Man, my coding is getting better. I see no problems with this, nor does Beau. But the problem is this: It wont insert the info into the database! I don't get any error messages or anything... the vars work, I've tested. It's just not putting anything into the db!


<?php
include 'config.php';
session_start();
$date = date("d/m/Y");

foreach($_POST as $key=>$val) {

$$key = clean($val);

}

if ($_SESSION['logged_user'] == true) {
$query = mysql_query("SELECT * FROM `users` WHERE `username` = '".$_SESSION['logged_user']."'");

$rows = mysql_fetch_array($query);

if ($rows['level'] == 5) {
if ($_POST['submit']) {
echo "News added!";
$sql = mysql_query("INSERT INTO `news` (title, shortcontent, content, by, date) VALUES ('$title','$shortcontent','$content',''".$_SESSION['logged_user']."'','$date')");
}
if (!$_POST['submit']){
echo "<form action=\"addnews.php\" method=\"POST\">
News title: <input type=\"text\" size=\"20\" name=\"title\">
</br>
</br>
Short content: <input type=\"text\" size=\"20\" name=\"shortcontent\">
</br>
</br>
Content: <input type=\"text\" size=\"20\" name=\"content\">
</br>
</br>
<input type=\"submit\" name=\"submit\" value=\"Add news!\">
</form>
";
}
} else {
echo "You're not meant to be here, shoo. <meta http-equiv=\"REFRESH\" content=\"1;url=./members.php\">";
}
} else {
echo "Not logged in... Redirecting... <meta http-equiv=\"REFRESH\" content=\"1;url=./login.php\">";
}
?>

Tell me whats wrong! :(

<?php
include 'config.php';
session_start();
$date = date("d/m/Y");

foreach($_POST as $key=>$val) {

$$key = clean($val);

}

if ($_SESSION['logged_user'] == true) {
$query = mysql_query("SELECT * FROM `users` WHERE `username` = '".$_SESSION['logged_user']."'");

$rows = mysql_fetch_array($query);

if ($rows['level'] == 5) {
if ($_POST['submit']) {
echo "News added!";
echo ("$sql");
$sql = mysql_query("INSERT INTO `news` (title, shortcontent, content, by, date) VALUES ('$title','$shortcontent','$content',''".$_SESSION['logged_user']."'','$date')");
}
if (!$_POST['submit']){
echo "<form action=\"addnews.php\" method=\"POST\">
News title: <input type=\"text\" size=\"20\" name=\"title\">
</br>
</br>
Short content: <input type=\"text\" size=\"20\" name=\"shortcontent\">
</br>
</br>
Content: <input type=\"text\" size=\"20\" name=\"content\">
</br>
</br>
<input type=\"submit\" name=\"submit\" value=\"Add news!\">
</form>
";
}
} else {
echo "You're not meant to be here, shoo. <meta http-equiv=\"REFRESH\" content=\"1;url=./members.php\">";
}
} else {
echo "Not logged in... Redirecting... <meta http-equiv=\"REFRESH\" content=\"1;url=./login.php\">";
}
?>

<?php
include 'config.php';
session_start();
$date = date("d/m/Y");

if ($_SESSION['logged_user'] == true) {
$query = mysql_query("SELECT * FROM `users` WHERE `username` = '" . $_SESSION['logged_user'] .
"'");

$rows = mysql_fetch_array($query);

if ($rows['level'] == 5) {
if ($_POST['submit']) {
echo "News added!";
$title = $_POST["title"];
$shortcontent = $_POST["shortcontent"];
$content = $_POST["content"];
$username = $_SESSION["logged_user"];
mysql_query("INSERT INTO news (title, shortcontent, content, by, date) VALUES ('$title', '$shortcontent', '$content', '$username', '$date')");

}
if (!$_POST['submit']) {
echo "<form action=\"addnews.php\" method=\"POST\">
News title: <input type=\"text\" size=\"20\" name=\"title\">
</br>
</br>
Short content: <input type=\"text\" size=\"20\" name=\"shortcontent\">
</br>
</br>
Content: <input type=\"text\" size=\"20\" name=\"content\">
</br>
</br>
<input type=\"submit\" name=\"submit\" value=\"Add news!\">
</form>
";
}
} else {
echo "You're not meant to be here, shoo. <meta http-equiv=\"REFRESH\" content=\"1;url=./members.php\">";
}
} else {
echo "Not logged in... Redirecting... <meta http-equiv=\"REFRESH\" content=\"1;url=./login.php\">";
}
?>

try that :)

But why is
foreach($_POST as $key=>$val) {

$$key = clean($val);

} taken away on dentafrices? It works for register. It's in config btw.

Dentafrice it still doesn't work.

then try mine ;0

Because I don't like doing it that way, I think it is better to define your own.

If someone used firebug or any other program for that matter to make their own field for something..

Because I don't like doing it that way, I think it is better to define your own.

If someone used firebug or any other program for that matter to make their own field for something..But then for my protection of the $_POST's... I used clean($_POST['whatever']); but it broke something once... is that better (clean($_POST['whatever']);) though?

I tried yours rh4u! No luck. :(

I can't edit...

Anybody know what's wrong? I can insert manually in phpMyAdmin but not with this.

:s

Try:

<?php
include 'config.php';
session_start();
$date = date("d/m/Y");

foreach($_POST as $key=>$val) {

$$key = clean($val);

}

if ($_SESSION['logged_user'] == true) {
$query = mysql_query("SELECT * FROM `users` WHERE `username` = '".$_SESSION['logged_user']."'");

$rows = mysql_fetch_array($query);

if ($rows['level'] == 5) {
if ($_POST['submit']) {
echo "News added!";
$by = $_SESSION['logged_user'];
$sql = mysql_query("INSERT INTO `news` (`title`, `shortcontent`, `content`, `by`, `date`) VALUES ('$title','$shortcontent','$content','$by','$date' )") or die('Could not insert data, Error: '. mysql_error());
}
if (!$_POST['submit']){
echo "<form action=\"\" method=\"POST\">
News title: <input type=\"text\" size=\"20\" name=\"title\">
</br>
</br>
Short content: <input type=\"text\" size=\"20\" name=\"shortcontent\">
</br>
</br>
Content: <input type=\"text\" size=\"20\" name=\"content\">
</br>
</br>
<input type=\"submit\" name=\"submit\" value=\"Add news!\">
</form>
";
}
} else {
echo "You're not meant to be here, shoo. <meta http-equiv=\"REFRESH\" content=\"1;url=./members.php\">";
}
} else {
echo "Not logged in... Redirecting... <meta http-equiv=\"REFRESH\" content=\"1;url=./login.php\">";
}
?>

Will also display any MySQL errors if there are any.

Thanks snex it works now!

+REP.

Thread closed.