safety

thanks I changed my if to look for $_POST['id'] I made a hidden input on my form <input type="hidden" name="id" value="<?php echo $id ?>" /> This worked since i set the value for ID previously either to be the one in the URL or to NULL if(isset($_GET['id'])) { // Save each entry field as individual variables $id = $e['id']; $title = $e['title']; $entry = $e['entry']; } //if id not present leave form blank else{ $id = NULL; $title= NULL; $entry = NULL; } Thanks for all the help

you mean I can't run the script in a <form action=""> scenario? It does run the script fine, it's just always adding a new entry instead of updating the current entry. I'm not sure what you mean by bind_param() when you say don't repeat things, should i instead have the repeated lines in a variable or something? EDIT: or would it be best adding the repeated lines underneath the if/else statement?

probably worth adding that this code is in a separate file update.inc.php and the page i'm on hasa form <form method="post" action="inc/update.inc.php"> would this have something to do with it?

Hello. I'm trying to get this to work, however it only ever runs the "else" bit of code. Even if there is a value for id. So if I'm at say... mysite.com/admin.php?page=addentry&id=5 then it still creates a new entry, instead of updating the existing one // If there is an "id" present in url // Edit an existing entry if(isset($_GET['id'])) { $sql = "UPDATE news SET title=?, entry=? WHERE id=? LIMIT 1"; $stmt = $db->prepare($sql); $stmt->execute( array( $_POST['title'], $_POST['entry'], $_POST['id'] ) ); $stmt->closeCursor(); } else{ // Save a new entry into the database $sql = "INSERT INTO news (title, entry) VALUES (?, ?)"; $stmt = $db->prepare($sql); $stmt->execute( array($_POST['title'],$_POST['entry']) ); $stmt->closeCursor(); // Sanitize the page information for use in the success URL $page = htmlentities(strip_tags($_POST['page'])); // Get the ID of the entry we just saved $id_obj = $db->query("SELECT LAST_INSERT_ID()"); $id = $id_obj->fetch(); $id_obj->closeCursor(); } my guess is my "if" condition isn't set up right, but I can't see how. Any words of wisdom guys?

Update, i've decided to make a functions that always returns an array (or so I thought) function retrieveEntriesAlways($db, $id=NULL) { $sql = "SELECT id, title, entry, created FROM news ORDER BY created DESC"; $stmt = $db->prepare($sql); $stmt->execute(array($id)); $f = NULL; // Declare the variable to avoid errors $result = $db->query($sql); // Loop through returned results and store as an array while($row = $stmt->fetch()) { $f[] = $row; } return $f; } I added this to my index.php $f = retrieveEntriesAlways($db, $id); and now i'm sorted, thanks

I've had a go at what you suggested. Adding the $fulldisp check simply mirrors what I have in the main content box in the "topright" box. What I want is the topright box to display a list of entries, regardless of what page i'm on (regardless of if my address returns an "id" value or not). I'm not quite sure how to edit my function so that if the "id" value is present it returns a list of values (which need to be a singular list of values).

Sorry about the code tags, sorted it now. That makes sense, I'll have a go at that later, thanks for that.

Evening guys, I've got a slight problem. I'm building a news entry system on my website. The links to the content work fine, however, when I go to a page (for example id=3) the links in the "righttop" section display as: "Warning: Illegal string offset 'title' in C:\xampp\htdocs\blues\index.php on line 79" and the links there don't work. Basically links in the "topright" section work fine unless i'm on page with "id=" ; where I get the error messages. Here's the code for my index.php so you can see what I mean by "topright" <!DOCTYPE HTML> <html lang = "en"> <?php /* * Include the necessary files */ include_once 'inc/functions.inc.php'; include_once 'inc/db.inc.php'; // Open a database connection $db = new PDO(DB_INFO, DB_USER, DB_PASS); /* * Figure out what page is being requested (default is news) * Perform basic sanitization on the variable as well */ if(isset($_GET['page'])) { $page = htmlentities(strip_tags($_GET['page'])); } else { $page = 'news'; } // Determine if an entry ID was passed in the URL $id = (isset($_GET['id'])) ? (int) $_GET['id'] : NULL; // Load the entries $e = retrieveEntries($db, $id); // Get the fulldisp flag and remove it from the array $fulldisp = array_pop($e); // Sanitize the entry data $e = sanitizeData($e); ?> <head> <title>The Blues Bar | Free Live Music Venue</title> <meta charset = "UTF-8" /> <link rel = "stylesheet" type = "text/css" href = "style.css" /> </head> <body> <header> Free live music 7 days a week | A selection of guest ales </header> <div id="wrapper"> <nav class="clearfix"> <a rel="external" href="index.php" class="button">Home</a><a rel="external" href="index.php?page=news" class="button">News</a><a rel="external" href="index.php?page=giglistings" class="button">Gig Listings</a><a rel="external" href="index.php?page=venue" class="button">The Venue</a><a rel="external" href="index.php?page=photos" class="button">Photos</a><a rel="external" href="index.php?page=contact" class="button">Contact</a> <a id="twit" href="#"></a><a id="fb" href="#"></a> </nav> <div id="topcontent" class="clearfix"> <section id="lefttop"> <h1>Upcoming Gigs</h1><p>Sat 15th Sept - Jed ThomasMon 17th Sept - Jam Night</p> </section> <section id="righttop"> <h1>Recent News</h1><p> <?php foreach($e as $entrynav) { ?> <p> <a href="?page=news&id=<?php echo $entrynav['id'] ?>"> <?php echo $entrynav['title'] ?> </a> </p> <?php } // End the foreach loop ?> </section> </div> <div id="core" class="clearfix"> <section id="left"> <div id="entries"> <?php /* * Very basic security measure to ensure that * the page variable has been passed, enabling you to * ward off very basic mischief using htmlentities() */ if(isset($_GET['page'])) { $id = htmlentities($_GET['page']); } else { $page = NULL; } switch($page) { case 'giglistings': echo " <h1> Gig Listings </h1> <p> Here are the gig listings, under construction </p>"; break; case 'news' : // If the full display flag is set, show the entry // If the full display flag is set, show the entry if($fulldisp==1) { ?> <h2> <?php echo $e['title'] ?> </h2> <p> <?php echo $e['created']?><?php echo $e['entry'] ?> </p> <p class="backlink"> <a href="./">Back to Latest Entries</a> </p> <?php } // End the if statement // If the full display flag is 0, format linked entry titles else { // Loop through each entry foreach($e as $entry) { ?> <p> <a href="?page=news&id=<?php echo $entry['id'] ?>"> <?php echo $entry['title'] ?> </a> </p> <?php } // End the foreach loop } // End the else break; case 'venue': echo " <h1> Venue </h1> <p> This is the Blues Bar venue page, with all the information about the venue. </p>"; break; case 'photos': echo " <h1> Photos </h1> <p> Will be built at a later date when I have 100 years spare </p>"; break; case 'contact': echo " <h1> Contact </h1> <p> Contact us for a gig! </p>"; break; /* * Create a default page in case no variable is passed */ default: echo " <h1> Home </h1> <p> Lots of intresting indroductions to the blues bar etc. </p>"; break; } ?> </div> </section> <section id="right"> </section> </div> <footer> <p>The Blues Bar</p> </footer> </div> </body> </html> ] and here is my functions page: functions.inc.php <?php function retrieveEntries($db, $id=NULL) { /* * If an entry ID was supplied, load the associated entry */ if(isset($id)) { $sql = "SELECT title, entry , created FROM news WHERE id=? LIMIT 1"; $stmt = $db->prepare($sql); $stmt->execute(array($_GET['id'])); // Save the returned entry array $e = $stmt->fetch(); // Set the fulldisp flag for a single entry $fulldisp = 1; } /* * If no entry ID was supplied, load all entry titles for the page */ else { $sql = "SELECT id, title, entry, created FROM news ORDER BY created DESC"; $stmt = $db->prepare($sql); $stmt->execute(array($id)); $e = NULL; // Declare the variable to avoid errors $result = $db->query($sql); // Loop through returned results and store as an array while($row = $stmt->fetch()) { $e[] = $row; } // Set the fulldisp flag for multiple entries $fulldisp = 0; /* * If no entries were returned, display a default * message and set the fulldisp flag to display a * single entry */ if(!isset($e)) { $fulldisp = 1; $e = array( 'title' => 'No Entries Yet', 'entry' => '<a href="/admin.php">Post an entry!</a>' ); } } // Add the $fulldisp flag to the end of the array array_push($e, $fulldisp); return $e; } function sanitizeData($data) { // If $data is not an array, run strip_tags() if(!is_array($data)) { // Remove all tags except <a> tags return strip_tags($data, "<a>"); } // If $data is an array, process each element else { // Call sanitizeData recursively for each array element return array_map('sanitizeData', $data); } } ?> I don't know how easy it will be for someone to know what's going on with my code and to help me but I thought there's no harm in asking. Thanks for any help in advance

yes, I still got the same error "Warning: Invalid argument supplied for foreach() " the code that Barand/Dan came up with works great tho. I'm not sure why it's used in the book I'm using since it doesn't work. I'd be interested to know why if anyone knows, if not i'm happy with what I've got now.

I was using the wrong table name.. embarassing, but thanks very much for help with the troubleshooting jesirose. barand and dan thanks for your help with the code. It's all working as expected now i'm very happy. would have been stuck forever if it wasn't for you. Wish there was something I could do in return. is there?

ah right ok, why would my query fail then? This is full updated code: <?php function retrieveEntries($db, $id=NULL) { /* * If an entry ID was supplied, load the associated entry */ if(isset($id)) { $sql = "SELECT title, entry FROM entries WHERE id=? LIMIT 1"; $stmt = $db->prepare($sql); $stmt->execute(array($_GET['id'])); // Save the returned entry array $e = $stmt->fetch(); // Set the fulldisp flag for a single entry $fulldisp = 1; } /* * If no entry ID was supplied, load all entry titles */ else { $sql = "SELECT id, title FROM entries ORDER BY created DESC"; $result = $db->query($sql); // Loop through returned results and store as an array while ( $row = $result->fetch(PDO::FETCH_ASSOC) ) { $e[] = $row; } // Set the fulldisp flag for multiple entries $fulldisp = 0; /* * If no entries were returned, display a default * message and set the fulldisp flag to display a * single entry */ if(!isset($e)) { $fulldisp = 1; $e = array( 'title' => 'No Entries Yet', 'entry' => '<a href="/admin.php">Post an entry!</a>' ); } } // Add the $fulldisp flag to the end of the array array_push($e, $fulldisp); return $e; } function sanitizeData($data) { // If $data is not an array, run strip_tags() if(!is_array($data)) { // Remove all tags except <a> tags return strip_tags($data, "<a>"); } // If $data is an array, process each element else { // Call sanitizeData recursively for each array element return array_map('sanitizeData', $data); } } ?>

thanks dan, i did try that, but i got this error Fatal error: Call to a member function fetch() on a non-object in C:\xampp\htdocs\blues\inc\functions.inc.php on line 30 just wondering also, with the method you posted barand: will it store the results in an array with keys called 'id' and 'title'?

$db = new PDO(DB_INFO, DB_USER, DB_PASS);

Sorry I'm an idiot and I'm still not sure what you mean, tried $sql = "SELECT id, title FROM entries ORDER BY created DESC"; $result = $db->query($sql); // Loop through returned results and store as an array while ($db->fetch(PDO::FETCH_ASSOC)($result)) // check manual - I'm guessing at your class method here { $e[] = $row; } I'll understand if you've run out of patience with me.

thanks for replying. I'm now getting this error: Fatal error: Call to undefined method PDO::fetch_assoc() in C:\xampp\htdocs\blues\inc\functions.inc.php on line 30 I wasn't sure what you meant with "// check manual - I'm guessing at your class method here"