I have just completed Build a Blog - 6b. I can get the page working, it displays a list of titles. I click on a title and it takes me to the update page. I do a little updating and then hit the update button but I get the following error message:
Warning: Cannot modify header information - headers already sent by (output started at C:\htdocs\WebgorillaPHP\admin\blog_Update.php:8) in C:\htdocs\WebgorillaPHP\admin\blog_Update.php on line 64
Invalid ID specified
One thing I have noticed is that the actual update takes place... but I'd love to know how to get rid of the above error message. Usually this has something to do with spaces around the <?php tags right? I have checked this but doesn't seem to sort the problem out. Also, I don't understand why I am getting the 'Invalid ID Specified' message as well... hmmm...
I'd be very very grateful if someone could help me out here.
Many Thanks
Stuart
CODE
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<?php
// Assign connection data to variables
$host = "localhost";
$user = "*****";
$pass = "*****";
$db = "*****";
// Connect to MySQL
$connection = mysql_connect($host, $user, $pass) or die('Error: Could not connect you to MySQL');
// Connect to database
mysql_select_db($db) or die('Error: Could not connect you to the database');
// check to see if the Update button has been pressed
if(isset($_POST['update'])){
// if so we need to clean out an nasty code and check to see if the entry has
// been password protected.
$id = htmlspecialchars(strip_tags($_POST['id']));
$month = htmlspecialchars(strip_tags($_POST['month']));
$date = htmlspecialchars(strip_tags($_POST['date']));
$year = htmlspecialchars(strip_tags($_POST['year']));
$time = htmlspecialchars(strip_tags($_POST['time']));
$entry = htmlspecialchars(strip_tags($_POST['entry']));
$title = htmlspecialchars(strip_tags($_POST['title']));
// check to see if the password protect option has been checked
if(isset($_POST['password'])){
if($_POST['password'] == "1"){
// if so then assign the value '1' to the password variable
$password = $_POST['password'];
}
} else {
// if the password has not been checked then assign '0' to the variable.
$password = 0;
}
// add line breaks into the entry field
$entry = nl2br($entry);
// escape quotes if the server doesn't do it automatically
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$entry = addslashes($entry);
}
// create our timestamp. Strtotime() means 'String to timestamp' and it
// takes a regular date and turns it into a timestamp.
$timestamp = strtotime($month." ".$date." ".$year." ".$time);
// update our table where id=$id
$result = mysql_query("UPDATE blog SET timestamp='$timestamp', title='$title', entry='$entry', password='$password' WHERE id='$id' LIMIT 1") or die();
header("Location: blog_Update.php?id=" . $id);
}
// get the id of the entry we want to edit
// below if statement performs 3 checks, 2 to determine whether id has been set
// and one to ensure that the 'id' is numeric. If any of these checks fail
// an error message will be output.
if(!isset($_GET['id']) || empty($_GET['id']) || !is_numeric($_GET['id'])){
die('Invalid ID specified');
} else {
// if none of the checks fail then assign the value of 'id' to a variable.
$id = (int)$_GET['id'];
}
// perform query to select everything in the blog where id=$id.
$result = mysql_query("SELECT * FROM blog WHERE id='$id'") or die('Error: Could not perform query because: '.mysql_error());
while($row = mysql_fetch_array($result)){
// we will rename all our variables "$old_xxx" to distringuish them from the new ones.
$old_timestamp = $row['timestamp'];
$old_title = stripslashes($row['title']);
$old_entry = stripslashes($row['entry']);
$old_password = $row['password'];
$old_month = date("F",$old_timestamp);
$old_date = date("d",$old_timestamp);
$old_year = date("Y",$old_timestamp);
$old_time = date("H:i",$old_timestamp);
// Having a double quote (") in our title messes with the form and can ruin our title.
// So we're replacing any double quote with a single.
$old_title = str_replace('"','\'', $old_title);
// Gets rid of the HTML <br />s so we can read our entry more easily.
$old_entry = str_replace('<br />','', $old_entry);
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><input type="hidden" name="id" value="<?php echo $id; ?>"/>
<strong><label for="month">Date (month, day, year):</label></strong>
<select name="month" id="month">
<option value="<?php echo $old_month; ?>"><?php echo $old_month; ?></option>
<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>
<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>
<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>
</select>
<input type="text" name="date" id="date" size="2" value="<?php echo $old_date; ?>"/>
<select name="year" id="year">
<option value="<?php echo $old_year; ?>"><?php echo $old_year; ?></option>
<option value="2007">2007</option>
<option value="2008">2008</option>
<option value="2009">2008</option>
<option value="2010">2010</option>
</select>
<label for="time">Time: <input type="text" name="time" id="time" size="5" value="<?php echo $old_time; ?>"/></label></p>
<p><label for="title">Title: <input type="text" name="title" id="title" size="40" value="<?php echo $old_title; ?>"/></label></p>
<p><label for="password protect">Password Protect? <input type="checkbox" name="password" id="password" value="1" <?php if($old_password == 1) echo "checked=\"checked\""; ?>/></label></p>
<p><textarea cols="80" rows="20" name="entry" id="entry"><?php echo $old_entry; ?></textarea></p>
<p><input type="submit" name="update" id="update" value="Update"></p>
</form>
<?php
mysql_close();
?>
</body>
</html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<?php
// Assign connection data to variables
$host = "localhost";
$user = "*****";
$pass = "*****";
$db = "*****";
// Connect to MySQL
$connection = mysql_connect($host, $user, $pass) or die('Error: Could not connect you to MySQL');
// Connect to database
mysql_select_db($db) or die('Error: Could not connect you to the database');
// check to see if the Update button has been pressed
if(isset($_POST['update'])){
// if so we need to clean out an nasty code and check to see if the entry has
// been password protected.
$id = htmlspecialchars(strip_tags($_POST['id']));
$month = htmlspecialchars(strip_tags($_POST['month']));
$date = htmlspecialchars(strip_tags($_POST['date']));
$year = htmlspecialchars(strip_tags($_POST['year']));
$time = htmlspecialchars(strip_tags($_POST['time']));
$entry = htmlspecialchars(strip_tags($_POST['entry']));
$title = htmlspecialchars(strip_tags($_POST['title']));
// check to see if the password protect option has been checked
if(isset($_POST['password'])){
if($_POST['password'] == "1"){
// if so then assign the value '1' to the password variable
$password = $_POST['password'];
}
} else {
// if the password has not been checked then assign '0' to the variable.
$password = 0;
}
// add line breaks into the entry field
$entry = nl2br($entry);
// escape quotes if the server doesn't do it automatically
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$entry = addslashes($entry);
}
// create our timestamp. Strtotime() means 'String to timestamp' and it
// takes a regular date and turns it into a timestamp.
$timestamp = strtotime($month." ".$date." ".$year." ".$time);
// update our table where id=$id
$result = mysql_query("UPDATE blog SET timestamp='$timestamp', title='$title', entry='$entry', password='$password' WHERE id='$id' LIMIT 1") or die();
header("Location: blog_Update.php?id=" . $id);
}
// get the id of the entry we want to edit
// below if statement performs 3 checks, 2 to determine whether id has been set
// and one to ensure that the 'id' is numeric. If any of these checks fail
// an error message will be output.
if(!isset($_GET['id']) || empty($_GET['id']) || !is_numeric($_GET['id'])){
die('Invalid ID specified');
} else {
// if none of the checks fail then assign the value of 'id' to a variable.
$id = (int)$_GET['id'];
}
// perform query to select everything in the blog where id=$id.
$result = mysql_query("SELECT * FROM blog WHERE id='$id'") or die('Error: Could not perform query because: '.mysql_error());
while($row = mysql_fetch_array($result)){
// we will rename all our variables "$old_xxx" to distringuish them from the new ones.
$old_timestamp = $row['timestamp'];
$old_title = stripslashes($row['title']);
$old_entry = stripslashes($row['entry']);
$old_password = $row['password'];
$old_month = date("F",$old_timestamp);
$old_date = date("d",$old_timestamp);
$old_year = date("Y",$old_timestamp);
$old_time = date("H:i",$old_timestamp);
// Having a double quote (") in our title messes with the form and can ruin our title.
// So we're replacing any double quote with a single.
$old_title = str_replace('"','\'', $old_title);
// Gets rid of the HTML <br />s so we can read our entry more easily.
$old_entry = str_replace('<br />','', $old_entry);
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><input type="hidden" name="id" value="<?php echo $id; ?>"/>
<strong><label for="month">Date (month, day, year):</label></strong>
<select name="month" id="month">
<option value="<?php echo $old_month; ?>"><?php echo $old_month; ?></option>
<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>
<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>
<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>
</select>
<input type="text" name="date" id="date" size="2" value="<?php echo $old_date; ?>"/>
<select name="year" id="year">
<option value="<?php echo $old_year; ?>"><?php echo $old_year; ?></option>
<option value="2007">2007</option>
<option value="2008">2008</option>
<option value="2009">2008</option>
<option value="2010">2010</option>
</select>
<label for="time">Time: <input type="text" name="time" id="time" size="5" value="<?php echo $old_time; ?>"/></label></p>
<p><label for="title">Title: <input type="text" name="title" id="title" size="40" value="<?php echo $old_title; ?>"/></label></p>
<p><label for="password protect">Password Protect? <input type="checkbox" name="password" id="password" value="1" <?php if($old_password == 1) echo "checked=\"checked\""; ?>/></label></p>
<p><textarea cols="80" rows="20" name="entry" id="entry"><?php echo $old_entry; ?></textarea></p>
<p><input type="submit" name="update" id="update" value="Update"></p>
</form>
<?php
mysql_close();
?>
</body>
</html>
