BetterPHP

Hello, I have followed the Blog tutorial on YouTube and it has worked great, it really helped me out!

However, I have recently tried to add an "Edit" function to the blog posts, so that I can come back and edit them with ease and would think that my code should work. I can't find any errors (mysql_error(); gives me nothing) but my database refuses to update, for whatever reason. I found an old thread with a similar problem, but sadly that didn't help.

Here's the "Edit" site.
[syntax=php]<?php
include('core/init.php');


if (isset($_POST['title'], $_POST['body'])){
edit_post($_POST['title'], $_POST['body']);
header('Location: work.php');
die();
}

?>

<!DOCTYPE html>
<head>
<title>Edit</title>
</head>

<body>
<div>
<?php

if (isset($_GET['pid']) === false || valid_pid($_GET['pid']) === false){
echo 'Invalid post ID.';
}
else {
$post = get_post($_GET['pid']);
?>

<h2><?php echo $post['title']; ?></h2>
<h4><?php echo $post['date']; ?></h4>
<hr />

<p><?php echo $post['body']; ?></p>

<hr />



<form action="" method="post">
<p>
<label for="title">Title</label>
<input type="text" name="title" id="title" value="<?php echo $post['title']; ?>"/>
</p>
<p>
<textarea name="body" rows="20" cols="60"><?php echo $post['body']; ?></textarea>
</p>
<p>
<input type="submit" value="Edit Post" />
</p>
</form>
<?php
}
?>

</div>
</body>
</html>[/syntax]

and the function to go with it.
[syntax=php]function edit_post($title, $body){
$pid = $_POST['id'];
$title = mysql_real_escape_string(htmlentities($title));
$body = mysql_real_escape_string(nl2br(htmlentities($body)));

mysql_query("UPDATE `posts` SET `post_title` = '{$title}', `post_body` = '{$body}' WHERE `post_id` = '{$pid}'");
}[/syntax]

Any help would be extremely helpfull!

Add an extra parameter in your edit_post function to store the $_POST['id'] I don't think once inside the function you can post data like that

$_POST['id'] will return blank and thus there will cause no error

Sadly that didn't work, I have continued to turn this over and around but no luck, I must be missing something else. My PHP skills are pretty limited so there can be all kinds of stuff done wrong.

This is what you meant for me to do right? Simply add the $pid to the parameters?

[syntax=php]function edit_post($title, $body, $pid){

$pid = $_POST['id'];
$title = mysql_real_escape_string(htmlentities($title));
$body = mysql_real_escape_string(nl2br(htmlentities($body)));

mysql_query("UPDATE `posts` SET `post_title` = '{$title}', `post_body` = '{$body}' 'WHERE `post_id` ='{$pid}'");[/syntax]

I still don't get an error, but it will still not update the database.

EDIT: Alright, I realised that my "header ('Location') " part made me jump past the errors that were displayed in the edit-file when I tried to submit my update. Bergh.

However, now I have two undefined index errors regarding the $_POST['id'] in the above function and in my

[syntax=php]if (isset($_POST['title'], $_POST['body'])){
edit_post($_POST['title'], $_POST['body'], $_POST['id']);
die();
}[/syntax]

Where do I define the 'id' index?

Another strange thing that I don't understand is that if I enter the $_POST['id'] variable into my "if" clause, I stop getting errors, but nothing will update and my "header ( 'Location')" will stop working, why is this?

Any help would be greatly appreciated.

Remove the $pid = $_POST['id'] as it will always return blank because your form contains no field of id. Remove it from the if statement as well.

I believe what you are looking for is $post['id'] for the function variable instead of $_POST['id'];

However, to get this to work your form action will need to change as well. Post the get_post() function please and that will clarify things.

Oh, alright. so now I have changed the $_POST with $post and added $post to my "if (isset())" clause, where it remains undefined.

This is the get_post function that I use. It's unedited from when I first created it using the blog tutorial.
[syntax=php]function get_post($pid){

$pid = (int)$pid;

$sql = "SELECT
`post_title` AS `title`,
`post_body` AS `body`,
`post_user`AS `user`,
`post_date` AS `date`
FROM `posts`
WHERE`post_id`= {$pid}";

$post = mysql_query($sql);
$post = mysql_fetch_assoc($post);

$post['comments'] = get_comments($pid);

return $post;
}[/syntax]


The edit_post function:
[syntax=php]function edit_post($title, $body, $pid){

$pid = $post['id'];
$title = mysql_real_escape_string(htmlentities($title));
$body = mysql_real_escape_string(nl2br(htmlentities($body)));


mysql_query("UPDATE `posts` SET `post_title` = '{$title}', `post_body` = '{$body}' WHERE `post_id` ='{$pid}'");[/syntax]

and my if(isset());
[syntax=php]if (isset($_POST['title'], $_POST['body'], $post['id'])){
edit_post($_POST['title'], $_POST['body'], $post['id']);
die();
}

echo mysql_error();[/syntax]

Yes, you're going to have to change your form action to
[syntax=php]<form action="?pid=<?php echo $_GET['pid']; ?>"[/syntax]

Then your if():

[syntax=php]if (isset($_POST['title'], $_POST['body'], $_GET['pid'])){
edit_post($_POST['title'], $_POST['body'], $_GET['pid']);
die();
}[/syntax]

Then your function:
[syntax=php]function edit_post($title, $body, $pid){

$pid = mysql_real_escape_string($pid);
$title = mysql_real_escape_string(htmlentities($title));
$body = mysql_real_escape_string(nl2br(htmlentities($body)));


mysql_query("UPDATE `posts` SET `post_title` = '{$title}', `post_body` = '{$body}' WHERE `post_id` ='{$pid}'");[/syntax]

Something like that will (should) work

It works perfectly. Thanks a lot for your help, you're a lifesaver, bro. I've spent hours upon end scratching my head while searching the net for a solid answer to this.

Are answered threads like these locked, should I request one?

Chlor wrote:Are answered threads like these locked, should I request one?

No, but if you'd like?

The new forum will have a official solved marker so please don't edit it into the title for now