Why is an empty string being passed to the DB instead of the user's response?

S

Stas Karpik2020-04-21 17:18:46

PHP

Stas Karpik, 2020-04-21 17:18:46

Hello, there was a problem that, when editing an old message, instead of the user's response to prompt() with a new message, an empty string is written to the database.

if ($_GET['act'] == 'edit' && $_GET['id']) {
    $id = $_GET['id'];
    // берем из БД старое сообщение пользователя
    $stm = $dbh->prepare("SELECT `message` FROM `messages` WHERE `id` = '$id' ");
    $stm->execute();
    $oldMessages = $stm->fetch();
    $oldMessage = $oldMessages[0];
    // спрашиваем у пользователя новое сообщение
    function prompt($oldMessage){
        echo("<script type='text/javascript'> var answer = prompt('Edit message', '$oldMessage'); </script>");
        $editMessage = "<script type='text/javascript'> document.write(answer); </script>";
        return($editMessage);
    }
    // получаем новое значение
    $editMessage = prompt($oldMessage);
    // заменяем кавычки
    $editMessage=str_replace("'",'&#039;',$editMessage);
    $editMessage=str_replace('"','&quot;',$editMessage);
    if ($editMessage){
        // вставляем новое сообщение пользователя
        $stm = $dbh->prepare("UPDATE `messages` SET `message` = '$editMessage' WHERE id = '$id' ");
        $stm->execute(); ?>
        <script>
            //уведомление об успешном редактировании
            alert("Editing was successfull");
            location.replace("//stasnepidoras.com/config/chat_room.php");
        </script>
        <?php }
}

I would be sincerely grateful for your help.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

F

FanatPHP, 2020-04-21
@FanatPHP

This is very funny code.
PHP doesn't work the way you imagine.
Read here phpfaq.ru/newbie/na_tanke

Q

qdevelopment, 2020-04-21
@qdevelopment

Firstly, it is better to edit the data using the POST method. Second, you are using prepared queries incorrectly .