ali ali - 2 months ago 9
MySQL Question

MySQL query keeps failing. page is not redirecting

I have this simple insert query that basically add one row to the db table. but it is not only adding the row but its not redirecting neither. i tried redirecting through javaScript, it gets redirected but still not adding the row. the page is live at:
http://arj-profile.com/public/new_subject.php
(when you go the link click on about widget and then click on add a subject.

i was originally trying this on mamp and i have tried turning on output buffering on php.ini too, still no luck.

any help appreciated. if you need additional information just console log on the above link or let me know i can provide it my entire tables and db as well.

the form page has the following code:

<!-- including functions -->
<?php include("../includes/db_connect.php") ?>
<?php require_once("../includes/functions.php"); ?>
<!-- query -->

<!-- end of query -->
<!-- including header -->
<?php include("../includes/header.php") ?>
<?php find_selected_page();?>
<div class="container-fluid">
<div class="row">
<!-- menu -->
<div class="col-md-3 sidebar">
<?php echo navigation(); ?>
</div>
<!-- body -->
<div class="col-md-9 body">

<form action="create_subject.php" method="post">
<p>Subject name:
<input type="text" name="menu_name" value=""/>
<p>
<p>Position
<select name="position">
<?php
$subject_set = find_all_subjects();
$subject_count = mysqli_num_rows ($subject_set);
for ($count = 1; $count <= ($subject_count + 1); $count++){
echo "<option value=\"{$count}\">{$count}</option>";
}
?>

</select>
</p>
<p>Visible:
<input type="radio" name="visible" value="0" />No
&nbsp
<input type="radio" name="visible" value="1" />Yes
</p>
<input type="submit" name="submit" value="Submit">
</p>
<br />
<!-- redirect -->
<a href="manage-content.php">Cancel</a>
</form>

</div>
</div>
</div>

<!-- footer -->
<?php include("../includes/footer.php") ?>


please try adding but filling out the form, as you see it goes to the following page which actually contains the query but it is not supposed to go there, it should just redirect back to the create_subject.php.

<?php include("../includes/db_connect.php") ?>
<?php require_once("../includes/functions.php"); ?>

<?php
if (isset($_POST['submit'])){
$menu_name = mysqli_prep($_POST["menu_name"]);
$position = (int) $_POST["position"];
$visible = (int) $_POST["visible"];

$menu_name = mysqli_prep($menu_name);

$query = "insert into subjects(";
$query = " menu_name, position, visible";
$query = ") values (";
$query = " '{$menu_name}', {$position}, {$visible}";
$query = ")";

$result = mysqli_query($connection, $query);
if ($result){
$msg = "Subject created";
redirect_to("manage_subject.php");
}
}else {
$msg = "Subject creation failed";
redirect_to("new_subject.php");

}
?>


<?php
if (isset($connection)){mysqli_close($connection); }
?>


in my function.php i have:

<?php

function redirect_to($new_location){
header("Location: " . $new_location);
exit;
}
function mysqli_prep($string){
global $connection;
$escape_string = mysqli_real_escape_string($cnnection, $string);
return $escape_string;
}

function confirm_query($result_set){
if (!$result_set){
die("DB Query Failed");
}
}

function find_all_subjects(){
global $connection;
$query = "select * ";
$query .= "from subjects ";
$query .= "where visible = 1 ";
$query .= "order by position asc";
$subject_set = mysqli_query($connection, $query);
confirm_query($subject_set);
return $subject_set;
}

function find_pages_for_subjects($subject_id){
global $connection;
$safe_subject_id = mysqli_real_escape_string($connection, $subject_id);
$query = "select * ";
$query .= "from pages ";
$query .= "where visible = 1 ";
// an aditional line to relate pages to the subject, subject_id is what rlate two tables together
// dont forget space between lines
$query .= "AND subject_id = {$safe_subject_id} ";
$query .= "order by position asc";
$page_set = mysqli_query($connection, $query);
// the result captured can not be used twice for two different queries
// so result varibale should have unique names
confirm_query($page_set);
return $page_set;
}

function find_subject_by_id($subject_id){
global $connection;
$safe_subject_id = mysqli_real_escape_string($connection, $subject_id);
$query = "select * ";
$query .= "from subjects ";
$query .= "where id = {$safe_subject_id} ";
$query .= "limit 1";

$subject_set = mysqli_query($connection, $query);
confirm_query($subject_set);
if ($subject = mysqli_fetch_assoc($subject_set)){

return $subject;
}else {
return null;
}
}


function find_page_by_id($page_id){
global $connection;
$safe_page_id = mysqli_real_escape_string($connection, $page_id);
$query = "select * ";
$query .= "from pages ";
$query .= "where id = {$safe_page_id} ";
$query .= "limit 1";

$page_set = mysqli_query($connection, $query);
confirm_query($page_set);
if ($page = mysqli_fetch_assoc($page_set)){

return $page;
}else {
return null;
}
}
function find_selected_page(){
global $current_subject;
global $current_page;
if (isset($_GET["subject"])){

$current_subject = find_subject_by_id($_GET["subject"]);
$current_page = null;

} elseif (isset($_GET["page"])){

$current_page = find_page_by_id($_GET["page"]);
$current_subject = null;

} else{

$current_subject = null;
$current_page = null;

}

}

function navigation(){

$output = "<ul>";
$subject_set = find_all_subjects();
while($subject = mysqli_fetch_assoc($subject_set)){

$output .= "<li><a href=\"manage-content.php?subject=";
$output .= urlencode($subject["id"]);
$output .= "\">";
$output .= $subject["menu_name"];
$output .= "</a>";
$page_set = find_pages_for_subjects($subject["id"]);
$output .= "<ul>";
while($page = mysqli_fetch_assoc($page_set)){
$output .= "<li><a href=\"manage-content.php?page=";
$output .= urlencode($page["id"]);
$output .= "\">";
$output .= $page["menu_name"];
$output .= "</a></li>";
}
mysqli_free_result($page_set);
$output .= "</ul></li>";
}
mysqli_free_result($subject_set);
$output .= "</ul>";
return $output;
}

?>

Answer
function mysqli_prep( $string ){
    global $connection;
    return mysqli_real_escape_string( $connection, $string );  
}



<?php include("../includes/db_connect.php") ?>
<?php require_once("../includes/functions.php"); ?>

<?php

    $redir='new_subject.php';

    if ( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit'] ) ){

        $menu_name = mysqli_prep( $_POST["menu_name"] );
        $position = (int) $_POST["position"];
        $visible = (int) $_POST["visible"];

        $query = "insert into subjects 
            ( menu_name, position, visible ) 
            values 
            ( '{$menu_name}', {$position}, {$visible} )"; 



        $result = mysqli_query( $connection, $query );
        if ( $connection ) mysqli_close( $connection );

        if( $result ) $redir='manage_subject.php';
    }

    redirect_to( $redir );
?>