1

I have a php posting script and I need it to grab the data from the database. Here's the script:

    <?php
error_reporting(E_ALL);
  session_start();

  // If the session vars aren't set, try to set them with a cookie
  if (!isset($_SESSION['user_id'])) {
    }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Cheesecake Productions - Post Topic</title>
  <link rel="stylesheet" type="text/css" href="include/style/content.css" />
</head>
<body>

<?php

include ("include/header.html");

include ("include/sidebar.html");

?>
<div class="container">
<?php

  require_once('appvars.php');
  require_once('connectvars.php');

  // Make sure the user is logged in before going any further.
  if (!isset($_SESSION['user_id'])) {
    echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';
    exit();
  }
  else {
    echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '. <a href="logout.php">Log out</a>.</p>');
  }

  // Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die('could not connect to mysql '.mysqli_connect_error());

// Grab the profile data from the database
$query = "SELECT first_name FROM ccp2_user WHERE first_name = '" . $_SESSION['user_id'] . "'";
    $data = mysqli_query($dbc, $query);

    ///////////////////////////
   ///What must I do after////
  //getting the data from////
 //database. I am new to////
//PHP//////////////////////
//////////////////////////



  $row = mysqli_fetch_array($data);
   $first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name']));



  if (isset($_POST['submit'])) {
    // Grab the profile data from the POST
     $post1 = mysqli_real_escape_string($dbc, trim($_POST['post1']));

    // Update the profile data in the database
    if (!$error) {
      if (!empty($post1)) {
        // Only set the picture column if there is a new picture
    $query = "INSERT INTO `ccp2_posts` (`first_name`, `post_date`, `post`) VALUES ('$first_name', NOW(), '$post1')";
        mysqli_query($dbc, $query);

        // Confirm success with the user
        echo '<p>Your post has been successfully added. Would you like to <a href="viewpost.php">view all of the posts</a>?</p>';

        mysqli_close($dbc);
        exit();
      }
      else {
        echo '<p class="error">You must enter information into all of the fields.</p>';
      }
    }
  } // End of check for form submission
    else {
    echo '<p>Grr</p>';
    }

  mysqli_close($dbc);
?>

  <form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MM_MAXFILESIZE; ?>" />
    <fieldset>
      <legend>Post Here:</legend>     
      <label type="hidden" for="post1">Post Content:</label><br />
      <textarea rows="4"  name="post1" id="post1" cols="50">Post Here...</textarea><br />
    </fieldset>
    <input type="submit" value="Save Post" name="submit" />     
  </form>
   </div>
  <?php

include ("include/footer.html");

?>

</body> 
</html>

This script is supposed to grab first_name from the database and it is not. Help?

Edit: There's the whole code.

Improve this question
22
  • Check the $dbc object. And this is very unsafe. Sanitize your user submitted data and use prepared statements. Commented Jan 26, 2014 at 0:55
  • You did print_r($row) right? Commented Jan 26, 2014 at 0:55
  • And... the cookie is generated from where? If none are created, then your code has done its job, as in "don't create the session". Create one. Commented Jan 26, 2014 at 1:04
  • @Fred-ii- I do need to delete the cookie thing as I do not use it Commented Jan 26, 2014 at 1:08
  • With the conditional statement it's set in, your session variable will never be created, therefore you'll be unable to pull in the user's id from a session. As per WHERE user_id = '" . $_SESSION['user_id'] . "' Commented Jan 26, 2014 at 1:09

3 Answers 3

Reset to default
2

Many things are strange with your code

I believe it's blank because one of the if/else is messed up:

  if (isset($_POST['submit'])) {
  ....
  } 
  else {//here
    else {
      echo '<p class="error">There was a problem accessing your profile.</p>';
    }
  }

then you have $error variable that have no meaning

$error = false;

Then you have in your form :

  <input type="text" id="first_name" name="first_name" value="" /><br />

but you dont want to grab it from there, but the database:

$query = "SELECT first_name FROM ccp2_user 
          WHERE user_id = '" . $_SESSION['user_id'] . "'";

Then your wanna grab $last_name From the post

$last_name = mysqli_real_escape_string($dbc, trim($_POST['last_name']));

but you don't have it in your form

Also this part:

if (!empty($first_name) && !empty($post1)) {
    // Only set the picture column if there is a new picture
    if (!empty($new_picture)) {
        $query = "INSERT INTO `ccp2_posts` (`first_name`, `post_date`, `post`) 
                      VALUES ('$first_name', NOW(), '$post1')";
    }
    else {
        $query = "INSERT INTO `ccp2_posts` (`first_name`, `post_date`, `post`) 
                      VALUES ('$first_name', NOW(), '$post1')";
    }
}

You you have a condition on new_picture Where did you initialize that. Why is it the same insert query again?

Don't you need quote around that?

you have so many issues here, I advice you to trouble shoot step by step. and redesign tis whole thing.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

I'm going from another script that I had, so I do need to clean i out a bit i suppose
@user2544765 yes You should keep things simple. I have a feeling you just need to organize things a little better and you should be fine.
I have edited the script above... take a look at that it should be simpler.
@user2544765 in this version $query = "SELECT first_name FROM ccp2_user WHERE first_name = '" . $_SESSION['user_id'] . "'"; you put the WHERE clause on first_name but you used the user_id value
Is there any way to talk besides on here, because I am getting confused.... Like I said I'm quite new...
|
1

I put something real quick together that works on my system.

This is a basic method and I mean basic, so you'll need to do the rest.

Just change the DB credentials to your own, and the the_user_id assigned to $_SESSION['user_id']

It's the best I can do to help.

<?php
$DB_HOST = "xxx";
$DB_USER = "xxx";
$DB_PASS = "xxx";
$DB_NAME = "xxx";

$dbc = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($dbc->connect_errno > 0) {
  die('Connection failed [' . $dbc->connect_error . ']');
}

session_start();
$_SESSION['user_id'] = "the_user_id"; // change this to the user's id

// You can use * also as the line from below
// $sql = $dbc->query("SELECT * FROM `ccp2_user` WHERE `user_id` = '" . $_SESSION['user_id'] . "'");
$sql = $dbc->query("SELECT `first_name` FROM `ccp2_user` WHERE `user_id` = '" . $_SESSION['user_id'] . "'");

while($row= mysqli_fetch_array($sql))
{
echo $row['user_id'];
}

// for testing purposes
// var_dump($_SESSION['user_id']);
// var_dump($_SESSION);

mysqli_close($dbc);
Improve this answer

2 Comments

I may use this in the future
It will/could be of help, am sure. You can base yourself on this for your INSERT method. @user2544765
0

Its here,

require_once('appvars.php');
require_once('connectvars.php');

One of these file must not be set or php cant find these file. So as it says 'require' which means till we dont get this file it will not proceed. so it halt the execution there itself.

try it with :

include('appvars.php');
include('connectvars.php');

It you see the page then problem is here itself.

Improve this answer

1 Comment

I actually have gotten it to show up now it's just not sending the info to the database

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.