of your page to see if any error is thrown or if you can check error log of the server.
you are using addslashes() make sure your magic quotes are off otherwise it will be adding extra slash to the values and your queries might be breaking, so print your all queries to see their actual shapes.
print global arrays of session and POST / GET on pages in question to see if you are getting values properly.
Magic_quotes_gpc is set to "on". When I changed it to "off" in the php.ini file, I still got the "Not understood" message. Since it didn't work, I changed it back to "on".
How do I "print global arrays of session"?
What should I do to make this script work? Do I change the script or the php.ini settings? Is there another problem?
echo "<pre>"; print_r($_SESSION);
without studying your complete script and php.ini settings I cannot say which one needs to be changed.
Using your line, the array I got was the user (login name), pass (login password), and code (code value given at login).
These were all from the initial login page (which then went to the user panel where an id number is entered to query one row in the database, and then went to the edit page where that row should be displayed for editing - which I can't get to work).
In the php.ini file:
magic_quotes_gpc = On
magic_quotes_runtime = Off
magic_quotes_sybase = Off
Thanks again for your help!
e.g post the code where your page is breaking exactly and also post the exact error. NOT WORKING or CANT GET IT WORK is very complicated explanation of an error.
Sorry that I wasn't clear enough. When I enter a userid number and click "submit" on the previous user panel page (form with method="post" action="edit.php"), I am sent to edit.php page (code is above). All I see on the page is "Not understood!" with the link "Back to Admin", which comes from the code line found in edit.php: echo("Not understood!<br><a href='admin.php'>Back to Admin</a>"); exit;
The code is working on another server using php4. The problem I am having is with a different server, with another host, using php5.
I also found that register_globals are off. I don't know if that means anything.
I honestly don't know where this is "breaking" to give you additional information. I can't find that any errors are thrown. I don't know what additional code you might want.
I do appreciate all of your help. I have spent weeks trying to figure this out, and I am no closer to an answer. I even tried redoing the entire edit.php page yesterday, as it is modified from the other site I spoke of. After redoing the page, I still got the "Not understood! Back to Admin" message.
Just as you said, I read that magic_quotes set to on with addslashes is a problem. When I tried to change it to off in php.ini I still got the "Not understood!" message. I don't know why that didn't work. Right now, magic_quotes_gpc are set to "on".
The code line you suggested showed that the session information (user, pass, code) is being passed from the login page to the edit.php page.
Should I change the code on the page to match my php.ini settings? How would I do this?
I don't know what else to try.
