Addform help please

8 posts by 2 authors in: Forums > CMS Builder
Last Post: April 3, 2012   (RSS)

HI

On my addform I can get it to post to my database but on my
ListPage Fields I have createdBy.fullname and I can not get it to show up when I use the addform

what do I need to change ..this field will also be important - as I will have 4 categories and each one will have a different addform to use. And their info will ONLY will need to be displayed back to them. So whatever they post they should be able to see on ONLY their user profile.

<?php
require_once "cmsAdmin/lib/viewer_functions.php";
if (!$CURRENT_USER) { websiteLogin_redirectToLogin(); }


// submit form
if (@$_REQUEST['submit']) {

// error checking
$errorsAndAlerts = "";
if ([url "mailto:!@$_REQUEST['name'"]!@$_REQUEST['name'[/url]]) { $errorsAndAlerts .= "Please specify name!<br/>\n"; }
if ([url "mailto:!@$_REQUEST['address'"]!@$_REQUEST['address'[/url]]) { $errorsAndAlerts .= "Please specify address!<br/>\n"; }

// turn off strict mysql error checking for: STRICT_ALL_TABLES
mysqlStrictMode(false); // disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later)

// add record
if (!@$errorsAndAlerts) {
mysql_query("INSERT INTO `{$TABLE_PREFIX}auto_referrals` SET
name = '".mysql_real_escape_string( $_REQUEST['name'] )."',
address = '".mysql_real_escape_string( $_REQUEST['address'] )."',
city = '".mysql_real_escape_string( $_REQUEST['city'] )."',
state = '".mysql_real_escape_string( $_REQUEST['state'] )."',
zip = '".mysql_real_escape_string( $_REQUEST['zip'] )."',
contact_phone = '".mysql_real_escape_string( $_REQUEST['contact_phone'] )."',
email = '".mysql_real_escape_string( $_REQUEST['email'] )."',
date_of_loss = '".mysql_real_escape_string( $_REQUEST['date_of_loss'] )."',
vehicle_make = '".mysql_real_escape_string( $_REQUEST['vehicle_make'] )."',
vehicle_model = '".mysql_real_escape_string( $_REQUEST['vehicle_model'] )."',
vehicle_year = '".mysql_real_escape_string( $_REQUEST['vehicle_year'] )."',
notes = '".mysql_real_escape_string( $_REQUEST['notes'] )."',



createdDate = NOW(),
updatedDate = NOW(),
createdByUserNum = 'num',
updatedByUserNum = 'num'")
or die("MySQL Error Creating Record:<br/>\n". htmlspecialchars(mysql_error()) . "\n");
$recordNum = mysql_insert_id();

// display thanks message and clear form
$errorsAndAlerts = "Thanks, we've added that record!";
$_REQUEST = array();
}

}

?>
Patricia

www.thenetgirl.com

Re: [thenetgirl] Addform help please

By (Deleted User) - March 28, 2012

Hi thenetgirl,

I think what you're asking for is to add the num of the user who created the record, which you're doing toward the bottom of your code but with one important thing to change:
//....preceding code snippet
createdByUserNum = 'num',
updatedByUserNum = 'num'")


should be

//....preceding code snippet
createdByUserNum = $CURRENT_USER['num'],
updatedByUserNum = $CURRENT_USER['num']")


The $CURRENT_USER global is where the current user information is stored - any user logged in via the website membership plugin has this array created, containing all their information.

Let me know if this helps,

Tom

Re: [Tom P] Addform help please

No that didnt work the form just disappears then.
Patricia

www.thenetgirl.com

Re: [thenetgirl] Addform help please

Do you have any suggestions?



Also I cant seem to get the drop menu - Prioirty to post to the database I attached the form. My deadline is close and I need help please.
Patricia

www.thenetgirl.com

Re: [thenetgirl] Addform help please

I was able to get the priority to post properly but still no user so it doesnt appear on the list in the CMS in his account.
Patricia

www.thenetgirl.com

Re: [thenetgirl] Addform help please

Finally found the right code



createdByUserNum = '".mysql_escape($CURRENT_USER['num'])."',
updatedByUserNum = '".mysql_escape($CURRENT_USER['num'])."'")
Patricia

www.thenetgirl.com

Re: [thenetgirl] Addform help please

By (Deleted User) - April 3, 2012

Hi thenetgirl,

In my code I forgot to break out of the string, hence the form disappearing altogether (the $CURRENT_USER['num'] needed to be bookended with ". and .") and, as you discovered, it's also best practice to escape any content being inserted into the database, just in case.

Glad it's all resolved!

Tom