Im trying to make this script so admins can give users badges. At the moment it won't save the badge to the database... Any ideas?



<?php
ob_start();
include("config.php");
if ($logged[username] && $logged[level] ==5)
{

if ($_POST[AddBadge]) {
$name = $_POST[name];
$img = $_POST[img];
$desc = $_POST[desc];
if($img=="" || $desc=="" || $name=="") {

echo ("You have left a field blank");

}else{
$query = mysql_query("INSERT INTO badges (name, img, desc) VALUES('$name','$img','$desc')");
echo("Badge Successfully added");
}
}
else
{
echo("
<form method=\"POST\">
Badge Name: <input type=\"text\" name=\"name\"><br />
Badge URL: <input type=\"text\" name=\"img\"><br />
Badge Description: <input type=\"text\" name=\"desc\"><br />
<input name=\"AddBadge\" type=\"submit\" value=\"AddBadge\">
</form> ");
}
}else{

echo("You are not logged in or you don't have sufficient privileges to access this page");
}
?>
</form>

try $name = $_POST['name']; etc

---------- Post added 06-12-2012 at 02:18 PM ----------

also when you say it's not setting does it give anything?

does it fail the first if statement and return you are not logged in?
does it fail the second if statement and show the form?
does it pass the third if statement and return you have left a field blank?
does it get into the 'badge successfully added' statement but just create nothing in the db?

---------- Post added 06-12-2012 at 02:20 PM ----------

also is there any reason why theres a </form> at the end


<?php
ob_start();
include("config.php");

if ($logged[username] && $logged[level] ==5) {

if ($_POST['name'] || $_POST['img'] || $_POST['desc']) {
$name = $_POST['name'];
$img = $_POST['img'];
$desc = $_POST['desc'];
if($img=="" || $desc=="" || $name=="") {
echo ("You have left a field blank");
} else {
$query = mysql_query("INSERT INTO badges (name, img, desc) VALUES('$name','$img','$desc')");
echo("Badge Successfully added");
}
} else {
echo("
<form method=\"POST\">
Badge Name: <input type=\"text\" name=\"name\"><br />
Badge URL: <input type=\"text\" name=\"img\"><br />
Badge Description: <input type=\"text\" name=\"desc\"><br />
<input name=\"AddBadge\" type=\"submit\" value=\"AddBadge\">
</form> ");
}
}else {
echo("You are not logged in or you don't have sufficient privileges to access this page");
}
?>

I assume you're not actually going to use this and just testing/learning php using it?

---------- Post added 06-12-2012 at 02:25 PM ----------

also paste your config if that doesn't work

Ive spoken to a mate about it and we have worked out its down to the SQL statement

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''id','name','img','desc')VALUES('','Sense Plus Heros','http://www.senseproductio' at line 1

(Sense Plus Heroes being the badge name) and the link being link to image

Config works as i have it working for other scripts

Then you should of said that from the start lol..

did you copy and paste that error?
are your column heading 'name' 'img' and 'desc'?

---------- Post added 06-12-2012 at 02:33 PM ----------

print screen your table

http://img221.imageshack.us/img221/8795/tablei.png


Ive included an else die. This is the error im getting

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''id','name','img','desc')VALUES('','Sense Plus Heros','http://www.senseproductio' at line 1

http://img221.imageshack.us/img221/8795/tablei.png


Ive included an else die. This is the error im getting

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''id','name','img','desc')VALUES('','Sense Plus Heros','http://www.senseproductio' at line 1

in phpmyadmin or whatever try inserting it seeing if it works

so

INSERT INTO badges (name, img, desc) VALUES ('Sense Plus Heroes','http://www.some-dodgy-link-goes-here.com','some dodgy badge desc gos here')

what does that say?

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc) VALUES ('Sense Plus Heroes','http://www.senseproductions.net/usersystem/im' at line 1

Set your fields to varchar, pretty sure text is only recommended in cases with massive amounts of characters (thousands)

idk if order matters (you're saying insert name, img, desc when in the table its img, desc, name)

desc is a reserved word in mysql. If you want to actually use it as a column name you need to put them in quotes when using them in SQL queries.

e.g

INSERT INTO badges (name, img, `desc`) VALUES ('Sense Plus Heroes','http://www.some-dodgy-link-goes-here.com','some dodgy badge desc gos here')

Also your orignal PHP code is very insecure and open to SQL injection. Use prepared statements to avoid this. There are other ways to also avoid this but they are not recommended (hint: http://php.net/manual/en/function.mysql-real-escape-string.php and "Use of this extension is discouraged." in the big red box).

For prepared statements you need to use PDO or MySQLi and look at the appropiate documentation:

http://php.net/manual/en/pdo.prepared-statements.php - PDO
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php - MySQLi

Couldn't you just do something like this? Then it will insert into the badges table the values (id, img, desc and name)?


$query = mysql_query("INSERT INTO badges VALUES(' ','$img','$desc','$name')")

I don't know how you'd insert the ID as it's auto_incrementing in your MySQL database. Maybe Tomm; would know. I just put (' ',$img) for now.

Also check your table name is actually badges.

' ' would attempt to insert a value for ID

the way he done it initially would be fine, stating the columns to add the data to followed by the data to insert.

but i'm guessing tomm has the problem as 'desc' as it's whats always showing in the area of the error every time

name, img and desc don't have any limits on how long they can be do they?

example your id has of length "12"

text doesn't have a limit as far as im aware it's used mainly for like 8k+ characters as varchar errors over 8k characters.

if he set varchat he'd set the limit.

text doesn't have a limit as far as im aware it's used mainly for like 8k+ characters as varchar errors over 8k characters.

if he set varchat he'd set the limit.

Ok :) I never use PHP :P

Yeah same :P