Thread: PHP / MySQL help

Hello everyone, I need some help with a site I'm making. Or more accurately, the admin interface.

Here is admin.php:

Code:

<?php
/*
Mainframe v0.1
TODO:
1) FIXED: Redirect if ?id does not exist
2) Comment more?
*/
if (!isset($_GET['id'])) Header("Location: admin.php?id=0");
include("config.php");
$connect=mysqli_connect($sqlhost,$sqlusr,$sqlpass);
mysqli_select_db($connect, $sqldb);
$id=$_GET['id'];
$contentquery="SELECT $id, content FROM content";
$temp=mysqli_query($connect, $contentquery);
while($row=mysqli_fetch_object($temp)){
	$temp2=$row->id;
	$output=$row->content;
}
?>
<?php include("../header.php"); ?>
	<div id="content">
		<!--Here content will be loaded by php on the finished site...-->
		<h1>Hem</h1>
			<div class="contentseparator"></div>
				<form action="confirm.php?id=<?php echo $_GET['id']; ?>" method="post"><textarea id="id<?php echo $_GET['id']; ?>" name="id<?php echo $_GET['id']; ?>"><?php echo($output); ?></textarea></form>
	</div>
<?php include("../footer.php"); ?>

And here is confirm.php:

Code:

<?php
/*
TODO:
1) Fix preview, use preg_match to remove the backslashes in var preview, like this: asd=\"\"
2) FIXED/Partially: MySQL DB connection, write too.
3) Better look?
4) Comment more?
*/
echo "<html><head></head><body>";
include("config.php");//Include MySQL config
$connect=mysql_connect($sqlhost,$sqlusr,$sqlpass);//Connect to DB
mysql_select_db($sqldb);//Select DB $sqldb
$id=$_GET['id'];
$contentquery="SELECT content FROM content WHERE id=$id";
$temp=mysql_query($contentquery);
while($row=mysql_fetch_object($temp)){
	$temp2=$row->id;
	$output=$row->content;
}

$id=$_GET['id'];//Get the correct id of the page
$preview=$_POST['id'.$id.''];//Preview whatever the user written
preg_replace("%\\\"*\\\"%","",$preview);
echo "<div style=\"text-align: center;\"><p><h1>Preview</h1></p></div><div style=\"border: 1px solid black;\"><p>";
echo $preview;
echo "</p></div><form action=\"send.php?id=".$id."\"><div style=\"text-align: center;\"><p>Are you sure you want to save the content to cell ".$id." in database ".$sqldb."?</p><input type=\"hidden\" name=\"submit\" value=\"submit\" /><input type=\"submit\" /></div></form>";
echo "</body></html>";

if(isset($_POST['submit'])){
	$updatequery="UPDATE content SET content=$output WHERE id=$id";
	$result=mysql_query($updatequery) or die("Update failed!");
}

?>

admin.php gets the ?id= from the adress field and gets the content field from the corresponding mysql database id. the menu is built with links like: index.php?id=2 and the admin interface is: admin.php?id=2 . Anyway it loads the correct entry and it will know what content to replace with what, and with the correct cell. However, when I press submit on confirm.php it will not do anything. It would not update the cell. Does anyone know whats the problem? If there's anything unclear, please ask me.

I've had a quick look but can not see an error in your coding. Are you sure it is this section of code that is causing the error?

Thanks for the reply, I partially managed to solve it, by using a javascript confirmation. However I use a WYSIWYG editor and it has it's own save button(which basically submits the form), therefore I want to use the onsubmit() event in the <form> tag but it doesent work. If I use a onclick event on a submit button it work tough. Any ideas?

EDIT: Here is a updated confirm.php:

Code:

<?php
/*
--------------------------
Preview for Vikens Husvärd v0.1
--------------------------
TODO:
1) FIXED: MySQL DB connection, write too.
2) Comment more?
*/
echo '<html><head></head><body>';
include("config.php");//Include MySQL config
$connect=mysql_connect($sqlhost,$sqlusr,$sqlpass);//Connect to DB
mysql_select_db($sqldb);//Select DB $sqldb
$id=$_GET['id'];//Get the correct id of the page
$preview=$_POST['id'.$id.''];//Store the content written, it's already escaped and done :)
if($_GET['action']=="update"&&isset($preview)){
	$updatequery='UPDATE content SET content="$preview" WHERE id="$id"';
	mysql_query($updatequery);
	echo 'Success!';
} else {
	echo '<a href="admin.php?id=0">You got here by mistake</a>';
}
echo '</body>';
?>

The ID is sent via form and and the preview var gets the data it should from a form in admin.php. Everything appears to be working except that it just wont update, any ideas?