|
|
Posted by edward_sanders on 02/15/07 22:25
Ok, I was asked what the SELECT statement in my mysql was to get
an idea about the problem. I see that I might have some security risks if
I actually used this design on the web. So, for now it is for instructional
purposes and the actual code that I might leave on the web would
include several refinements.
The problem is with this syntax here:
>>>
// Display the text of each joke in the paragraph
while ( $row = mysql_fetch_array($result)) {
$jokeid = $row["ID"];
echo ($row["ID"]);
$deletejoke=$jokeid;
$joketext = $row["JokeText"];
$thispage = $_SERVER["PHP_SELF"];
echo("<p>$joketext " .
"<A HREF='$thispage?deletejoke=$jokeid'>" .
"Delete this Joke</a></p>");
}
>>>>>
What I'm doing is taking a row from the database, which includes,
ID - primary key, JokeText and JokeData (not used here).
mysql_fetch_array($result)
which grabs one row at a time of the db. This works,
$joketext = $row["JokeText"];
but when I try to grab the ID it doesn't like that syntax. At this line,
"<A HREF='$thispage?deletejoke=$jokeid'>" .
The value of deletejoke is never getting assigned to by
$jokeid. Question
)> Can anyone help me figure out why that would not work...
why the ID field isn't being passed to the variable $jokeid ???
While it might be good to improve this code before publishing, I
cannot figure out why that line is not working. I'll include the entire
php code below, now.
>>>>
<?php
// Display form if the user selects the option to add a joke
if (isset($_GET['addjoke'])) :
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" METHOD="POST">
<p>Type your joke here:</p><br />
<TEXTAREA NAME="joke" ROWS=10 COLS=40 WRAP>
</TEXTAREA><BR />
<INPUT TYPE=SUBMIT NAME="submitjoke" VALUE="SUBMIT">
</FORM>
<?php
else:
//echo ("This is a test <br />"); this was used for debugging
// Connect to the database server
$dbcnx = mysql_connect("localhost", "user", "password");
if ( !$dbcnx) {
echo("<p>Unable to connect to the " .
"database server at this time.</p>");
exit();
} /* else { some lines used for debugging here
echo("I connected");
} */
// Select the jokes database
if (!mysql_select_db("jokes", $dbcnx)) {
echo("<p>Unable to connect to the jokes" .
"database at this time.</p>");
exit();
}
// If a joke has been submitted,
// add it to the database
$joketext = $_POST['joke'];
if ("SUBMIT" == $_POST['submitjoke']) {
$sql = "INSERT INTO jokes SET " .
"JokeText='$joketext', " .
"JokeDate=CURDATE()";
if (mysql_query($sql)) {
echo("<p>Your joke has been added.</p>");
} else {
echo ("<p>Error adding submitted joke: " .
mysql_error() . "</p>");
}
}
// If a joke has been deleted,
// remove it from the database
if (isset($_GET['deletejoke'])) {
$deletejoke=$_GET['deletejoke'];
echo("<p>The joke to delete is number $deletejoke");
$sql = "DELETE FROM jokes " .
"WHERE ID=$deletejoke";
if (mysql_query($sql)) {
echo("<p>The joke has been deleted.</p>");
} else {
echo("<p>Error deleting joke: " .
mysql_error() . "</p>");
}
}
echo("<p>Here are all the jokes " .
"in our database: </p>");
// Request the text of all the jokes
$result = mysql_query("SELECT JokeText FROM jokes");
if ( !$result ) {
echo ("<p>Error performing query: " .
mysql_error() . "</p>");
exit();
}
echo("<blockquote>");
// Display the text of each joke in the paragraph
while ( $row = mysql_fetch_array($result)) {
$jokeid = $row["ID"];
echo ($row["ID"]);
$deletejoke=$jokeid;
$joketext = $row["JokeText"];
$thispage = $_SERVER["PHP_SELF"];
echo("<p>$joketext " .
"<A HREF='$thispage?deletejoke=$jokeid'>" .
"Delete this Joke</a></p>");
}
echo("</blockquote>");
// When clicked, this link will load this page
// with the joke submission form displayed.
?>
<p><a href="<?php echo $_SERVER['PHP_SELF']; ?>?addjoke=1">
Add a Joke, by clicking here!</a></p>
<?php
endif;
?>
>>>>>
"shimmyshack" <matt.farey@gmail.com> wrote in message
news:1171496329.713416.196210@a34g2000cwb.googlegroups.com...
> On 14 Feb, 23:11, "edward_sanders" <edward_sand...@bellsouth.net>
> wrote:
>> I meant to add that I am using PHP 5.2.x and
>> mysql 5
>> Thanks,
>> Bruce
>>
>> "edward_sanders" <edward_sand...@bellsouth.net> wrote in message news:...
>> > Hi,
>> > This is a newbie question. I am using a text for learning
>> > php/mysql.
>> > The example is that of a mysql
>> > database of jokes. Before we get to joins there is a
>> > simple table with 3 fields, ID field (primary key, integer),
>> > JokeText, and JokeDate. In the program for some
>> > reason the code is not retrieving the ID for each
>> > row from the db. It gets the JokeText field just fine.
>> > Let me include the snippets below.
>>
>> > This is where each row (each joke) is to be displayed.
>> > Note that the ID is used to give the option of deleting a
>> > joke from the db. The link tag is supposed to get that
>> > ID passed to the link but that isn't happening. Please help.
>> <snip>
>> > // Display the text of each joke in the paragraph
>> > }
>>
>> > Thanks in advance for any help,
>> > Bruce
>
<snip>
>
>
> You should be using POST since the user is changing the application,
> the last thing you want is for someone's browser to prefetch all those
> delete links.
>
Navigation:
[Reply to this message]
|