Problem with $_POST

Question

This wont work. All the fields are correct etc and I have a db connection.

To the problem

I use this script to insert a post into the db:

<?php

if (isset($_POST['msg'])) {

$title = mysql_real_escape_string($_POST['title']);
$msg = mysql_real_escape_string($_POST['msg']);

// kolla efter tomma fält
if (empty($title) || empty($msg)) {
$reg_error[] = 1;
}

if (!isset($reg_error)) {
mysql_query("INSERT INTO messages (title, message, date, user_id)
             VALUES('$title', '$msg', '".time()."', '2')");

header('location: /');

exit;

}


}
?>

The Form:

<form action="post_msg.php" method="post">

<b>Title:</b>
<input type="text" name="title" size="40" />


<b>Message:</b>
<textarea rows="15" cols="75" name="msg"></textarea>


<input type="submit" value="Post Message" />
</form>

Worked fine the other day. Not today. No errors. The "post stuff" shows up in the url. I thought it only did when using $_GET which i dont. http://localhost/post_msg.php?title=fdsg&msg=sdfg

i dont get any errors the page just reloads

messages db

CREATE TABLE IF NOT EXISTS `messages` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`title` varchar(140) COLLATE utf8_unicode_ci DEFAULT NULL,
`message` text COLLATE utf8_unicode_ci
`date` int(10) unsigned NOT NULL,
`user_id` int(10) unsigned NOT NULL,
 PRIMARY KEY (`id`),
 FULLTEXT KEY `title` (`title`,`message`)

Answer 1

Sounds like your form isn't set to use POST

<form action="post_msg.php" method="post">

Answer 2

echo what the query result

echo mysql_errno($link) . ": " . mysql_error($link) . "\n";

did the script enter to the line that doing the query ?

Answer 3

A few comments that might help:

1. Please provide log output, error messages
2. Print the SQL and run it manually on the server, what errors occur?
3. Your SQL construction using string concatenation is really grim and probably a security hazard.

Look at the documentation for PDO. The API in PHP, although inconsistently named is fairly stable. So it is most likely that you did something wrong, in which case an error should ensue.

Answer 4

I just noticed something weird...

$reg_error is an array the way you wrote it.

$reg_error[] = 1;

So.. assign a key to that array, like $reg_error[0] or whatever.. and then

if(count($reg_error) > 0) { /* your code */ }

..or just remove the [] brackets from $reg_error and leave the if/else as is.

Answer 5

If everything works fine you get a result. But if anything "fails" you get nothing, no message what so ever. It leaves you in the dark, clueless. And that's bad.
Turn on the error reporting. Don't just have an if-block, add an else-block, too.

<?php
error_reporting(E_ALL); ini_set('display_errors', true);
if (isset($_POST['msg'])) {
    $title = mysql_real_escape_string($_POST['title'])
      or die('escape_string title failed');
    $msg = mysql_real_escape_string($_POST['msg'])
      or die('escape_string msg failed');
    // kolla efter tomma fält
    if (empty($title) || empty($msg)) {
        $reg_error[] = 1;
    }

    if (!isset($reg_error)) {
        mysql_query("INSERT INTO messages (title, message, date, user_id)
          VALUES('$title', '$msg', '".time()."', '2')")
          or die(mysql_error());
        header('location: /');
        exit;
    }
    else {
        print_r($reg_error);
    }
}
else {
    echo 'post parameter "msg" missing';
}
?>

Answer 6

Remove the redirect header and type this at the end of the script for debugging:

var_dump($_POST); echo mysql_error();

Answer 7

With the code provided, reg_error is only used to determine whether or not perform the SQL. Instead of setting a variable (since its only set dependent upon a conditional statement), why not just change your code to do:

<?php

if (isset($_POST['msg'])) {

$title = mysql_real_escape_string($_POST['title']);
$msg = mysql_real_escape_string($_POST['msg']);

// kolla efter tomma fält
if (!empty($title) && !empty($msg)) {

  mysql_query("INSERT INTO messages (title, message, date, user_id)
             VALUES('$title', '$msg', '".time()."', '2')");

  header('location: /');

  exit;

}

else {

  echo "There was an error";

}


}
?>

This would simply the code. The else statement would obviously, eventually be modified, but for now would give you a fall back way of showing you if it even attempted the SQL query. If its not, the condition is failing and you arent getting values from the post for some reason.

The only way your URL would change is if the method of the form tag was changed. If it's set to post, it shouldnt show in the URL.

Answer 8

I found the problem! i checked my header.php file and guess what? there was a form i hadent closed :/ sorry for bothering you guys