Php and Msql (help solve a coding error somewhere...)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    help Php and Msql (help solve a coding error somewhere...)

    Hi ive tried to modify this script to add a new field named Title into the table via the install.php
    Code:
    <?php
    include "admin/connect.php";
    $createquotes="CREATE TABLE rquote_quotes (
      ID bigint(21) NOT NULL auto_increment,
      Title mediumtext NOT NULL,
      quote mediumtext NOT NULL,
      PRIMARY KEY  (ID)
    )";
    mysql_query($createquotes) or die("Could not create quotes");
    $createadmins="CREATE TABLE rquote_login (
      ID int(10) NOT NULL auto_increment,
      username varchar(255) NOT NULL default '',
      password varchar(255) NOT NULL default '',
      PRIMARY KEY  (ID)
    )";
    mysql_query($createadmins) or die("Could not create admins");
    
    print "Installed";
    ?>
    I think here aint a problem in the above modification...

    But then I modified then I started modifing the Addqoute.php file

    Code:
    <?
    include "connect.php";
    session_start();
    if (isset($_SESSION['username']))
     {
          print "<A href='addquote.php'>Add a quote</a> | <A href='deletequote.php'>Delete a quote</a>|<A href='search.php'>Search</a><br><br>";
         if(isset($add))
          {
            $addquote="Insert into rquote_quotes (quote) values ('$Title','$quote')";
            $r=mysql_query($addquote) or die("Could not insert quote");
            if($r)
               {
                 print "Quote added successfully";
               }
           }
         else
          {
            print "<form action='addquote.php' method='post'>";
            print "Type quote here<br>";
            print "<textarea name='Title' rows='3' cols='20'></textarea><br>";
    print "<textarea name='quote' rows='3' cols='20'></textarea><br>";
    
            print "<input type='submit' name='add' value='add quote'></form>";
          }
       
         
     }
    
    else   
      {
        print "Not logged in as Administrator, please <A href='login.php'>Login</a>";
      }
    
    ?>
    by adding the lines
    Code:
    $addquote="Insert into rquote_quotes (quote) values ('$Title','$quote')";
    and also

    Code:
    print "<textarea name='Title' rows='3' cols='20'></textarea><br>";
    im not sure if this modifications is done correctly.

    then in the deletequote.php file
    Code:
    <?
    include "connect.php";
    session_start();
    if (isset($_SESSION['username']))
     {
          print "<A href='addquote.php'>Add a quote</a> | <A href='deletequote.php'>Delete a quote</a>|<A href='search.php'>Search</a><br><br>";
         if(isset($delete))
          {
            $ID=$_GET[ID];
            $deletequote="Delete from rquote_quotes where ID='$ID'";
            $r=mysql_query($deletequote) or die("Could not delete quote");
            if($r)
               {
                 print "Quote delete successfully";
               }
           }
         else
          { 
            $quotedelete="SELECT * from rquote_quotes";
            $quotedelete2=mysql_query($quotedelete) or die("Could not select");
            while($r3=mysql_fetch_array($quotedelete2))
             {
               print "$r3[Title]<br>";
            print "$r3[quote]<br>";
               print "<form action='deletequote.php?ID=$r3[ID]' method='post'>";
               print "<input type='hidden' name='ID' value='$r3[ID]'>";
               print "<input type='submit' name='delete' value='delete quote'><br>";   
               print "</form>";        
            }
       
         }
    }
    
    else   
      {
        print "Not logged in as Administrator, please <A href='login.php'>Login</a>";
      }
    
    ?>
    i added the lines
    Code:
    print "$r3[Title]<br>";
    on the index.php
    Code:
    <?
    include "admin/connect.php";
    $randomize="SELECT*FROM rquote_quotes";
    $randomize2=mysql_query($randomize);
    $numrow=mysql_num_rows($randomize2);
    
    $j=RAND()%$numrow+1;
    
    $r="SELECT * FROM rquote_quotes where ID='$j' LIMIT 1";
    $r2=mysql_query($r);
    while($r3=mysql_fetch_array($r2))
    {
    print "$r3[Title]<br>";
    print "$r3[quote]";
    }
    ?>
    I added the line
    Code:
    print "$r3[Title]<br>";
    I'm not sure where I did what wrong can you help me solve my problem please?

    #2

    ('$Title','$quote')"; if you're mysql starts $quote, $title ?
    Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
    Visit: WapMasterz Coming Back Soon!
    _______
    SCRIPTS FOR SALE BY SUBZERO
    Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
    FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
    _______
    Info & Tips
    php.net
    w3schools.com

    Comment


      #3
      Originally posted by subzero View Post
      ('$Title','$quote')"; if you're mysql starts $quote, $title ?
      $addquote="Insert into rquote_quotes (Title, quote) values (mysql_real_escape_string($_POST['Title']),mysql_real_escape_string($_POST['quote']))";

      ///////////////////////////
      if(isset($add)) should be: if(isset($_POST['add'))

      ///////////////////////////
      $ID=$_GET[ID]; should be $ID=$_GET['ID']; to avoid errors, better still: $ID = mysql_real_escape_string($_GET['ID']);

      ///////////////////////////
      print "$r3[quote]<br>"; should be on the lines of: print $r3['quote']."<br/>";

      ///////////////////////////
      $randomize="SELECT*FROM rquote_quotes";
      $randomize2=mysql_query($randomize);
      $numrow=mysql_num_rows($randomize2);
      $j=RAND()%$numrow+1;
      $r="SELECT * FROM rquote_quotes where ID='$j' LIMIT 1";

      can be less calls to database:

      $r="SELECT * FROM rquote_quotes where ORDER BY RAND LIMIT 1";

      ///////////////////////////
      print "<textarea name='Title' rows='3' cols='20'></textarea><br>"; maybe better as: print '<input type="text" name="Title"/><br>';

      Comment


        #4
        I have optimize,modify & rewrite

        install.php
        PHP Code:
        <?php
        include 'admin/connect.php';

        $tables = array(
            
        'quotes' => 'CREATE TABLE rquote_quotes (ID bigint(21) NOT NULL auto_increment,Title mediumtext NOT NULL,quote mediumtext NOT NULL,PRIMARY KEY  (ID))',
            
        'admins' => 'CREATE TABLE rquote_login (ID int(10) NOT NULL auto_increment,username varchar(255) NOT NULL default \'\',password varchar(255) NOT NULL default \'\',PRIMARY KEY  (ID))'
        );


        foreach(
        $tables as $table=>$query) {
            if( 
        mysql_query($query) {
                echo 
        '<pre>'.$table.'succesfully created</pre>';
            } else {
                echo 
        '<pre>'mysql_error() .'</pre>';
            }
        }
        ?>
        addquote.php
        PHP Code:
        <?
        include 'connect.php';

        session_start();

        if (isset($_SESSION['username'])) {
            
            print '<a href="addquote.php">Add a quote</a> | <a href="deletequote.php">Delete a quote</a>|<a href="search.php">Search</a><br><br>';

            if (isset($_POST['title'], $_POST['quote'])) {
                $title = mysql_real_escape_string($_POST['title']);
                $quote = mysql_real_escape_string($_POST['quote']);
                
                if (mysql_query("INSERT INTO rquote_quotes(`title`,`quote`) values ('{$title}','{$quote}')")) {
                    echo 'Quote added successfully"';
                } else {
                    echo '<pre>'. mysql_error() .'</pre>';
                }
            } else {
                echo '<form action="addquote.php" method="post">';
                echo '<div>Type quote here</div>';
                echo '<div><textarea name="title" rows="3" cols="20"></textarea></div>';
                echo '<div><textarea name="quote" rows="3" cols="20"></textarea></div>';
                echo '<input type="submit" name="add" value="add quote">';
                echo '</form>';
            } else{
                echo '<p>Not logged in as Administrator, please <a href="login.php">Login</a></p>';
            }
        ?>
        deletequote.php
        PHP Code:
        <?
        include "connect.php";

        session_start();

        if (isset($_SESSION['username'])) {
            print "<p><A href='addquote.php'>Add a quote</a> | <A href='deletequote.php'>Delete a quote</a>|<A href='search.php'>Search</a></p>";

            if(isset($_GET['ID'], $_GET['delete'])) {
                $ID = (int) $_GET[ID];
                
                if ( mysql_query("DELETE FROM rquote_quotes where ID={$ID}") {
                    print "Quote delete successfully";
                } else {
                    echo '<p>Error: '. mysql_error() .'</p>';
                }
            } else {
                $query = mysql_query(SELECT * from rquote_quotes) or die('Error:' .mysql_error());
                    
                while($row = mysql_fetch_assoc($query)) {
                    echo '<h3>'. $r3[Title] .'</h3>';
                    echo '<div>'. $r3[quote] .'</div>';
                    
                    echo "<form action='deletequote.php?ID=$r3[ID]' method='post'>";
                    echo "<input type='hidden' name='ID' value='$r3[ID]'>";
                    echo "<input type='submit' name='delete' value='delete quote'><br>";
                    echo "</form>";
                }
            }
        } else {
            print "Not logged in as Administrator, please <A href='login.php'>Login</a>";
        }
        ?>
        index.php
        PHP Code:
        <?
        include "connect.php";

        session_start();

        if (isset($_SESSION['username'])) {
            print "<p><A href='addquote.php'>Add a quote</a> | <A href='deletequote.php'>Delete a quote</a>|<A href='search.php'>Search</a></p>";

            if(isset($_GET['ID'], $_GET['delete'])) {
                $ID = (int) $_GET[ID];
                
                if ( mysql_query("DELETE FROM rquote_quotes where ID={$ID}") {
                    print "Quote delete successfully";
                } else {
                    echo '<p>Error: '. mysql_error() .'</p>';
                }
            } else {
                $query = mysql_query(SELECT * from rquote_quotes) or die('Error:' .mysql_error());
                    
                while($row = mysql_fetch_assoc($query)) {
                    echo '<h3>'. $r3[Title] .'</h3>';
                    echo '<div>'. $r3[quote] .'</div>';
                    
                    echo "<form action='deletequote.php?ID=$r3[ID]' method='post'>";
                    echo "<input type='hidden' name='ID' value='$r3[ID]'>";
                    echo "<input type='submit' name='delete' value='delete quote'><br>";
                    echo "</form>";
                }
            }
        } else {
            print "Not logged in as Administrator, please <A href='login.php'>Login</a>";
        }
        ?>

        Comment

        Working...
        X