Please help with admin area of forms module

bretonmage · Hangin' Around Joined: Mar 30, 2004 Posts: 34

I've made my own Forms module, the user enters a form which is then sent in email form, and also is inserted into the database (all of that works).

My problem is with the admin area, I cannot get it to work (absolutely NO output within the while() statement, even the simple text). Can anyone take a look at it for me please?

Code:

<?php

/*********************************************************************/
/* Squad Forms admin module made by bretonmage (untouchablesite.com) */
/*********************************************************************/

if (!eregi("admin.php", $_SERVER['PHP_SELF'])) { die ("Access Denied"); }
$querystr = "SELECT radminsuper, admlanguage FROM ".$prefix."_authors where aid='$aid'";
$result = sql_query($querystr, $dbi) or die ("invalied query");
list($radminsuper) = sql_fetch_row($result, $dbi);
if ($radminsuper==1) {

include("header.php");

$tablequery = "SELECT radio, sender_name, sender_email, sender_aim, sender_msn, sender_icq, sender_yahoo, message FROM ".$prefix."_squad_forms'";
$resultforms = sql_query($tablequery, $dbi);

while ($resultforms = sql_query($tablequery, $dbi)) {

Opentable();

echo $resultforms['".$prefix."_squad_forms'];
$radio = $row["radio"];
$sender_name = $row["sender_name"];
$sender_email = $row["sender_email"];
$sender_aim = $row["sender_aim"];
$sender_msn = $row["sender_msn"];
$sender_icq = $row["sender_icq"];
$sender_yahoo = $row["sender_yahoo"];
$message = $row["message"];

Closetable();

echo "$sender_name sent an email with the subject of $radio. The message was: $message <a href=\"mailto:$sender_email\">$sender_email</a> AIM: $sender_aim MSN: $sender_msn ICQ: $sender_icq Yahoo: $sender_yahoo ";

};

include("footer.php");

} else {
echo "Access Denied";
}

?>

Raven · Posted: Sat Jun 12, 2004 4:00 pm

Try changing this line

Code:

while ($resultforms = sql_query($tablequery, $dbi)) {

to

Code:

while ($row = sql_fetch_row($resultforms, $dbi)) {

The way you have it wrtitten you are just executing the query and not fetching anything.

bretonmage · Hangin' Around Joined: Mar 30, 2004 Posts: 34

When I do that, I get this error:

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home2/untoucha/public_html/includes/sql_layer.php on line 286

Raven · Posted: Sat Jun 12, 2004 4:16 pm

That implies that your query => $resultforms = sql_query($tablequery, $dbi); Is not producing anything.

bretonmage · Hangin' Around Joined: Mar 30, 2004 Posts: 34

Hmmm....

I don't quite understand what you mean... But I tried a new script that my friend suggested and it seems to be working; are there any security problems with it?

Code:

<?php

/*********************************************************************/
/* Squad Forms admin module made by bretonmage (untouchablesite.com) */
/*********************************************************************/

if (!eregi("admin.php", $_SERVER['PHP_SELF'])) { die ("Access Denied"); }
$querystr = "SELECT radminsuper, admlanguage FROM ".$prefix."_authors where aid='$aid'";
$result = sql_query($querystr, $dbi) or die ("invalied query");
list($radminsuper) = sql_fetch_row($result, $dbi);
if ($radminsuper==1) {

include("header.php");

$dbname = "***";
$dbhost = "***";
$dbuser = "***";
$dbpasswd = "***";

$mysqlservername = $dbname;
$dbcnx = @mysql_connect($dbhost, $dbuser, $dbpasswd);
if (!$dbcnx) {
echo( "Unable to connect to the " . "database server at this time." );
exit();
}

if (! @mysql_select_db("$mysqlservername") ) {
echo( "Can't find " . "database." );
exit();
}
$result = @mysql_query("SELECT * FROM nuke_squad_forms");
while ($resultforms = mysql_fetch_array($result)) {
Opentable();
$radio = $resultforms['radio'];
$sender_name = $resultforms['sender_name'];
$sender_email = $resultforms['sender_email'];
$sender_aim = $resultforms['sender_aim'];
$sender_msn = $resultforms['sender_msn'];
$sender_icq = $resultforms['sender_icq'];
$sender_yahoo = $resultforms['sender_yahoo'];
$message = $resultforms['message'];
echo "$sender_name sent an email with the subject of $radio. ";
echo "The message was: $message ";
echo "<a href=\"mailto:$sender_email\">$sender_email</a> ";
echo "AIM: $sender_aim ";
echo "MSN: $sender_msn ";
echo "ICQ: $sender_icq ";
echo "Yahoo: $sender_yahoo ";
Closetable();

};

include("footer.php");

} else {
echo "Access Denied";
}

?>

bretonmage · Hangin' Around Joined: Mar 30, 2004 Posts: 34

Okay, well now my script looks like this:

Code:

<?php

/*********************************************************************/
/* Squad Forms admin module made by bretonmage (untouchablesite.com) */
/* Thanks to Tristan for helping me get it working. :-) */
/*********************************************************************/

if (!eregi("admin.php", $_SERVER['PHP_SELF'])) { die ("Access Denied"); }
$querystr = "SELECT radminsuper, admlanguage FROM ".$prefix."_authors where aid='$aid'";
$result = sql_query($querystr, $dbi) or die ("invalied query");
list($radminsuper) = sql_fetch_row($result, $dbi);
if ($radminsuper==1) {

include("header.php");
GraphicAdmin();

$mysqlservername = $dbname;
$dbcnx = @mysql_connect($dbhost, $dbuname, $dbpass);
if (!$dbcnx) {
echo( "Unable to connect to the " . "database server at this time." );
exit();
}

if (! @mysql_select_db("$mysqlservername") ) {
echo( "Can't find " . "database." );
exit();
}
$result = @mysql_query("SELECT * FROM nuke_squad_forms");

Opentable();
echo "<center>Welcome to the Squad Forms administration module. Here you can view forms that have been sent by your members.</center>";

Closetable();
echo " ";

while ($resultforms = mysql_fetch_array($result)) {
Opentable();
$radio = $resultforms['radio'];
$sender_name = $resultforms['sender_name'];
$sender_email = $resultforms['sender_email'];
$sender_aim = $resultforms['sender_aim'];
$sender_msn = $resultforms['sender_msn'];
$sender_icq = $resultforms['sender_icq'];
$sender_yahoo = $resultforms['sender_yahoo'];
$message = $resultforms['message'];

echo "'<a href=\"mailto:$sender_email\">$sender_name</a>' sent an email with the subject of '$radio'. ";
if ($radio != "Joining" AND $radio != "Rejoining") {
echo "The message was: <hr><center>$message <hr></center>";
}
else {
echo " ";
};
echo "Email: <a href=\"mailto:$sender_email\">$sender_email</a> ";
echo "AIM: <a href=\"aim:goim?screenname=$sender_aim&message=Hi+$sender_aim.+Are+you+there?\">$sender_aim</a> ";
echo "MSN: $sender_msn ";
echo "ICQ: $sender_icq ";
echo "Yahoo: $sender_yahoo ";

Closetable();
echo " ";

};

include("footer.php");

} else {
echo "Access Denied";
}

?>

My question is, how can I make a link that will delete a record from the table? Will I need a new admin page?

bretonmage · Hangin' Around Joined: Mar 30, 2004 Posts: 34

Actually, I just got the script to delete records from the table. Unfortunately it deletes ALL records. Shocked

Here's the script so far:

Code:

<?php

/*********************************************************************/
/* Squad Forms admin module made by bretonmage (untouchablesite.com) */
/* Thanks to Tristan for helping me get it working. :-) */
/*********************************************************************/

if (!eregi("admin.php", $_SERVER['PHP_SELF'])) { die ("Access Denied"); }
$querystr = "SELECT radminsuper, admlanguage FROM ".$prefix."_authors where aid='$aid'";
$result = sql_query($querystr, $dbi) or die ("invalied query");
list($radminsuper) = sql_fetch_row($result, $dbi);
if ($radminsuper==1) {

include("header.php");
GraphicAdmin();

$mysqlservername = $dbname;
$dbcnx = @mysql_connect($dbhost, $dbuname, $dbpass);
if (!$dbcnx) {
echo( "Unable to connect to the " . "database server at this time." );
exit();
}

if (! @mysql_select_db("$mysqlservername") ) {
echo( "Can't find " . "database." );
exit();
}
$result = @mysql_query("SELECT * FROM ".$prefix."_squad_forms");

Opentable();
echo "<center>Welcome to the Squad Forms administration module. Here you can view forms that have been sent by your members.</center>";

Closetable();
echo " ";

while ($resultforms = mysql_fetch_array($result)) {
Opentable();
$form_id = $resultforms['form_id'];
$radio = $resultforms['radio'];
$sender_name = $resultforms['sender_name'];
$sender_email = $resultforms['sender_email'];
$sender_aim = $resultforms['sender_aim'];
$sender_msn = $resultforms['sender_msn'];
$sender_icq = $resultforms['sender_icq'];
$sender_yahoo = $resultforms['sender_yahoo'];
$message = $resultforms['message'];

echo "'<a href=\"mailto:$sender_email\">$sender_name</a>' sent an email with the subject of '$radio'. ";
if ($radio != "Joining" AND $radio != "Rejoining") {
echo "The message was: <hr><center>$message <hr></center>";
}
else {
echo " ";
};
echo "Email: <a href=\"mailto:$sender_email\">$sender_email</a> ";
echo "AIM: <a href=\"aim:goim?screenname=$sender_aim&message=Hi+$sender_aim.+Are+you+there?\">$sender_aim</a> ";
echo "MSN: $sender_msn ";
echo "ICQ: $sender_icq ";
echo "Yahoo: $sender_yahoo ";
echo "Delete?";
echo "<form ENCTYPE=\"multipart/form-data\" action=\"admin.php?op=squad_forms\" method=\"post\">";
echo "<input type=\"radio\" name=\"deleterecord\" value=\"yes\">Yes ";
echo "<input type=\"radio\" name=\"deleterecord\" value=\"no\">No ";

if ($deleterecord == "yes") {
$db->sql_query("DELETE FROM ".$prefix."_squad_forms WHERE form_id = $form_id");
}
elseif ($deleterecord == "no") {
}

echo "<INPUT TYPE=\"submit\" NAME=\"submit\" VALUE=\"Submit\">";
echo "</FORM>";

Closetable();
echo " ";

};

include("footer.php");

} else {
echo "Access Denied";
}

?>