ansaurus

Question

Answer 1

A:

"SELECT count(fk_forum_kategori) As t_id

Probably isn't what you want here. Using count() will return the number of rows that match the criteria following it in your SQL query, so it's likely to always show you category number 1 (since each category number will only appear once in the database).

You will probably want something like this instead:

"SELECT fk_forum_kategori FROM forum_traad WHERE fk_forum_kategori = '$kategoriID'"

hollsk 2010-07-20 19:15:01

hollsk how i then echo it so i can test if it exists?

Simon 2010-07-20 19:22:16

You would use the bind_request() function for that (like you're already using) - the contents of fk_forum_kategori should be inside the $t_id variable just as before. If you need to output more columns then add them to the SQL query separated with commas, and then add more variables to bind_request() also comma separated, in the same order as your columns. Hope this helps.

hollsk 2010-07-20 20:40:03

Answer 2

A:

$overskrift = headline $indhold = content $fejl = error

Simon 2010-07-20 19:20:49

Answer 3

A:

I think you have some logic errors. I'm kind of guessing how the script works because I don't know what the variable names mean (they're in Swedish?). Here're my thoughts:

$kategoriID = $_GET['kategoriID'];

if(!isset($overskrift) || !isset($indhold) || !isset($fejl))
{
 $overskrift = "";
 $indhold    = "";
 $fejl       = false;
}

If any of three variables aren't set, set them all to their default values. My guess is that this is your problem right here, one of the three isn't ever set so you're always using defaults.

if(isset($kategoriID))
{
  $mysql = connect(); // let's assume this works
  $stmt = $mysql->prepare("SELECT count(fk_forum_kategori) As t_id FROM forum_traad WHERE fk_forum_kategori = '$kategoriID'") or die($mysql->error);

Select the number of times each row that matches your category id exists. This will always be 1. I recommend SELECT COUNT(*) AStimesFROMforum_traadWHEREfk_forum_kategori= '$kategoriID' (incidentally, if you're doing a prepared statement, you would normally do $mysql->prepare("SELECT ... WHERE id = ?"); $mysql->bind_param('d', $id);).

  $stmt->bind_result($t_id);
  $stmt->execute() or die($mysql->error);
  $stmt->fetch();

  if($t_id <= 0)
  {
    echo $t_id;
    $fejl == true;
    echo "<br>HEj med dig!";
    exit();
  }
}

If there are no threads for the given category, stop execution of the script.

if(isset($_POST['send']))
{
  $kategoriID = $_GET['kategoriID'];
  $overskrift = htmlspecialchars($_POST['overskrift']);
  $indhold    = htmlspecialchars($_POST['indhold']);
  $godkendt   = "ja";

  if($fejl == true)
  {
    $error = "Denne kategori findes ikke"; 
  }
  elseif (empty($overskrift) || empty($indhold))
  {
    $error = "Alle felter skal udfyldes";
  }
  else
  {

The user has submitted their thread. First, check if they are missing anything and if so set up a useful error message. If everything is ok:

    $mysql = connect();
    $stmt = $mysql->prepare("INSERT INTO forum_traad (overskrift, indhold, fk_forum_kategori, brugernavn, dato, godkendt) VALUES (?,?,?,?,?,?)") or die($mysql->error);
    $stmt->bind_param('ssisis', $overskrift, $indhold, $kategoriID, $_SESSION['username'], $dato, $godkendt) or die($mysql->error);
    $stmt->execute();
    $stmt->close();

Insert the new thread into your database and close your connection.

    $traadID = mysqli_insert_id($mysql);

    header("location: forum.traad.php?traadID=$traadID&kategoriID=$kategoriID");
  }
}

Redirect the user to their new thread. But what, you're trying to get the latest insert id from a closed connection.

So, given all this I think you can simply this a lot by verifying that they're using a valid category id, which I'm assuming is in another database, fk_forum_kategori being a foreign key to that table. Here's what I'd do:

$mysqli = connect();

function isValidCategory($id) {
  $statement = $mysqli->prepare("SELECT * FROM `categories` WHERE `id` = ?");
  $statement->bind_params("i", $mysqli->real_escape_string($id));
  $statement->execute();
  $num_rows = $statement->num_rows;
  $statement->close();
  if ($num_rows > 0) {
    return true;
  } else {
    return false;
  }
  // or:
  // return ($statement->num_rows > 0);
  // or even, if you're happy with 0 being converted to false and everything else to true:
  // return $statement->num_rows;
}

if (isValidCategory($_GET['category_id']) {
  if (is_empty($_POST['title']) {
    print "Missing title. Please go back and try again.";
    return false;
  }
  if (is_empty($_POST['content']) {
    print "Missing content. Please go back and try again.";
    return false;
  }


  $statement = $mysqli->prepare("INSERT INTO `threads` (`title`, `content`, `author`, `category_id`, `created`) VALUES (?, ?, ?, ?, NOW())");
  $statement->bind_params("sssi",
    $mysqli->real_escape_string($_POST['title']),
    $mysqli->real_escape_string($_POST['content']),
    $mysqli->real_escape_string($_SESSION['username']),
    $mysqli->real_escape_string($_GET['category_id']),
  );
  $statement->execute();
  $statement->close();

  if ($thread_id = $mysqli->insert_id()) {
    header("Location: view_thread.php?thread_id=$thread_id");
  } else {
    print "Sorry, we were unable to create your thread. Please go back and try again later.";
  }
} else {
  print "Invalid category idea. Please go back and try again.";
}

Does this help?

pr1001 2010-07-20 19:57:17

ansaurus

tags:

views:

answers:

forum category problem

related questions