The following code:

<?php } else {
if (isset($_GET['go'])) {
$name=filter_html($_POST['name']);
$auth=filter_html($_POST['auth']);
$desc=filter_html($_POST['elm4']);
if (isset($_POST['updater']))
{
mysql_query("DELETE FROM `posts` WHERE `id`='$_GET[updater]'");
mysql_query("INSERT INTO `posts` (`id`,`name`,`date`,`author`,`desc`) VALUES ('$_POST[updater]','$name',$_POST[thedate],'$auth','$desc');");
}
else
mysql_query("INSERT INTO `posts` (`name`,`date`,`author`,`desc`) VALUES ('$name',NOW(),'$auth','$desc');");

}?>
for a post/editing script does not work. The posting is fine, but editing does not work at all. The following code is used on the editing page to check if we're editing a post, and if so provide necessary information.

<?php if ($_GET['add']) echo '<input type="hidden" name="updater" value="'.$data['id'].'"><input type="hidden" name="thedate" value="'.$data['date'].'">';?>

The MySQL query does not make any errors, and it is executed, but the edits do not appear.

You can't have arrays in quotes (or they wont be read as an array). Try using curly braces around the values:


{$_POST['updater']}

or do like your second example and leave the string to use the index:
"this is a string with a ".$_POST['variable']." in it."

It is perfectly ok to have quotes around an array in a string--it will still be read as a variable, as long as they are encased in double quotes.

I would suggest adding die() to the end of the MySQL query to throw an error if MySQL returns one. I have a feeling that it is a MySQL error, and you can't see it.



<?php } else {
if (isset($_GET['go'])) {
$name=filter_html($_POST['name']);
$auth=filter_html($_POST['auth']);
$desc=filter_html($_POST['elm4']);
if (isset($_POST['updater']))
{
mysql_query("DELETE FROM `posts` WHERE `id`='$_GET[updater]'") or die(mysql_error());;
mysql_query("INSERT INTO `posts` (`id`,`name`,`date`,`author`,`desc`) VALUES ('$_POST[updater]','$name',$_POST[thedate],'$auth','$desc');") or die(mysql_error());;
}
else
mysql_query("INSERT INTO `posts` (`name`,`date`,`author`,`desc`) VALUES ('$name',NOW(),'$auth','$desc');") or die(mysql_error());;

}?>


Good luck.

It is not okay to have quotes around an array.


As in Perl, you can access a value from the array inside double quotes. However, with PHP you'll need to enclose your array between curly braces.

http://php.net/manual/en/function.array.php

or as Traq suggested pull it out of the quotes.

It is perfectly ok to have quotes around an array in a string--it will still be read as a variable, as long as they are encased in double quotes.

we were referring specifically to complex variables (i.e., arrays with keys, like his $_POST['updater']) variable.


"string with $_POST[updater]" // incorrect, but works
"string with $_POST['updater']" // incorrect, does not work
"string with ".$_POST['updater'] // correct, works
"string with {$_POST['updater']}" // correct, works
see here (http://www.php.net/manual/en/language.types.array.php)for more.



bluewalrus beat me to it

As traq posted above, I strongly suggest always using this method:


$string = 'Example '.$variable.' example';

There are other methods, but I prefer this one.

Here's why:
1) It's consistent. It always works, whatever kind of variable you want to use.
2) Single quotes don't do anything special-- they just contain everything inside them and display it literally. So you can use the $ symbol or anything else you'd like without worrying.
2b) Single quotes actually process faster. Saves time on the server. (Maybe minimal in lots of cases, but doesn't hurt of course.)
3) The only thing you ever need to worry about is escaping single quotes: 'can\'t';
4) It's cleaner from a logical point of view. Embedding variables in output is messy. For example, if you want to translate the website ever, you would not want to have that sort of code. That might be beyond what you're doing now though.


I know it looks like it's more work to type it that way, but it's only a few more characters and once you are in the habit of it you will be writing better code and never have to guess again about what format might work and what might not.

agreed; but don't sell those curly braces short. they're a lifesaver in SQL statements:
mysql_query("SELECT * FROM `$table` WHERE `{$search['column']}` LIKE '%{$search['value']}%' LIMIT 1");
// or similar
They're also very, very, very useful if you ever use HEREDOC syntax (e.g., for large html blocks):

<<< HEREDOC
<p>This is a really long $whatever and it has a lot of embedded variables, like in this table:</p>
<table>
<tbody>
<tr><th>{$th['col1']}</th><th>{$th['col2']}</th><th>{$th['col3']}</th></tr>
<tr><td>{$td['row1']['col1']}</td><td>{$td['row1']['col2']}</td><td>{$td['row1']['col3']}</td></tr>
<tr><td>{$td['row2']['col1']}</td><td>{$td['row2']['col2']}</td><td>{$td['row2']['col3']}</td></tr>
</tbody>
</table>
<p>etc...</p>
HEREDOC
;



of course, DD's syntax highlighter doesn't clarify much in these examples. :(

Actually, I never use them. For all of the examples above, even something that complicated, I use the simple method from my last post. (HEREDOCs might be an exception, but I use them so rarely that's irrelevant.)
This is mostly because I always use single quotes. It's a habit now, probably not actually that useful in every single case.
And that's an interesting idea for SQL.

You give a incorrect format of super global array i.e. POST and GET
mysql_query("DELETE FROM `posts` WHERE `id`='$_GET[updater]'"); //Incorrect
it should be
mysql_query("DELETE FROM `posts` WHERE `id`=".$_GET[updater].");

Actually, I never use them. For all of the examples above, even something that complicated, I use the simple method from my last post. (HEREDOCs might be an exception, but I use them so rarely that's irrelevant.)
This is mostly because I always use single quotes. It's a habit now, probably not actually that useful in every single case.
And that's an interesting idea for SQL.

The SQL example is over-simplified, of course, but that is one place I almost always use double-quotes. For the most part, I use single-quotes.

I started using heredoc more frequently when I started getting closer to building whole CMS-like applications. I actually prefer it to using an output buffer for pushing content into a template (and I can, in most cases).

@JShor: I tried that, but it didn't give me any errors

@Everyone above: I've been PHPing for about a year now, and never used curly brackets and have not ever had any problems. And the "updater" value is not an array, just a simple input. Nevertheless, I tried it and it made no difference.

@Zak: Actually, you don't need to do that.

Working on it at the time, and wow. I feel really stupid and unworthy of using a computer. I had been trying to find GET variables, when I had been passing data through POST. Wow. Wow. Wooooow. Sorry for the spam. At least we all learned a lesson about curly brackets.

...the "updater" value is not an array, just a simple input.$_POST is the array in $_POST['updater']. Most people don't think of it that way, but it is.


I had been trying to find GET variables, when I had been passing data through POST. Wow. Wow. Wooooow...

it won't be the last time. I've been there. every few months, I get stuck trying to "fix" a custom function, only to realize (after two hours or so) that I'd simply forgotten to include the return statement. :)