benanamen

So you prefer to continue building on a bad DB design? Your problems are only going to compound if you continue on that path. Your DB is the foundation of all the code you are going to write. If that is not correct, everything you build on it will not be correct. The smart thing would be to make a copy of the site and do the fixes and testing locally and then backup and replace the "old" site. It would also appear you have additional problems repeating data with your "types". Types should be a separate table with a unique id which you would use to reference the data. You will want to learn about "Foreign Keys".

What he didn't mention is that your code is obsolete and has been completely removed from Php. You need to use PDO. https://phpdelusions.net/pdo

It's probably because every PDO tutorial out there does the "Try/Catch show user the system error " way of doing it. I used to do that as well until I was schooled by @Jaques1 on the proper way with set_error_handler. The only place I use a try/catch now is on duplicate username on registration.

You have a typo in your data-target for the details button. There is a dash that does not belong there after the #. WRONG data-target="#-details-1" CORRECT data-target="#details-1" You also have a separate bracket problem in the scroll JS. And next time use the code tags.

And that's our fault? Too bad you are not wise enough to take advantage of our "superior knowledge". Buh Bye!

I have been following this thread from the beginning. What you have is an XY problem. See my signature for an explanation. You claim to have been in security for several years yet you don't even know the most basic of form handling and you're attempting to write some anti-hacking script? Whatever you're trying to solve is not the problem and your approach is just nonsense. Why don't you tell us what the actual real problem is exactly, not your attempted solution to it.

Email me the files and I will respond with my skype.

I am available. My contact is in my profile.

How did you "inspect it"? Try this and see what happens. If it works when you hard code the value, the problem is before the edit page. if(!empty($_POST['id'])){ # set form input fields $sql = 'SELECT id, name, email FROM author WHERE id = :id'; $query = $dbConnection->prepare($sql); $query->bindValue(':id', $_POST['id']); $query->execute(); $row = $query->fetch(); $name = $row['name']; $email = $row['email']; $id = $row['id']; } else{ echo 'ID is missing'; }

Have you verified $data['id'] actually has a value? Easiest way is to just view the page source in your browser. Your problems may actually start before you even get to the last form you posted

You have not done any checks to see if the ID exists before you try to use it. You are also not sending the id value when you submit your form. Use a hidden id field in your form to POST the id value when the form is submitted. How are you expecting to get the ID when the form first loads? Are you clicking an "Edit" link? if so, is the ID attached to it as in edit.php?id=myid If so, change POST to GET. $query->bindValue(':id', $_GET['id']); Then in your form set a hidden id field to the value of GET. Then in the script check if the Server request method = POST then do your edit. That is the basics. There is a security consideration that needs to be addressed with the hidden field though. You don't want to allow any user supplied data to be injected directly into your page. I will leave that part for others to tell you about.

Ok, now we are getting somewhere. Let's start from the beginning. You shouldn't be using sha256. You need to use password_hash. Line 13 should be if ($_SERVER['REQUEST_METHOD'] == 'POST') Depending on getting the name of a button to be submitted for your script to work can be problematic in certain instances. Do not SELECT *. Specify the exact columns you want. $_SERVER['PHP_SELF'] is vulnerable to an XSS Attack. Just leave the action out to submit to the same page. You need to kill the script at the header redirect. die(header("Location: index.php")); You need to use prepared statements On the index page, there is no need for another query. You have already set the fname session on login. Just use it now. index.php <?php session_start(); ?> <p>Hello <?= $_SESSION['fname'] ?> You are logged in as Admin!</p> I highly recommend you use PDO https://phpdelusions.net/pdo

No. What you have is nothing close to login code. I will let someone else take it from here.

How do you expect to login a particular user without a WHERE condition? Of course you are going to keep getting the same user.

Your server is vulnerable to a Clickjacking Attack. You have NUMEROUS stray tag html errors. You are running an outdated version of Apache Server and are announcing it to the entire world.

If you want a real critique from programmers you should post your code on github.

With Laravel as a starting reference, what have you done that improves on it? What do you plan to do in the future to improve on it?

You don't need two queries. Perhaps @Barand will show you.

@cyberRobot, the OP has mysqli_select_db () bass akwards.

Now you just need to fix the bad DB design.

Using a DB is overkill for this. You should also be using the month number for the key, not the month name. <?php $months = [ "1" => "January", "2" => "February", "3" => "March", "4" => "April", "5" => "May", "6" => "June", "7" => "July", "8" => "August", "9" => "September", "10" => "October", "11" => "November", "12" => "December" ]; ?> <select name="month"> <option>Select Month</option> <?php foreach ($months as $month_number => $month_name):?> <option value='<?= $month_number ?>'><?= $month_name ?></option> <?php endforeach;?> </select>

I have to jump in as well. Your post is probably the #1 worst way to ask for help. The only thing that is missing is the "Urgent, I need it fixed by tommorow".

I am available for hire. My contact is in my profile.

Instead of doing the includes, why don't you start with a single page of code and get that to work first. The index error is because you are trying to use a POST variable before it is set. You need to make sure it is set before you try to use it. Your code is so all over the place I can't even follow it well. I will leave it to others to take it from here unless you can post revised single page code.

You are using print_r wrong and several of them are formatted wrong anyways. Replace all the print_r's with echo but even then, the code is still badly written. There is no need to echo/print $100% HTML. http://php.net/manual/en/function.print-r.php