View Single Post
Old September 17th, 2010, 05:21 AM
DMatt DMatt is offline
Authorized User
Points: 152, Level: 3
Points: 152, Level: 3 Points: 152, Level: 3 Points: 152, Level: 3
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
Join Date: Jun 2010
Location: Bra - Italy
Posts: 36
Thanks: 1
Thanked 1 Time in 1 Post

In these script there are several errors, start with cms_compose.php
PHP Code:
   <td><label for="title">Title:</label></td>
   <td><input type="text" name="title" id="title" maxlength="255"
     value="<?php echo htmlspecialchars($title); ?>"/></td>
   <td><label for="article_text">Text:</label></td>
   <td><textarea name="article_text" name="article_text" rows="10"
     cols="60"><?php echo htmlspecialchars($article_text); ?></textarea></td>
There are two name="article_text", one must be id="article_text"

next problem:
PHP Code:
if (empty($article_id)) {
'<input type="submit" name="action" "value="Submit New Article"/>';
} else {
'<input type="hidden" name="article_id" value="' $article_id '"/>';
'<input type="submit" name="action" "value="Save Changes"/>';

look the html syntax, just before value="Submit New Article" and "Save Changes" there are two (") character, they must be deleted.

Next step, cms_transact_article.php
PHP Code:
case 'Submit New Article':
$title = (isset($_POST['title'])) ? $_POST['title'] : '';
$article_text = (isset($_POST['article_text'])) ? $_POST['article_text']
        if (isset(
$_SESSION['user_id']) && !empty($title) &&
$article_text)) {
$sql 'INSERT INTO cms_articles
                    (user_id, submit_date, title, article_text)
$_SESSION['user_id'] . ', 
date('Y-m-d H:i:s') . '",
mysql_real_escape_string($title$db) . '",
mysql_real_escape_string($article_text$db) . '")';
mysql_query($sql$db) or die(mysql_error($db));
The script seems only redirect to the cms_index.php, normal behavior if the conditions "(isset($_SESSION['user_id']) && !empty($title) && !empty($article_text))" are not valid.. but.. also the mysql syntax can have errors, just try to delete all the "if" cicle, the script will return the error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' "2010-06-30 10:44:56", "Hello", ' at line 4
Probably the syntax date('Y-m-d H:i:s') is not correct, or the database settings are wrong for receive this input.. I will try to fix it as soon is possible.. bye

Last edited by DMatt; September 17th, 2010 at 10:50 AM..