View Single Post
 
Old June 30th, 2010, 09:57 AM
intelman intelman is offline
Registered User
 
Join Date: Jun 2010
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Post

I started to mess with the code and I think there is a problem with the if statement in the creation of the entry

PHP Code:
 if (isset($_SESSION['user_id']) && !empty($title) &&
           !empty(
$article_text)) {
            
$sql 'INSERT INTO cms_articles
                    (user_id, submit_date, title, article_text)
                VALUES
                    (' 
$_SESSION['user_id'] . ', 
                    "' 
date('Y-m-d H:i:s') . '",
                    "' 
mysql_real_escape_string($title$db) . '",
                    "' 
mysql_real_escape_string($article_text$db) . '")';
            
mysql_query($sql$db) or die(mysql_error($db));
        }
      
redirect('cms_index.php');
        break; 
I tested it by commenting out the redirect and placing an echo in the if statement and the echo was never displayed:

PHP Code:
 if (isset($_SESSION['user_id']) && !empty($title) &&
           !empty(
$article_text)) {
           echo 
'Hello World';
            
$sql 'INSERT INTO cms_articles
                    (user_id, submit_date, title, article_text)
                VALUES
                    (' 
$_SESSION['user_id'] . ', 
                    "' 
date('Y-m-d H:i:s') . '",
                    "' 
mysql_real_escape_string($title$db) . '",
                    "' 
mysql_real_escape_string($article_text$db) . '")';
            
mysql_query($sql$db) or die(mysql_error($db));
        }
    
//  redirect('cms_index.php');
        
break; 
I changed the if statement so it is always true to see if I can have have the data entered into the database I get an error:

PHP Code:
 if (== 1) {
            
$sql 'INSERT INTO cms_articles
                    (user_id, submit_date, title, article_text)
                VALUES
                    (' 
$_SESSION['user_id'] . ', 
                    "' 
date('Y-m-d H:i:s') . '",
                    "' 
mysql_real_escape_string($title$db) . '",
                    "' 
mysql_real_escape_string($article_text$db) . '")';
            
mysql_query($sql$db) or die(mysql_error($db));
        }
   
//   redirect('cms_index.php');
        
break; 
Code:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' "2010-06-30 10:44:56", "Hello", ' at line 4