2

I'm trying to make a way to edit my posts on a blog I'm making but for some reason when I try to submit the "update post" form it will give me the error "Something went wrong..." (meaning it got to update post.php) and I'm not sure why. The only thing I could see it being is because I'm using TinyMCE to edit the content of the post and the way I'm doing it is wrong?

editpost.php

    <?php
      include 'php/mysql_connect.php'; // opens a PDO of variable $db
      if(isset($_GET['id'])){
        $q = $db->prepare('SELECT * FROM posts WHERE id=:post_id LIMIT 1');
        $q->execute(array(':post_id'=>$_GET['id']));
        $row = $q->fetch(PDO::FETCH_ASSOC);

        if($row){
          echo '<form method="post" action="php/update_post.php?post_id='.$_GET['id'].'">';
          echo '<div class="form-group">';
          echo '  <input type="text" class="form-control" name="title" id="title" placeholder="Post Title" autocomplete="off" value="'.$row['title'].'" required />';
          echo '</div>';
          echo '<div class="form-group">';
          echo '  <textarea class="form-control" name="body" id="body">'.$row['body'].'</textarea>';
          echo '</div>';
          echo '<input type="submit" value="Update Post" class="btn btn-default" />';
          echo '</form>';
        }
        else{
          echo 'Post not found.';
        }
      }
      else{
        echo 'Post not found.';
      }
    ?>

update_post.php

<?php
$post_id = $_GET['post_id'];
$title = $_POST['title'];
$body = $_POST['body'];
include 'mysql_connect.php'; // establishes $db, a PDO connection

// insert the records
$sql = "UPDATE posts SET title=:title, body=:body WHERE id=:post_id)";
$q = $db->prepare($sql);
if($q->execute(array(':title'=>$title, ':body'=>$body, ':post_id'=>$post_id))){
  echo '<script type="text/javascript">alert("Success!");location.href="../posts.php";</script>';
}
else{
  echo '<script type="text/javascript">alert("Something went wrong...");location.href="../posts.php";</script>';
}
?>

I've changed the form method to GET, and it is passing the variables correctly, so that isn't the problem. The update_post.php is a modified version of my add_post.php, which works perfectly fine so I don't understand why updating it doesn't work right.

Improve this question
8
  • 1
    You do realise that you can get the database to tell you what went wrong? Commented Feb 25, 2015 at 16:34
  • You should go through this [LINK : problem update PDO][1] [1]: stackoverflow.com/questions/9209677/… Commented Feb 25, 2015 at 16:41
  • If you think tinyMCE is the culprit, comment out the tinyMCE JS code so it just uses a plain textarea. If your update still fails, something else is the cause of the problem. Commented Feb 25, 2015 at 17:35
  • Something to consider OP, you have that post id in plain text as a GET variable. Very dangerous, what if somebody comes in, loads the page , changes that url to a different post id, and submits? Commented Feb 25, 2015 at 18:14
  • I changed the form action to GET to see what it was sending, and it was passing this: update_post.php?post_id=14&title=Second+Post&body=%3Cp%3E%3Cspan+style%3D%22font-size%3A+24pt%3B%22%3EThis+is+the+Second+Post%3C%2Fspan%3E%3C%2Fp%3E Should the title and body variables be strings? Commented Feb 25, 2015 at 18:21

2 Answers 2

Reset to default
2
+50 
$sql = "UPDATE posts SET title=:title, body=:body WHERE id=:post_id)";
                                             remove this one >-----^

you have a bracket at the end wrong ;)

Remove it and it should work:

$sql = "UPDATE posts SET title=:title, body=:body WHERE id=:post_id";
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Wow, I can't believe I missed that (as well as everyone else). I can't award the bounty right now but I will tomorrow (22 hours). Thank you!
1

If you use GET use GET then ;-) 

$post_id = $_GET['post_id'];
$title = $_GET['title'];
$body = $_GET['body'];

if you use POST use POST:

$post_id = $_POST['post_id'];
$title = $_POST['title'];
$body = $_POST['body'];

According to your last comment try change here:

if($row){
          echo '<form method="post" action="php/update_post.php">';
          echo '<input type="hidden" name="post_id" value="'.$_GET['id'].'">';
          echo '<div class="form-group">';
          echo '  <input type="text" class="form-control" name="title" id="title" placeholder="Post Title" autocomplete="off" value="'.$row['title'].'" required />';
          echo '</div>';
          echo '<div class="form-group">';
          echo '  <textarea class="form-control" name="body" id="body">'.$row['body'].'</textarea>';
          echo '</div>';
          echo '<input type="submit" value="Update Post" class="btn btn-default" />';
          echo '</form>';
        }
Improve this answer

5 Comments

I think he got mixed up since he was using $_GET on the form since the post id was part of the query string.
yes, but check his original code that I try to fix. He mixed GET and POST
yeah, I see that. I didn't expand enough on my comment. I was guessing he used $_GET for the post_id in update_post.php since that's what he was doing in editpost.php. All in all we agree.
Actually, upon closer inspection of his original code, I noticed he is passing the ID to the update script as part of the form action
Yeah, I was using form action as POST but was passing the post id as GET. I've changed the post id to be sent through a hidden input type, but it hasn't changed the issue.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.