i'm only tring to make a form work. Its a similar for than i am fillin now: question, text, tags.
Fine,
this is when i print the form
function imprimir_formulario_pregunta(){
$html = '<form id="pregunta" name ="pregunta" method="post" action="preguntas.php">';
$html .= '<h2>Pregunta</h2>';
$html .= '<input name="q" id="q" type="text" value=" "></input>';
$html .= '<h2>Explica tu duda</h2>';
$html .= '<textarea name="texto" id="texto" /
></textarea>';
$html .= '<h2>Etiquetas (separadas por comas)</h2>';
$html .= '<input name="tags" id="tags"/>';
$html .= '<input name="responde_a" style="display:none;" id="responde_a" value="0"/>';
$html .= '<button name="pregunta" id="pregunta" type="submit" >Publicar</button>';
$html .= '</form>';
echo $html;
}
this is when i recive data
if(isset($_POST['pregunta'])){
$p_title = $_POST['q'];
$p_text = $_POST['texto'];
$p_et = $_POST['etiquetas'];
$p_resp = $_POST['responde_a'];
post_pregunta($p_title,$p_text, $p_et, $p_resp);
this is when i process data
function obtener_id_pregunta($p,$t){
$consulta = mysql_query("SELECT * FROM preguntas WHERE pregunta='$p' && texto='$t'");
while($item = mysql_fetch_array($consulta)){
return $item['id'];
}
}
function post_pregunta($a,$t,$et,$r){
mostrar_notificacion("hemos entrado");
//// ******
if($a != '' && $t != ''){
$b = $a;
guardar_pregunta($b,$t,$r);
$id = obtener_id_pregunta($b,$t);
$temp = new etiqueta(0, '');
$basura = $temp->guardar_etiquetas($et, $id, $_SESSION['id']);
}else
mostrar_notificacion("hemos salido $a $t");
}
function guardar_pregunta($p,$t,$r){
$id_tmp = $_SESSION['id'];
$insert = "INSERT INTO preguntas (pregunta,texto,id_usuario,fecha,responde_a) VALUES ('$p','$t','$id_tmp',NOW(),'$r')";
$qry = mysql_query($insert);
if(mysql_affected_rows开发者_开发问答())
{
mostrar_notificacion("La pregunta $p ($t)($r) se guardo");
return true;
}
else
{
mostrar_notificacion("Error Ingresando datos");
return false;
}
return false;
}
Result:
I get the insert in the database done, but the 'q' field has a '' value....
Notes: It looses the value in the step ** because it enters in the condition, but it doesn't in the next one wich is the same question...
Please tell me you have my answer, been too long on this.. and i need it done this week for class
Thanks in advance
It's hard to see what's going on - as @vincebowdren says, you just need to debug this every step of the way.
However, more worryingly you're using $_POST data directly in a SQL query - this is an SQL injection attack waiting to happen.
Ensure you wrap ALL such variables in a mysql_real_escape_string function within your queries.
e.g.:
$insert = "INSERT INTO preguntas (pregunta,texto,id_usuario,fecha,responde_a) VALUES ('".mysql_real_escape_string($p)."','".mysql_real_escape_string($t)."','$id_tmp',NOW(),'".mysql_real_escape_string($r)."')";
See How can I prevent SQL injection in PHP? for more information.
Use echo
to print out the value of the troublesome variable ($_POST['q'], $p_title, $a) at every stage. Then you will see when it gets a value you weren't expecting.
@Toni Michel Caubet: I rewrote your code a little to make it more readable and should be slightly easier to debug as well. Please heed the /* comments */
. I've left a lot of the work up to you with just some guides here and there.
Receive data:
if(isset($_POST['pregunta']))
{
$p_title = $_POST['q'];
$p_text = $_POST['texto'];
$p_et = $_POST['tags'];
$p_resp = $_POST['responde_a'];
/* Never trust user input, validate the data you're retrieving */
/* Keep variable names the same, or risk confusing yourself later */
post_pregunta($p_title, $p_text, $p_et, $p_resp);
}
Process data:
function post_pregunta($p_title, $p_text, $p_et, $p_resp)
{
mostrar_notificacion("hemos entrado");
/* You should handle validation like this after initially receiving post
data, the ideal would be to validate the data in a central location
and then only pass the valid data on to other functions to avoid
having to recheck everything.
*/
if($p_title != '' && $p_text != '')
{
guardar_pregunta($p_title, $p_text, $p_resp);
$id = obtener_id_pregunta($p_title, $p_text);
$temp = new etiqueta(0, '');
$basura = $temp->guardar_etiquetas($p_et, $id, $_SESSION['id']);
}
else
{
mostrar_notificacion("hemos salido $p_title $p_text");
}
}
function obtener_id_pregunta($p_title, $p_text)
{
/* This query may also be susceptible to SQL injection */
$consulta = mysql_query("SELECT id FROM preguntas WHERE pregunta='" . $p . "' AND texto='" . $t . "'");
while($item = mysql_fetch_array($consulta))
{
return $item['id'];
}
}
function guardar_pregunta($p_title, $p_text, $p_resp)
{
$id_tmp = $_SESSION['id'];
/* This query is susceptible to SQL injection not least because there's
no data validation. */
$insert = "INSERT INTO preguntas (pregunta, texto, id_usuario, fecha, responde_a) VALUES ('$p_title', '$p_text', '$id_tmp', NOW(), '$p_resp')";
$qry = mysql_query($insert);
if(mysql_affected_rows())
{
mostrar_notificacion("La pregunta $p_title ($p_text)($p_resp) se guardo");
return true;
}
else
{
mostrar_notificacion("Error Ingresando datos");
return false;
}
return false;
}
Print form:
function imprimir_formulario_pregunta()
{
$html = '<form id="preguntas" name="preguntas" method="post" action="preguntas.php">' . "\n";
$html .= ' <div>' . "\n";
$html .= ' <h2>Pregunta</h2>' . "\n";
$html .= ' <input name="q" id="q" type="text" />' . "\n";
$html .= ' </div>' . "\n";
$html .= ' <div>' . "\n";
$html .= ' <h2>Explica tu duda</h2>' . "\n";
$html .= ' <textarea name="texto" id="texto"></textarea>' . "\n";
$html .= ' </div>' . "\n";
$html .= ' <div>' . "\n";
$html .= ' <h2>Etiquetas (separadas por comas)</h2>' . "\n";
$html .= ' <input name="tags" id="tags" />' . "\n";
$html .= ' </div>' . "\n";
$html .= ' <div>' . "\n";
$html .= ' <input name="responde_a" style="display:none;" id="responde_a" value="0" />' . "\n";
$html .= ' <button name="pregunta" id="pregunta" type="submit">Publicar</button>' . "\n";
$html .= ' </div>' . "\n";
$html .= '</form>' . "\n";
echo $html;
}
精彩评论