2012-12-07, 07:12 AM
This is not for a MyBB forum and I really don't care about vulnerabilities at the present. I just want it working.
That is the page I am trying to execute. You submit the form, and...
It inserts the first bit fine, then when it gets to inserting the post, assuming you call it "Blah"
Why would it be erroring that?
Yes, I ensured that it was the correct table in the DB.
<?php
/*
NEWTHREAD
Ben Cousins
2012
Hope it's right this time.
*/
session_start();
//Get config script...
require '../inc/config.php';
//Assign Pagetitle, and get Header:
$pagetitle = 'New Thread';
include '../tmp/header.php';
echo '<br><br><br><h1 class="pagetitle">Asperger\'s Network - Create a New Thread</h1><br>';
if(!$_POST){
$sqltitle = mysql_query("SELECT `name` from `f-forums` WHERE `id` = '{$_GET["f"]}'") or die(mysql_error());
while($row = mysql_fetch_array($sqltitle)){
echo '<br><div class="cathead"><h1>New Thread in Forum: '.$row["name"]. '</h1></div>';
}
?>
<center><table><tbody><form method="post" action="" name="newthread">
<tr><td class="u-details">New Thread Title</td><td class="u-post-content"><input type="text" name="title" id="title" /></td></tr>
<tr><td class="u-details">Post Content</td><td class="u-post-content"><textarea rows="30" cols="45" name="content" id="content"></textarea></td></tr>
<tr><td class="u-details"><input type="submit" value="Post Thread" /></td><td class="u-post-content"></td></tr></form>
</tbody></table></center>
<?php
}
else{
//Get the stuff from the form...
$title = $_POST['title'];
$content = $_POST['content'];
mysql_query("INSERT INTO `f-topics` (f_id, title, poster_id)
VALUES ('{$_GET["f"]}', '{$title}', '{$id}')") or die(mysql_error());
$gettitle = mysql_query("SELECT * from `f-topics` WHERE `title` = ".mysql_real_escape_string($title)."") or die(mysql_error());
while($rowfid = mysql_fetch_assoc($sqltitle)){
mysql_query("INSERT INTO `f-posts` (t_id, content, poster_id)
VALUES ('{$rowfid["id"]}', '{$content}', '{$id}')") or die(mysql_error());
}
}
//And in closing
include '../tmp/footer.php';
?>
That is the page I am trying to execute. You submit the form, and...
It inserts the first bit fine, then when it gets to inserting the post, assuming you call it "Blah"
Quote:Unknown column 'Blah' in 'where clause'
Why would it be erroring that?
Yes, I ensured that it was the correct table in the DB.