CAN SOMEONE PLEASE TELL ME WHAT IS WRONG WITH MY CODE? I NEED TO LET PEOPLE VIEW THEIR SAVED NOTES… I Bolded the code that is wrong…
<?php
include 'notessecurity.php';
page_protect();
if($_POST['formSubmit'] == "Submit")
{
$errorMessage = "";
if(empty($_POST['formnotes']))
{
$errorMessage .= "
NO NOTES FOUND!";
}
$user_name = $_SESSION['user_name'];
$varnotes = $_POST['formnotes'];
if(empty($errorMessage))
{
$db = mysql_connect("INFO TO CONNECT");
if(!$db) die("Error connecting to database.");
mysql_select_db("databasename" ,$db);
$sql_insert = "INSERT into `notestable`
(`user_name`,`notes`) VALUES ('$user_name','$varnotes') ";
mysql_query($sql_insert) or die("Insertion Failed:" . mysql_error());
header("Location: note_submit.php");
exit();
}
}
function PrepSQL($value)
{
if(get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
$value = "'" . mysql_real_escape_string($value) . "'";
return($value);
}
?>
User Notes
label,a
{
font-family : Arial, Helvetica, sans-serif;
font-size : 16px;
}
<?php
if(!empty($errorMessage))
{
echo("
There was an error with your form:\n");
echo("
\n");
}
?>
<?php echo $_SESSION['user_name']; ?>
Enter Your Note(s) HERE:
[b]<?php
$u = mysql_real_escape_string($_SESSION['user_name']);
$q = "SELECT *
FROM notestable
WHERE user_name='".$u."'
ORDER BY id DESC
LIMIT 1";
$query = mysql_query($q);
$row = $mysql_fetch_object($query);
echo $row->notes.' by: '.$row->user_name;
?>[/b]
