Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Beginning PHP 6, Apache, MySQL 6 Web Development ISBN: 9780470391143
This is the forum to discuss the Wrox book Beginning PHP 6, Apache, MySQL 6 Web Development by Timothy Boronczyk, Elizabeth Naramore, Jason Gerner, Yann Le Scouarnec, Jeremy Stolz; ISBN: 9780470391143
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning PHP 6, Apache, MySQL 6 Web Development ISBN: 9780470391143 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old November 25th, 2009, 10:04 PM
Registered User
 
Join Date: Nov 2009
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Chapter 13 - Submit Article - Errata

Using files supplied online, and comparing to the book, the code provided in chapter 13: Building a Content Management System does not permit one to post article_text to the MySQl database. We cannot compose an article and post it to a table (and it doesn't show up as a pending article. Everything else about the application works. Is there a correction available? Other than that, great book. Thanks. Steve
Reply With Quote
  #2 (permalink)  
Old June 30th, 2010, 08:58 AM
Registered User
 
Join Date: Jun 2010
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have the same problem, I downloaded the files and typed out the code from the book and it doesn't work, I can't seem to find any problem in the code as far as I can see. Can anyone give some light on this problem?
Reply With Quote
  #3 (permalink)  
Old June 30th, 2010, 09:57 AM
Registered User
 
Join Date: Jun 2010
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Post

I started to mess with the code and I think there is a problem with the if statement in the creation of the entry

PHP Code:
 if (isset($_SESSION['user_id']) && !empty($title) &&
           !empty(
$article_text)) {
            
$sql 'INSERT INTO cms_articles
                    (user_id, submit_date, title, article_text)
                VALUES
                    (' 
$_SESSION['user_id'] . ', 
                    "' 
date('Y-m-d H:i:s') . '",
                    "' 
mysql_real_escape_string($title$db) . '",
                    "' 
mysql_real_escape_string($article_text$db) . '")';
            
mysql_query($sql$db) or die(mysql_error($db));
        }
      
redirect('cms_index.php');
        break; 
I tested it by commenting out the redirect and placing an echo in the if statement and the echo was never displayed:

PHP Code:
 if (isset($_SESSION['user_id']) && !empty($title) &&
           !empty(
$article_text)) {
           echo 
'Hello World';
            
$sql 'INSERT INTO cms_articles
                    (user_id, submit_date, title, article_text)
                VALUES
                    (' 
$_SESSION['user_id'] . ', 
                    "' 
date('Y-m-d H:i:s') . '",
                    "' 
mysql_real_escape_string($title$db) . '",
                    "' 
mysql_real_escape_string($article_text$db) . '")';
            
mysql_query($sql$db) or die(mysql_error($db));
        }
    
//  redirect('cms_index.php');
        
break; 
I changed the if statement so it is always true to see if I can have have the data entered into the database I get an error:

PHP Code:
 if (== 1) {
            
$sql 'INSERT INTO cms_articles
                    (user_id, submit_date, title, article_text)
                VALUES
                    (' 
$_SESSION['user_id'] . ', 
                    "' 
date('Y-m-d H:i:s') . '",
                    "' 
mysql_real_escape_string($title$db) . '",
                    "' 
mysql_real_escape_string($article_text$db) . '")';
            
mysql_query($sql$db) or die(mysql_error($db));
        }
   
//   redirect('cms_index.php');
        
break; 
Code:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' "2010-06-30 10:44:56", "Hello", ' at line 4
Reply With Quote
  #4 (permalink)  
Old September 17th, 2010, 05:21 AM
Authorized User
Points: 152, Level: 3
Points: 152, Level: 3 Points: 152, Level: 3 Points: 152, Level: 3
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2010
Location: Bra - Italy
Posts: 36
Thanks: 1
Thanked 1 Time in 1 Post
Default

In these script there are several errors, start with cms_compose.php
PHP Code:
<tr>
   <td><label for="title">Title:</label></td>
   <td><input type="text" name="title" id="title" maxlength="255"
     value="<?php echo htmlspecialchars($title); ?>"/></td>
  </tr><tr>
   <td><label for="article_text">Text:</label></td>
   <td><textarea name="article_text" name="article_text" rows="10"
     cols="60"><?php echo htmlspecialchars($article_text); ?></textarea></td>
  </tr><tr>
There are two name="article_text", one must be id="article_text"

next problem:
PHP Code:
if (empty($article_id)) {
    echo 
'<input type="submit" name="action" "value="Submit New Article"/>';
} else {
    echo 
'<input type="hidden" name="article_id" value="' $article_id '"/>';
    echo 
'<input type="submit" name="action" "value="Save Changes"/>';

look the html syntax, just before value="Submit New Article" and "Save Changes" there are two (") character, they must be deleted.

Next step, cms_transact_article.php
PHP Code:
case 'Submit New Article':
        
$title = (isset($_POST['title'])) ? $_POST['title'] : '';
        
$article_text = (isset($_POST['article_text'])) ? $_POST['article_text']
            : 
'';
        if (isset(
$_SESSION['user_id']) && !empty($title) &&
            !empty(
$article_text)) {
            
$sql 'INSERT INTO cms_articles
                    (user_id, submit_date, title, article_text)
                VALUES
                    (' 
$_SESSION['user_id'] . ', 
                    "' 
date('Y-m-d H:i:s') . '",
                    "' 
mysql_real_escape_string($title$db) . '",
                    "' 
mysql_real_escape_string($article_text$db) . '")';
            
mysql_query($sql$db) or die(mysql_error($db));
        }
        
redirect('cms_index.php');
        break; 
The script seems only redirect to the cms_index.php, normal behavior if the conditions "(isset($_SESSION['user_id']) && !empty($title) && !empty($article_text))" are not valid.. but.. also the mysql syntax can have errors, just try to delete all the "if" cicle, the script will return the error:
Quote:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' "2010-06-30 10:44:56", "Hello", ' at line 4
.
Probably the syntax date('Y-m-d H:i:s') is not correct, or the database settings are wrong for receive this input.. I will try to fix it as soon is possible.. bye

Last edited by DMatt; September 17th, 2010 at 10:50 AM..
Reply With Quote
  #5 (permalink)  
Old September 21st, 2010, 04:30 PM
Authorized User
Points: 152, Level: 3
Points: 152, Level: 3 Points: 152, Level: 3 Points: 152, Level: 3
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2010
Location: Bra - Italy
Posts: 36
Thanks: 1
Thanked 1 Time in 1 Post
Default

Ok, i fix it... finally...

For enter the article data in the database and show them, we have to modify 2 script: cms_transact_article.php and cms_compose.php

The right solution for cms_transact_article is here:
PHP Code:
case 'Submit New Article':
        
$title = (isset($_POST['title'])) ? $_POST['title'] : '';
        
$article_text = (isset($_POST['article_text'])) ? $_POST['article_text'] : '';
        
$user_id = (isset($_POST['user_id'])) ? $_POST['user_id'] : '';
    if (!empty(
$user_id) && !empty($title) && !empty($article_text)) {
            
$sql "INSERT INTO cms_articles
        (user_id, submit_date, title, article_text)
        VALUES
        ('
$user_id', NOW(), '$title', '$article_text')";

            
mysql_query($sql$db) or die (mysql_error($db));
        }
        
redirect('cms_index.php');
        break; 
and the cms_compose is here:
PHP Code:
if (empty($article_id)) {
    echo 
'<input type="hidden" name="user_id" value="' $_SESSION['user_id'] . '"/>';
    echo 
'<input type="submit" name="action" value="Submit New Article"/>'
The problem was an incorrect syntax of mysql instructions and the value of $_SESSION['user_id'] that wasn't passed through the pages.. As you look i've fix the syntax problems first, and after set user_id like a "post" data..

The comments have the same problems... This book is full of f*****g errors..
Reply With Quote
  #6 (permalink)  
Old October 14th, 2010, 02:15 AM
Authorized User
 
Join Date: Sep 2010
Posts: 20
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Nice work DMatt! I changed your code a little bit in cms_transact to pass values to mysql_real_escape_string() like this:

Code:
$title = (isset($_POST['title'])) ? mysql_real_escape_string($_POST['title'], $db) : '';
$article_text = (isset($_POST['article_text'])) ? mysql_real_escape_string($_POST['article_text'], $db) : '';
$user_id = (isset($_POST['user_id'])) ? $_POST['user_id'] : '';
This is because it's very dangerous to let users enter outside data into the datasbase without cleaning first. $user_id doesn't need it because it's value is generated internally.

Last edited by bopjo1; October 14th, 2010 at 02:19 AM..
Reply With Quote
  #7 (permalink)  
Old November 13th, 2010, 07:56 AM
Registered User
 
Join Date: Nov 2010
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default I use DMatt's code but it doesn't work ,finaly iI fount the error

The "cms_compose.php" If we do like this :
Code:
require 'db.inc.php';
 include 'cms_header.inc.php';

 $db = mysql_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD) or
      die ('Unable to connect .Check your connection parameters.');
   mysql_select_db(MYSQL_DB,$db) or die(mysql_error($db));
 $action = (isset($_GET['action'])) ? $_GET['action'] : '';
 $article_id = (isset($_GET['article_id']) && ctype_digit($_GET['article_id'])) ? $_GET['article_id'] : '';

 $title = (isset($_POST['title'])) ? $_POST['title'] : '';
 $article_text = (isset($_POST['article_text'])) ? $_POST['article_text'] : '';
 //$user_id = (isset($_POST['user_id'])) ? $_POST['user_id'] : '';//delete this row
and edit the "cms_transact_article.php" Add "session_start()"
Code:
 require_once 'db.inc.php';
   require_once 'cms_http_functions.inc.php';
   session_start();//add this row   
  $db = mysql_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD) or
      die ('Unable to connect .Check your connection parameters.');
   mysql_select_db(MYSQL_DB,$db) or die(mysql_error($db));
  if (isset($_REQUEST['action']))
  {
  	switch ($_REQUEST['action'])
  	{
  		case 'Submit New Article':
  		     $title = (isset($_POST['title'])) ? $_POST['title'] : '';
             $article_text = (isset($_POST['article_text'])) ? $_POST['article_text']: '';
        if (isset($_SESSION['user_id']) && !empty($title) &&
            !empty($article_text)) {
            $sql = 'INSERT INTO cms_articles
                    (user_id, submit_date, title, article_text)
                VALUES
                    (' . $_SESSION['user_id'] . ',
                    "' . date('Y-m-d H:i:s') . '",
                    "' . mysql_real_escape_string($title, $db) . '",
                    "' . mysql_real_escape_string($article_text, $db) . '")';
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_index.php');
        break;
and we can find it work . I 'm from china so my English is terrible ,forgive me!
The $_SESSION['user_id'] is always exist.and it's value only be changed in "cms_compose.php" "";

Last edited by jackzengfanwei; November 13th, 2010 at 08:03 AM..
Reply With Quote
  #8 (permalink)  
Old February 11th, 2014, 08:02 AM
Registered User
Points: 8, Level: 1
Points: 8, Level: 1 Points: 8, Level: 1 Points: 8, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Feb 2014
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy ch13 cms_transact_article.php

I also Download ch13 full code from this site .
but unfortunately that problem is still continue.

my actually problem is not inserting data in data base
& editing problem
plz solve is
Code:
 
<?php
require_once 'db.inc.php';
require_once 'cms_http_functions.inc.php';

$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or
    die ('Unable to connect. Check your connection parameters.');

mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));

if (isset($_REQUEST['action'])) {

    switch ($_REQUEST['action']) {
    case 'Submit New Article':
        $title = (isset($_POST['title'])) ? $_POST['title'] : '';
        $article_text = (isset($_POST['article_text'])) ? $_POST['article_text']
            : '';
        if (isset($_SESSION['user_id']) && !empty($title) &&
            !empty($article_text)) {
            $sql = 'INSERT INTO cms_articles
                    (user_id, submit_date, title, article_text)
                VALUES
                    (' . $_SESSION['user_id'] . ', 
                    "' . date('Y-m-d H:i:s') . '",
                    "' . mysql_real_escape_string($title, $db) . '",
                    "' . mysql_real_escape_string($article_text, $db) . '")';
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_index.php');
        break;

    case 'Edit':
        redirect('cms_compose.php?action=edit&article_id=' . $_POST['article_id']);
        break;

    case 'Save Changes':
        $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : '';
        $user_id = (isset($_POST['user_id'])) ? $_POST['user_id'] : '';
        $title = (isset($_POST['title'])) ? $_POST['title'] : '';
        $article_text = (isset($_POST['article_text'])) ? $_POST['article_text']
            : '';
        if (!empty($article_id) && !empty($title) && !empty($article_text)) {
            $sql = 'UPDATE cms_articles SET 
                    title = "' . mysql_real_escape_string($title, $db) . '",
                    article_text = "' . mysql_real_escape_string($article_text,
                        $db) . '",
                    submit_date = "' . date('Y-m-d H:i:s') . '"
                WHERE
                    article_id = ' . $article_id;
            if (!empty($user_id)) {
                $sql .= ' AND user_id = ' . $user_id;
            }
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        if (empty($user_id)) {
            redirect('cms_pending.php');
        } else {
            redirect('cms_cpanel.php');
        }
        break;

    case 'Publish':
        $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : '';
        if (!empty($article_id)) {
            $sql = 'UPDATE cms_articles SET 
                    is_published = TRUE,
                    publish_date = "' . date('Y-m-d H:i:s') . '"
                WHERE
                    article_id = ' . $article_id;
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_pending.php');
        break;

    case 'Retract':
        $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : '';
        if (!empty($article_id)) {
            $sql = 'UPDATE cms_articles SET 
                    is_published = FALSE,
                    publish_date = "0000-00-00 00:00:00"
                WHERE
                    article_id = ' . $article_id;
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_pending.php');
        break;

    case 'Delete':
        $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : '';
        if (!empty($article_id)) {
            $sql = 'DELETE a, c FROM
                    cms_articles a LEFT JOIN cms_comments c ON
                    a.article_id = c.article_id
                WHERE
                    a.article_id = ' . $article_id . ' AND
                    is_published = FALSE';
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_pending.php');
        break;

    case 'Submit Comment':
        $article_id = (isset($_POST['article_id'])) ? $_POST['article_id'] : '';
        $comment_text = (isset($_POST['comment_text'])) ?
            $_POST['comment_text'] : '';
        if (isset($_SESSION['user_id']) && !empty($article_id) &&
            !empty($comment_text)) {
            $sql = 'INSERT INTO cms_comments 
                    (article_id, user_id, comment_date, comment_text)
                VALUES
                    (' . $article_id . ',
                    ' . $_SESSION['user_id'] . ',
                    "' . date('Y-m-d H:i:s') . '",
                    "' . mysql_real_escape_string($comment_text, $db) . '")';
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_view_article.php?article_id=' . $article_id);
        break;

    default:
        redirect('cms_index.php');
    }
} else {
    redirect('cms_index.php');
}
?>
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Chapter 5 Errata rogerj BOOK: Professional ADO.NET 3.5 with LINQ and the Entity Framework ISBN: 978-0-470-22988-0 0 February 21st, 2009 04:53 PM
chapter 12 composing article cfemocha BOOK: Beginning PHP, Apache, MySQL Web Development ISBN: 978-0-7645-5744-6 1 October 7th, 2004 11:16 PM
Chapter 12 Transact-Article.php czambran BOOK: Beginning PHP, Apache, MySQL Web Development ISBN: 978-0-7645-5744-6 2 June 17th, 2004 01:58 PM



All times are GMT -4. The time now is 02:19 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.