-1

I'm trying to assign $_POST data to a field if it differs from the $row data pulled from the SQL database. This is being used to update blogposts. My logic is if whatever is entered in the text field is different from the $row data, then assign the $_POST data to the $row array. I'm not sure where my issue is, as it does not function properly. Any help would be greatly appreciated!

<?php session_start();
include('mysqli_connect.php');
$query = "SELECT * FROM blogposts WHERE blog_id=" . $_GET['id'];
$results = mysqli_query($dbc, $query);
$row = mysqli_fetch_array($results, MYSQLI_ASSOC);
?>

<head>
<?php include('header.html'); ?>

<style>
table, th, td {
border: 1px solid black;
border-collapse: collapse;
text-align: center;
background-color:#fcfcfc;
}
form {
    margin:auto;
}
</style>
</head>
<body>


<form name="com" id="com" action="<?php if (($_POST['blog_content'] != NULL) 
&& ($_POST['blog_title'] != NULL)) {
echo "edit_handle.php";
} else {
echo "edit_post.php?id=" . $_GET['id'];
if(($_POST['blog_title'] != NULL) && ($row['title'] != 
$_POST['blog_title'])) {$row['title'] = $_POST['blog_title'];}
if(($_POST['blog_content'] != NULL) && ($row['content'] != 
$_POST['blog_content'])) {$row['content'] = $_POST['blog_content'];}
if(($_POST['blog_title'] != NULL) && ($_POST['blog_content'] != NULL)) {
    $row['title'] = $_POST['blog_title'];
    $row['content'] = $_POST['blog_content'];
    }
} ?>" method="post">

<?php
if (isset($_SESSION['first_name']) && ($_SESSION['user_id'] == 11)) {
echo '
Blog Title: <input type="text" value="' . $row['title'] . '" 
name="blog_title" />
Post Content:<textarea name="blog_content">' . $row['content'] . 
'</textarea>

<input type="submit" value="submit">';  } else {
echo '<p align="center" style="color:red">You must be logged in as    
<strong>admin</strong> to post a blog!</p>';
}
?>

</form>
<?php
if (($_POST['blog_content'] != NULL) && ($_POST['blog_title'] != NULL)) {
echo "<script>document.getElementById('com').submit();</script>";
}
?>

</body>
</html>
user7928483
  • 1
  • 1
  • 1
    Do you have an actual problem? What is your question? – Phil Apr 27 '17 at 01:36
  • 1
    Warning: Your code is vulnerable to [SQL injection attacks](https://en.wikipedia.org/wiki/SQL_injection). Please read [this post](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) to learn more on how to prevent it. – Pang Apr 27 '17 at 02:07
  • Hey @Phil sorry about that, I'm not sure what is wrong or why it isn't working! – user7928483 Apr 27 '17 at 02:40
  • Hey @Pang thank you for the information, but no worries, this is for a school project and won't be publicly available. – user7928483 Apr 27 '17 at 02:41
  • You could filter the arrays using `array_filter` to get rid of `NULL`s and then use some combination of `array_merge` and `array_intersect` if you name your keys the same in both arrays. – Somrlik Apr 27 '17 at 04:00

1 Answers1

0

The easiest way to deal with confusing logic, I find, is make human readable functions (or class/methods if you are comfortable with OOP) that can be re-used. If you contain redundant script, you will find it's easier to figure out and isolate issues. This looks like a bunch more work, but if you move the functions to an includable page, you will clean up the view considerably:

<?php
# Fetch your post from the database
function getBlogPosts($dbc,$id)
    {
        # Check it's numeric
        if(!is_numeric($id))
            return false;
        # Fetch and return
        $results = mysqli_query($dbc, "SELECT * FROM blogposts WHERE blog_id=".$id);
        return mysqli_fetch_array($results, MYSQLI_ASSOC);
    }
# This function makes checking if it's set and if it has a value easy
function getPost($key = false)
    {
        if(!empty($key))
            return (isset($_POST[$key]))? $_POST[$key] : false;

        return $_POST;
    }
# Same here
function getGet($key = false)
    {
        if(!empty($key))
            return (isset($_GET[$key]))? $_GET[$key] : false;

        return $_GET;
    }
# Same here
function getSession($key = false)
    {
        if(!empty($key))
            return (isset($_SESSION[$key]))? $_SESSION[$key] : false;

        return $_SESSION;
    }
# Isolate this for readability
function getActionByRequest()
    {
        # Set default
        $default = "edit_handle.php";
        # Check that there are post values
        if(hasPostKeys())
            return $default;
        else
            # Make sure the id is numeric, return default if not
            return (is_numeric(getGet('id')))? "edit_post.php?id=".getGet('id') : $default;
    }
# You seem to do this in a few places, so better to make it a function
function hasPostKeys()
    {
        return (!empty(getPost('blog_content')) && !empty(getPost('blog_title')));
    }
# Make this easier to retrieve
function getDefaultValue($row,$key)
    {
        #Create dynamic key name
        $blogKey = 'blog_'.$key;
        # If both values are empty, stop
        if(empty($row[$key]) && empty(getPost($blogKey)))
            return false;
        # If the post value doesn't match row, return post
        return (getPost($blogKey) != $row[$key])? getPost($blogKey) : $row[$key];
    }
# This is not the best way to check admin, but for this code it is fine
function isAdmin()
    {
        return (getSession('user_id') == 11);
    }

session_start();
include('mysqli_connect.php');
# Get the row
$row            =  (!empty($_GET['id']))? getBlogPost($dbc,$_GET['id']) : array();
# Set this value based on post or by db return
# Doing it this way will ensure, these key/value pairs are always set
$row['title']   =  getDefaultValue($row,'title');
# Set the default return for this key
$row['content'] =  getDefaultValue($row,'content');
?><head>
<?php include('header.html'); ?>
<style>
table, th, td {
border: 1px solid black;
border-collapse: collapse;
text-align: center;
background-color:#fcfcfc;
}
form {
    margin:auto;
}
</style>
</head>
<body>
    <form name="com" id="com" action="<?php echo getActionByRequest() ?>" method="post">
        <?php
        # You really only have to use this function to check this
        if (isAdmin()) { ?>

        Blog Title: <input type="text" value="<?php echo $row['title'] ?>" name="blog_title" />
        Post Content:<textarea name="blog_content"><?php echo $row['content'] ?></textarea>
        <input type="submit" value="submit">
        <?php } else { ?>
        <p align="center" style="color:red">You must be logged in as <strong>admin</strong> to post a blog!</p>
        <?php } ?>
    </form>
<?php
if (hasPostKeys()) { ?>
<script>
document.getElementById('com').submit();
</script>
<?php } ?>
</body>
</html>
Rasclatt
  • 12,498
  • 3
  • 25
  • 33