mac_gyver

the form in the code at the top of this thread is not expecting a link to supply the value. it is expecting the value in - $_POST['id'] - and the reason for the posted form processing code to see an isset/non-empty value is because it is probably a php error message about an undefined index.

that would indicate that $_POST['id'] isset() and isn't empty(), and that the php code ran through the execute() call without any error. the most likely problem is that the id value being submitted to this page of code isn't a value that matches any data. what is the code that produces the 'delete' form that submits to the posted code? btw - is the 'confirmation' form in the posted code even being displayed? since the posted code operates on the initial submitted $_POST['id'] value from the 'delete' form, i doubt that any of the html in the posted code is even being output.

what DOES the page do when you submit the form? does the page just refresh and re-display the form, produce a blank page, or does it redirect to one of - teamsTabel.php/read.php/error.php?

here's an alternative method. build the links that you output on a page, starting with a copy of any existing get parameters, plus whatever get parameters the link contributes. an example - // get a copy of the existing $_GET parameters (leave $_GET unmodified so that any other functionality on the page has access to the original values) $get = #_GET; //create link(s), such as pagination links // set the element in $get that this portion of the software is responsible for $get['page'] = x; // build the query string part the the url $qs = http_build_query($get,'','&amp;'); // produce the link echo "<a href='?$qs'>x</a>"; by dong this, any code that produces a link only sets, modifies, or unsets the get parameters that it is responsible for, but the link carries all other existing $_GET parameters.

except that you didn't need to change the variable names and when you did, you mixed them up. within the scope of the function code, you have a SELECT sql query statement, you are preparing it, executing it, and fetching a row of data from it. why not use $query, $stmt, $result, and $row for variable names for this operation regardless of the meaning of the data that is being queried for and save the time and trouble, since there's a mistake now, it took you to push a bunch of keys on a keyboard?

do NOT put external, unknown, dynamic values directly into an sql query statement, since any sql special characters in the values will break the sql query syntax. use a (proper) prepared query, with a ? place-holder in the sql query statement for each value, then supply the values as an array to the execute([...]) call.

what exactly is the error you are getting and what is your database specific code that's using the submitted value?

according to your php script, you have changed the database root password to be 'deanna1999'. you will need to change phpmyadmin's configuration password setting to be the same.

in the XAMPP control panel, the MySQL Admin tab opens phpmyadmin.

most of the all-in-one development systems (XAMPP...) include phpmyadmin. which/how did you obtain - your development system?

you can examine the data in the database using a tool like phpmyadmin. next, you should have php's error_reporting set to E_ALL and display_errors set to ON, preferably in the php.ini on your system, so that php will help you by reporting and displaying all the errors that it detects. while you are making changes to the php.ini, set output_buffering to OFF, so that any messages from your code or non-fatal php error messages will be seen and not discarded at the header() redirects. you should also have error handling for all the statements that can fail. for database statements, just use exceptions for errors and in most cases let php catch and handle the exception, where it will use its error related settings to control what happens with the actual error information (database statement errors will 'automatically' get displayed/logged the same as php errors.) if you need, someone can post how to enable exceptions for errors for the mysqli database extension or if you switch to the much simpler PDO database extension.

if you index (pivot) the $result data using the job_number and the line_item as the array indexes when you retrieve it, you can DIRECTLY test/access the data. no searching is needed. what is the overall goal of doing this? if its to find if data already exists in a database, in order to decide if you should perform some operation on it, you can (probably, depending on what overall goal you are trying to accomplish) do this all in a query, by setting up a unique composite index consisting of the job_number and line_item.

i would create arrays with the choices in them, then just use in_array() to validate the submitted values. once you have an array of the choices, you can dynamically build the <option>...</option> markup, so that just by altering the defining arrays, you can change what the code does without writing out conditional logic or html markup for every possible choice.

you can only supply data values via prepared query place-holders. you cannot supply identifiers (column, table, database names) or sql syntax/keywords (comparison operators.) to safely do what you are trying, you must validate that the submitted column name and comparison operator are exactly and only permitted values, before building the sql query statement with them in it.

there's nothing about this code that makes it worth using. well written code should be - secure provide a good user experience be simple, general-purpose, and reusable either work or tell you why it doesn't work this code fails on all these points. if you are just starting out, you need to start small. learn how to write valid html for a form with just a single form field and the php code needed to process the form data. learn how to securely build, execute, and test/use the result from SELECT and INSERT queries. you can then use the knowledge you have learned to produce ever increasingly complex applications or to debug code that others have written.

it's not exactly what i wrote. what i wrote does not involve redirecting. if the user has permission to access the page, you just proceed with producing and outputting the expected page. if not, produce and output the no access content. this is referred to as a Content Management System (CMS.) you would store the information that's different for each page - title, meta tags, description, content, ... in a database table, using the page id as a reference. when a page gets requested, you would get the page id from the url, query for the matching data, and produce the page. i was wondering why you weren't already getting a redirect loop. i'll guess that when using javascript, the browser knows it is already on that url and doesn't do anything, whereas the web server telling the browser to redirect, causes it to go ahead and preform the redirect even if already on that url. you need to get rid of the redirecting altogether, or at least for the case where the user has permission to access the page.

if you check your browser's developer console, you will find out why. the diff.js CDN needs to use https there also may be a version difference. the object is just named Diff, so the JsDiff in the following produces an error, which can be seen in the developer console as well - var diff = JsDiff.diffChars($(this).text(), cellBelow.text());

the above implies that your page access security is the absence of a redirect to the actual url of a page. this is not secure, since anyone can just directly request the 'rigth path' url. on each request for a page, the code on that page needs to retrieve the user's permissions and determine what the user can do and see on that page. if a user doesn't have permission to access a page, the content you produce and output on that page would be the unique 'no_access.php' content. if you are not already doing so, the navigation you produce and output on any page would be any common links and only those links that the current user has permission for. this would probably be a good time to dynamically produce the content and output it using a single physical .php file, rather than to create and maintain complete .php code files for each page.

the computer doesn't care what the actual image numbers/filenames end up being, why do you think it will be a problem? you would just query to get any person's list of image data/filenames matching any condition you want.

having error handling, using exceptions and php's error related settings, would have immediately told you about a column naming problem.

there's nothing technically wrong with the posted snippet of code. however - do you have php's error reporting set to E_ALL and display_errors set to ON, so that php would help you by reporting and displaying all the errors it detects? do you have error handling for all the database statements that can fail - connection, query, prepare, and execute, so that you would know if/why they are failing? the easiest way of doing this, taking just one line of code, is to use exceptions for errors and let php catch the exception where it will use its error related settings (see the point above) to control what happens with the actual error information. have you validated all the inputs (the session variable) before executing the code so that you know if the inputs have expected value(s)? have you determined if the posted code is even being executed by outputting a test message where these lines of code are at?

yes. a row per uploaded file. the only repeated information would be the user's id, relating the row back to the user it belongs with. databases are for storing data. each file that gets uploaded has who (user id), what (title, description), when (datetime), where (it's customary to record the ip address of the user for each piece of data that gets stored from them), and possibly some other why information associated with it. what do you consider to be a significant storage problem? with today's server hardware, large database tables start at 5-10 million rows.

using a timestamp also has this problem, since multiple concurrent uploads can all complete in the same second and attempt to use the same timestamp value. the simplest, fool-proof, and 'atomic' way of doing this is to insert a row into a database table that has an auto-increment integer primary index column, get the last insert id from that query, then use the last insert id as part of the file name.

to help prevent cross site scripting, any dynamic value that you use in a html context, your email message, needs to have htmlentities() applied to it.

from the fgetcsv documentation -