1

Here is my code (apologize for the length):

$companyid = $_SESSION["companyid"];

$_SESSION["youtubeurl"] = mysql_real_escape_string($_POST["youtubeurl"]);
$_SESSION["logourl"] = mysql_real_escape_string($_POST["logourl"]);

$_SESSION["plan1head"] = mysql_real_escape_string($_POST["plan1head"]);
$_SESSION["plan1description"] = mysql_real_escape_string($_POST["plan1description"]);
$_SESSION["plan1headline1"] = mysql_real_escape_string($_POST["plan1headline1"]);
$_SESSION["plan1price1"] = mysql_real_escape_string($_POST["plan1price1"]);
$_SESSION["plan1headline2"] = mysql_real_escape_string($_POST["plan1headline2"]);
$_SESSION["plan1price2"] = mysql_real_escape_string($_POST["plan1price2"]);

$_SESSION["plan2head"] = mysql_real_escape_string($_POST["plan2head"]);
$_SESSION["plan2description"] = mysql_real_escape_string($_POST["plan2description"]);
$_SESSION["plan2headline1"] = mysql_real_escape_string($_POST["plan2headline1"]);
$_SESSION["plan2price1"] = mysql_real_escape_string($_POST["plan2price1"]);
$_SESSION["plan2headline2"] = mysql_real_escape_string($_POST["plan2headline2"]);
$_SESSION["plan2price2"] = mysql_real_escape_string($_POST["plan2price2"]);

$_SESSION["plan3head"] = mysql_real_escape_string($_POST["plan3head"]);
$_SESSION["plan3description"] = mysql_real_escape_string($_POST["plan3description"]);
$_SESSION["plan3headline1"] = mysql_real_escape_string($_POST["plan3headline1"]);
$_SESSION["plan3price1"] = mysql_real_escape_string($_POST["plan3price1"]);
$_SESSION["plan3headline2"] = mysql_real_escape_string($_POST["plan3headline2"]);
$_SESSION["plan3price2"] = mysql_real_escape_string($_POST["plan3price2"]);

$_SESSION["plan1price1type"] = $_POST["plan1price1type"];
$_SESSION["plan1price2type"] = $_POST["plan1price2type"];
$_SESSION["plan2price1type"] = $_POST["plan2price1type"];
$_SESSION["plan2price2type"] = $_POST["plan2price2type"];
$_SESSION["plan3price1type"] = $_POST["plan3price1type"];
$_SESSION["plan3price2type"] = $_POST["plan3price2type"];

mysql_connect("localhost", "name", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

$getstats = mysql_query("SELECT * FROM company WHERE companyid =   
'$companyid'");

$stats = mysql_fetch_array($getstats);

$calculaterating = $stats["ratingscore"] / $stats["ratingcount"];

if (!$calculaterating) {

$rating = "None";

} else {

$rating = $calculaterating;

}

$usage = $stats["usage"];

if(isset($_POST["submitpreview"])) {

$companyid = $_SESSION["companyid"];

$youtubeurl = $_SESSION["youtubeurl"];
$logourl = $_SESSION["logourl"];

$plan1head = $_SESSION["plan1head"];
$plan1description = $_SESSION["plan1description"];
$plan1headline1 = $_SESSION["plan1headline1"];
$plan1price1 = $_SESSION["plan1price1"];
$plan1headline2 = $_SESSION["plan1headline2"];
$plan1price2 = $_SESSION["plan1price2"];

$plan2head = $_SESSION["plan2head"];
$plan2description = $_SESSION["plan2description"];
$plan2headline1 = $_SESSION["plan2headline1"];
$plan2price1 = $_SESSION["plan2price1"];
$plan2headline2 = $_SESSION["plan2headline2"];
$plan2price2 = $_SESSION["plan2price2"];

$plan3head = $_SESSION["plan3head"];
$plan3description = $_SESSION["plan3description"];
$plan3headline1 = $_SESSION["plan3headline1"];
$plan3price1 = $_SESSION["plan3price1"];
$plan3headline2 = $_SESSION["plan3headline2"];
$plan3price2 = $_SESSION["plan3price2"];

$headlines = $_SESSION["headlines"];

$plan1price1type = $_SESSION["plan1price1type"];
$plan1price2type = $_SESSION["plan1price2type"];
$plan2price1type = $_SESSION["plan2price1type"];
$plan2price2type = $_SESSION["plan2price2type"];
$plan3price1type = $_SESSION["plan3price1type"];
$plan3price2type = $_SESSION["plan3price2type"];

mysql_connect("localhost", "name", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

$islisted = mysql_query("SELECT * FROM companypage WHERE companyid = '$companyid'");

if ($islisted) {
mysql_query("UPDATE companypage SET
plan1head = '$plan1head',
plan1description = '$plan1description',
plan1price1type = '$plan1price1type',
plan1headline1 = '$plan1headline1',
plan1price1 = '$plan1price1',
plan1price2type = '$plan1price2type',
plan1headline2 = '$plan1headline2',
plan1price2 = '$plan1price2',
plan2head = '$plan2head', 
plan2description = '$plan2description',
plan2price1type = '$plan2price1type',
plan2headline1 = '$plan2headline1',
plan2price1 = '$plan2price1',
plan2price2type = '$plan2price2type',
plan2headline2 = '$plan2headline2',
plan2price2 = '$plan2price2',
plan3head = '$plan3head',
plan3description = '$plan3description',
plan3price1type = '$plan3price1type',
plan3headline1 = '$plan3headline1',
plan3price1 = '$plan3price1',
plan3price2type = '$plan3price2type',
plan3headline2 = '$plan3headline2',
plan3price2 = '$plan3price2',
logourl = '$logourl',
youtubeurl = '$youtubeurl',
headlines = '$headlines'
WHERE companyid='$companyid'") or die(mysql_error());

} else {

mysql_query("INSERT INTO companypage (
companyid,
    plan1head,
plan1description,
plan1price1type,
plan1headline1,
plan1price1,
plan1price2type,
plan1headline2,
plan1price2,
plan2head,
plan2description,
plan2price1type,
plan2headline1,
plan2price1,
plan2price2type,
plan2headline2,
plan2price2,
plan3head,
plan3description,
plan3price1type,
plan3headline1,
plan3price1,
plan3price2type,
plan3headline2,
plan3price2,
logourl,
youtubeurl,
headlines) 

VALUES(
    '$companyid',
'$plan1head',
'$plan1description',
'$plan1price1type',
'$plan1headline1',
'$plan1price1',
'$plan1price2type',
'$plan1headline2',
'$plan1price2',
'$plan2head',
'$plan2description',
'$plan2price1type',
'$plan2headline1',
'$plan2price1',
'$plan2price2type',
'$plan2headline2',
'$plan2price2',
'$plan3head',
'$plan3description',
'$plan3price1type',
'$plan3headline1',
'$plan3price1',
'$plan3price2type',
'$plan3headline2',
'$plan3price2',
'$logourl',
'$youtubeurl',
'$headlines')
") or die(mysql_error());

}

echo "<script>window.close();</script";

}

Essentially, what is happening here is a user has a page that is there own that is can be changed by a series of forms, drop-down menus, etc. To create or update their page, they fill out the forms and hit a preview button, which is a target_blank, and a new tab pops up previewing what their page will look like. All the variables from the previous page are first stuck into sessions for later use. On the "preview" page is an update button. If they like what they see, they hit the update button (thus executing "submit preview" in the PHP code). The PHP code then checks to see if they have created a page or not, and either adds them to the table or updates their current table based on the variables.

Here is my problem. All variables, session or POST, display correctly when the preview page loads the first time around. However, when submit preview is executed and the information is stored in the database, the following is stored: companyid is stored as 0, and everything else is stored as blank in the table (even though it is not supposed to accept null values?). This holds true both for inserting and updating. So it obviously makes me think I'm doing something wrong with My session variables (which are loaded at the first of the page from the $_POST variables, which I know are right because they show up right on the preview page) are somehow being passed wrong when I pass them back to normal variables on the execution of submitpreview. But what really stumps me is that the companyid is not being stored right either (stored as 0 instead of the correct id), even though when I echo it out in other places it shows up correct. I'm sure what I'm doing is a simple dumb mistake, but I can't figure it out.

Thanks for your help and sorry for the length of code and question.

Improve this question
2

2 Answers 2

Reset to default
2

If that's your actual script, you have not connected to MySQL yet at the time you execute all those mysql_real_escape_string() calls. You MUST be connected for this function to work. Right now it'll just be returning a long series of boolean FALSE values to signify the error.

Move your DB connection code to the start of the script, and it should start working better. But of course, you should upgrade to mysqli or PDO, since mysql_*() is deprecated.

And of course, NEVER assume a DB operation has succeeded. ALways check return values for failure, e.g.:

$var = mysql_real_escape_string($_POST['var']) or die(mysql_error());
                                              ^^^^^^^^^^^^^^^^^^^^^^

would have shown you what the problem was.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I believe the user is connected because a new row is entered into the database but all of the fields are blank.
@bowlerae: yes, because the DB connection is established AFTER the m_r_e_s() calls.
Thanks, this was indeed the answer. Since I don't have to repost all this long code, I've got another question. Now the page doesn't load and gives me this error: PHP Parse error: syntax error, unexpected T_IF. It says the problem is with this code: "if ($islisted) {", which determines whether the company page needs to be inserted or updated. It gives me this error whether I frame it as "if (mysql_fetch_array($islisted)) {" or how I have it now.
that means you've missed something BEFORE that spot. maybe a ; or }.
2

You are missing 

session_start();

That must be the first line any file where you expect to use session variables.

See the php.net documentation on the subject.

Improve this answer

3 Comments

Not actually correct. You just need to call session start before sending any output to the browser - and with appropriate output buffering even that many not be an issue. Important distinction.
I do have session_start() on the beginning of the page, sorry for omitting that. Do I need to restate it on the page refresh? Meaning once submit_preview is executed?
You will need the session_start() statement before you can get any session variables. If you have it there, then perhaps your problem is something else.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.