[SOLVED] PHP form doesn’t save PHP – error #1064??

[nchipping]

Hello,

I know this may sound like a strange question, but it has a point :)

Anyway, I have been using this method for a while, and have never encountered an issue with it, and I’m about at my wits end to get it working on the current site I’m working on.

Basically, I have a template system that stores the information for each ‘page’ of my website in the DB (so there’s only one page – but it just calls the information from the DB, depending on what’s in the URL). So, if I want to edit a page, I have to be logged in as the super-administrator, and then I can edit the PHP for the page, the HTML, the stylesheets, the scripts, etc.

So, my main concern is for editing the PHP that is custom for certain pages – on a new site I’m doing, it won’t allow me to save this way. When I create pages (using a form I’ve created, and on that same site), I can type PHP in and it will save and accept it, but when I try to EDIT it on a page, it won’t let me – it will go through the reload of the page and act like it saved it, but nothing will be changed in the DB.

Any ideas on this? The hosting is the same as other sites I’ve done as well – so I don’t think that’s the issue either. Here’s my code for my editing page:

Code:

query(‘SELECT * FROM content WHERE id = ‘ . $db->escape_string($_GET[‘content_id’]) . ‘ ORDER BY id’);
while ($content = $db->fetch_assoc($result))
{
$url = $content[‘url’];
$php = $content[‘php’];
$meta = $content[‘meta’];
$page_title = $content[‘page_title’];
$title = $content[‘title’];
$style = $content[‘style’];
$script = $content[‘script’];
$content = $content[‘content’];
$content_type_id = $content[‘content_type_id’];
$analytics = $content[‘analytics’];
}

//checking to see if they’ve posted something
if((!empty($_POST[‘wrangler’])) && $_POST[‘wrangler’] == 1)
{
//cool – now we want to save it
$contents = array(
‘id’ => $db->escape_string($_GET[‘content_id’]),
‘url’ => $_POST[‘url’],
‘php’ => $_POST[‘php’],
‘meta’ => $_POST[‘meta’],
‘page_title’ => $_POST[‘page_title’],
‘title’ => $_POST[‘title’],
‘style’ => $_POST[‘style’],
‘script’ => $_POST[‘script’],
‘content’ => $_POST[‘content’],
‘content_type_id’ => $_POST[‘content_type_id’],
‘analytics’ => $_POST[‘analytics’],
‘active’ => $_POST[‘active’]
);
//echo “CONTENTS ID: ” . $contents[‘id’] . “
URL: ” . $contents[‘url’] . “
php: ” . $contents[‘php’] . “
TITLE: ” . $contents[‘title’] . “
page_title: ” . $contents[‘page_title’] . “
CONTENT: ” . $contents[‘content’] . “
ACTIVE: ” . $contents[‘active’] . “”;

$result = $db->query(“UPDATE content SET url = ‘” . $contents[‘url’] . “‘, php = ‘” . $contents[‘php’] . “‘, meta = ‘” . $contents[‘meta’] . “‘, page_title = ‘” . $contents[‘page_title’] . “‘, title = ‘” . $contents[‘title’] . “‘, style = ‘” . $contents[‘style’] . “‘, script = ‘” . $contents[‘script’] . “‘, content = ‘” . $contents[‘content’] . “‘, content_type_id = ‘” . $contents[‘content_type_id’] . “‘, analytics = ‘” . $contents[‘analytics’] . “‘, active = ‘” . $contents[‘active’] . “‘ WHERE id = ‘” . $db->escape_string($_GET[‘content_id’]) . “‘LIMIT 1”);

redirect($contents[‘url’]);
}
else
{
//echo ‘this is the session user id: ‘ . $_SESSION[‘user_id’];
$result = $db->query(“SELECT * FROM users WHERE id = ‘” . $_SESSION[‘user_id’] . “‘ ORDER BY id DESC”);
while($users = $db->fetch_assoc($result))
{
$name = $users[‘first_name’];
$permissions = $users[‘permission’];
}

if (permission(1) == true)
{
//show this stuff
$result = $db->query(‘SELECT * FROM content WHERE id = ‘ . $db->escape_string($_GET[‘content_id’]) . ‘ ORDER BY id’);
while ($content = $db->fetch_assoc($result))
{
?>

Edit ‘‘ Page

URL

Meta
<br /> <?=$content['meta']?><br />

Page Title

Script
<br /> <?=$content['script']?><br />

Content
<br /> <?=$content['content']?><br />

Content Type ID

Active
checked value=”1″ name=”active” />

Then the code for the page creator is here:

Code:

$db->escape_string($_GET[‘content_id’]),
‘url’ => $_POST[‘url’],
‘php’ => $_POST[‘php’],
‘meta’ => $_POST[‘meta’],
‘page_title’ => $_POST[‘page_title’],
‘title’ => $_POST[‘title’],
‘style’ => $_POST[‘style’],
‘script’ => $_POST[‘script’],
‘content’ => $_POST[‘content’],
‘content_type_id’ => $_POST[‘content_type_id’],
‘analytics’ => $_POST[‘analytics’]
);
//echo “CONTENTS ID: ” . $contents[‘id’] . “
SITE NAME: ” . $contents[‘site_name’] . “
STYLE: ” . $contents[‘style’] . “
TITLE: ” . $contents[‘title’] . “
NAV: ” . $contents[‘nav’] . “
CONTENT: ” . $contents[‘content’];

$result = $db->query(“INSERT INTO content (id, url, php, meta, page_title, title, style, script, content, content_type_id, analytics) VALUES (”, ‘” . $contents[‘url’] . “‘, ‘” . $contents[‘php’] . “‘, ‘” . $contents[‘meta’] . “‘, ‘” . $contents[‘page_title’] . “‘, ‘” . $contents[‘title’] . “‘, ‘” . $contents[‘style’] . “‘, ‘” . $contents[‘script’] . “‘, ‘” . $contents[‘content’] . “‘, ‘” . $contents[‘content_type_id’] . “‘, ‘” . $contents[‘analytics’] . “‘)”);

$page_title = $contents[‘page_title’];
redirect(‘http://www.productionbook.com/&#8217; . $page_title);
}
else
{
if (permission(1) == true)
{
//show this stuff
?>

Create Content

URL

PHP

Meta

Page Title

Title

Style

Script

Content

Content Type ID

Analytics

[nchipping]

Yes, I wrote the code myself, but I already know it works. I have used this SAME CODE on multiple websites without any trouble – so I think it’s something with the web host, but they say it isn’t. Is there anything in the php.ini file or the .htaccess file that could do something like this? Please let me know if any of you know. I appreciate the help!

[nchipping]

"nchipping" wrote:

Yes, I wrote the code myself, but I already know it works. I have used this SAME CODE on multiple websites without any trouble – so I think it’s something with the web host, but they say it isn’t. Is there anything in the php.ini file or the .htaccess file that could do something like this? Please let me know if any of you know. I appreciate the help!

Does anybody have any ideas on this? Could it have anything to do with a php.ini or .htaccess file?

[nchipping]

Here’s a little more information that might help:

Just for reference, I finally put this in the PHPMyadmin MySQL query thing, and it gave me the following:

Code:

Error

SQL query:

UPDATE `content` SET `url` = ‘http://www.productionbook.com/home&#8217;,
`php` = ‘{startp} $hotdog = ‘chicken ‘; echo $hotdog; {/endp}’,
`meta` = ‘ ‘,
`page_title` = ‘home’,
`title` = ‘Home’,
`style` = ‘ ‘,
`script` = ‘ ‘,
`content` = ‘

Under construction This site is currently under construction. Please check back later.

‘,
`content_type_id` = ‘1’,
`analytics` = ‘ ‘,
`active` = ‘1’ WHERE `id` = ‘1’ LIMIT 1

MySQL said: Documentation
#1064 – You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘chicken’; echo $hotdog; {/endp}’, `meta` = ‘ ‘, `page_title` = ‘home’, `title` =’ at line 1

When, what I put in (just for testing) –

Code:

UPDATE `content` SET `url` = ‘http://www.productionbook.com/home&#8217;, `php` = ‘{startp} $hotdog = ‘chicken’; echo $hotdog; {/endp}’, `meta` = ‘ ‘, `page_title` = ‘home’, `title` = ‘Home’, `style` = ‘ ‘, `script` = ‘ ‘, `content` = ‘
Under construction

This site is currently under construction. Please check back later.
‘, `content_type_id` = ‘1’, `analytics` = ‘ ‘, `active` = ‘1’ WHERE `id` = ‘1’ LIMIT 1

I had to put in the {startp} and {/endp} (made up tags) in order for it to try to save at all – if I use regular PHP tags it won’t even post it. Any ideas?

[nchipping]

I finally got it working – I had to use mysql_real_escape_string() for everything that I posted – it fixed it! :D :D :D :D :D :D :D :D :D :D :D :D :D Thanks everybody for your patience with me on this one!

[Author]

Posts