I updated my upload script to mysqli yesterday and after solving some errors and having trouble getting the results back from my database, I found another problem which I just can't find out why it is happening...
When I upload a new blog post it does upload it the right way to my database, but from the second I put a enter in the post it end up as an empty entry.
before i updated my script from mysql to mysqli this worked like a charm.
My guess is that I'm doing something wrong with the query, but I have no idea what I am missing here...
Thanks in advance!
here are the code parts for both the form and the upload script
<?php
session_start(); /// initialize session
include("important/passwords.php");
check_logged(); /// function checks if visitor is logged. If user is not logged the user is redirected to login.php page
// Start a session for displaying any form errors
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Upload Multiple Images Using jquery and PHP</title>
</head>
<body>
<div id="maindiv">
<div id="formdiv">
<h2 align="center">Upload en delete Blogs</h2>
<?php
if (isset($_SESSION['error']))
{
echo "<span id=\"error\"><p>" . $_SESSION['error'] . "</p></span>";
unset($_SESSION['error']);
}
?>
<form action="upload.php" method="post" enctype="multipart/form-data">
<label>Datum:</label>
<input type="text" name="date" style="width:250px;"/><br />
<label>Blogs:</label>
<textarea name="blog" style="width:250px;height:150px;"></textarea><br /><br />
<input type="submit" value="Upload" name="submit" id="submit" class="upload" />
</p>
</form>
<p>
<form action="delete_multiple.php" method="post" class="textdelete">
Wil je nieuwsberichten van de site halen?
<input type="submit" name="formSubmit" value="Submit" />
</form>
</p>
<p>
<form action="logout.php" method="post" class="textdelete">
<input type="submit" name="formSubmit" value="Logout" />
</form>
</p>
</div>
</div>
</body>
</html><?php
// Call our connection file
require("includes/conn.php");
$date=$_POST['date'];
$blog=$_POST['blog'];
$query="Insert into blog (date, blog) values ('$date', '$blog')";
mysqli_query($conn, $query) or die ('error updating database');
echo "Het nieuws is geupdate met '$date', '$blog'. De pagina zal over 5 seconden terug naar blogupload gaan.";
header('Refresh: 5; url=blogupload.php');
?></div>
You need to escape your data, in case it contains special characters.
$date = mysqli_real_escape_string($conn, $_POST['date']);
$blog = mysqli_real_escape_string($conn, $_POST['blog']);
But even better would be to use prepared statements, then you don't have to worry about this.
$query="Insert into blog (date, blog) values (?, ?)";
$stmt = mysqli_prepare($conn, $query);
mysqli_stmt_bind_param($stmt, "ss", $_POST['date'], $_POST['blog']);
mysqli_stmt_execute($stmt) or die(mysqli_error($conn));