webdeveloper123

ok I got rid of the action attribute but now it's giving me even more errors. I will have a go at validating get input before using it in the query. Its now giving me an Fatal error: Uncaught Error: Call to undefined function check_date() in /var/www/vhosts/ On my date function which is in an include file. This is the function: function check_date($input, $format='m/d/Y') { $date = DateTime::createFromFormat($format, $input); return ($date && $date->format($format) === $input); } Can you help please?

I changed it to this, to give the error on the page rather than re-directing if (!$member) { $errorMember = 'That Id was not found'; } else { $errorMember = ''; } Than I echo that $errorMember variable just above the html form But I still can't seem to spot the programming mistake your talking about mac_gyver. This is one of my first shots at PDO, so your defiantly saying the error (or at least one of them) lies in the query?

good point

would this help figure out the problem? <td><?php echo("<a href='edit.php?user_id=" . $member["customer_id"] . "'>Edit</a>"); ?></td> That's my edit link next to each record

the GET variable is fine, I have echoed it and it gives correct value

ok that's a long list to go through, thanks for your help

yes it's enabled. I am echoing $member and I get "Array to string conversion in" error but then underneath it shows "Array58" 58 relating to the record i'm on (which is the correct record btw)

same folder

What's wrong with that. I had 2 options, either print an error message on the same page of forward to custom error page, and It was in the book so I thought it was quite good

Hi Guys, I've been at this all day and can't seem to figure it out. I have a customers page, which lists all records on the page (this is only a one table db). Next to each customer I have a Edit and Delete link. I'm working on edit right now but the values won't update in the db. When ever I try to edit values in edit page (form populates just fine), when I press submit I get taken to a page-not-found page which I had done earlier incase in the query string the id entered did not exist in the database. This was working fine. Now I have put the code in for the update query, even though the id exists is still takes me to the page not found page. And If I comment out the block of code that sends me to the page not found page, all I get is reposted to the same form with only "First Name" at the top, nothing at all else on the page. And none of the errors show either, but the errors were all displaying in my insert form. Insert form is fine. Here is my code: Many thanks <?php declare(strict_types = 1); ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title> Document </title> </head> <body> <?php include 'includes/db.php'; include 'includes/pdofunction.php'; $food_choice = ['Burgers', 'Pizza', 'Kebabs',]; $id = $_GET['user_id'] ?? ''; $sql = "SELECT * FROM customer_details WHERE customer_id = :id;"; $statement = $pdo->prepare($sql); $statement->execute(['id' => $id]); $member = $statement->fetch(); if (!$member) { http_response_code(404); header('Location: page-not-found.php'); exit; } $customers = [ 'customer_id' => '', 'first_name' => '', 'last_name' => '', 'address' => '', 'town' => '', 'county' => '', 'post_code' => '', 'fav_food' => '', 'birthdate' => '', 'email' => '', 'terms' => '', ]; $errors = [ 'first_name' => '', 'last_name' => '', 'address' => '', 'town' => '', 'county' => '', 'post_code' => '', 'fav_food' => '', 'birthdate' => '', 'email' => '', 'terms' => '', ]; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $customers['customer_id'] = $id; $customers['first_name'] = $_POST['fname']; $customers['last_name'] = $_POST['lname']; $customers['address'] = $_POST['address']; $customers['town'] = $_POST['town']; $customers['county'] = $_POST['county']; $customers['post_code'] = $_POST['postcode']; $customers['birthdate'] = $_POST['birthday']; $customers['email'] = $email = $_POST['email']; $customers['terms'] = (isset($_POST['terms']) and $_POST['terms'] == true) ? true : false; $customers['fav_food'] = $_POST['fav_food'] ?? ''; $valid = in_array($customers['fav_food'] , $food_choice); $errors['fav_food'] = $valid ? '' : 'Must enter a food type'; $errors['first_name'] = is_text($customers['first_name'], 2, 20) ? '' : 'Must be 2-20 characters'; $errors['last_name'] = is_text($customers['last_name'], 2, 20) ? '' : 'Must be 2-20 characters'; $errors['address'] = is_text($customers['address'], 6, 20) ? '' : 'Must be 6-20 characters'; $errors['town'] = is_text($customers['town'], 3, 20) ? '' : 'Must be 3-20 characters'; $errors['county'] = is_text($customers['county'], 3, 20) ? '' : 'Must be 3-20 characters'; $errors['post_code'] = is_text($customers['post_code'], 5, 8) ? '' : 'Must be 5-8 characters'; if (!check_date($customers['birthdate']) ) { $errors['birthdate'] = 'Invalid date'; } else { $errors['birthdate'] = ''; } $errors['email'] = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL) ? '' : 'Email not valid'; $errors['terms'] = $customers['terms'] ? '' : 'You must agree to the terms and conditions'; $invalid = implode($errors); // Join error messages if ($invalid) { // If there are errors $message = 'Please correct the following errors:'; // Do not process } else { // Otherwise $message = 'Your data was valid'; // Can process data $sql = "UPDATE customer_details SET first_name = :first_name, last_name = :last_name, address = :address, town = :town, county = :county, post_code = :post_code, fav_food = :fav_food, birthdate = :birthdate, email = :email, terms = :terms WHERE customer_id = :id;"; $statement = $pdo->prepare($sql); $statement->execute($customers); } } echo $id; ?> <form action="edit.php" method="post"> <label for="fname">First name:</label><br> <input type="text" id="fname" name="fname" value="<?= htmlspecialchars($member['first_name']) ?>"><br> <span class="error"><?= $errors['first_name'] ?></span><br> <label for="lname">Last name:</label><br> <input type="text" id="lname" name="lname" value="<?= htmlspecialchars($member['last_name']) ?>"><br> <span class="error"><?= $errors['last_name'] ?></span><br> <label for="address">Address</label><br> <input type="text" id="address" name="address" value="<?= htmlspecialchars($member['address']) ?>"><br> <span class="error"><?= $errors['address'] ?></span><br> <label for="town">Town</label><br> <input type="text" id="town" name="town" value="<?= htmlspecialchars($member['town']) ?>"><br> <span class="error"><?= $errors['town'] ?></span><br> <label for="county">County</label><br> <input type="text" id="county" name="county" value="<?= htmlspecialchars($member['county']) ?>"><br> <span class="error"><?= $errors['county'] ?></span><br> <label for="postcode">Post Code</label><br> <input type="text" id="postcode" name="postcode" value="<?= htmlspecialchars($member['post_code']) ?>"><br><br> <span class="error"><?= $errors['post_code'] ?></span><br> <label for="food">What is your favourite food?</label> <?php foreach ($food_choice as $option) { ?> <br> <input type="radio" name="fav_food" value="<?= $option ?>" <?= ($member['fav_food'] == $option) ? 'checked' : '' ?>> <?= $option ?> <?php } ?> <br> <span class="error"><?= $errors['fav_food'] ?></span><br> <label for="birthday">Birthday:</label> <input type="date" id="birthday" name="birthday" value="<?= htmlspecialchars($member['birthdate']) ?>"><br><br> <span class="error"><?= $errors['birthdate'] ?></span><br> <label for="email">Email</label><br> <input type="text" id="email" name="email" value="<?= htmlspecialchars($member['email']) ?>"><br><br> <span class="error"><?= $errors['email'] ?></span><br> <input type="checkbox" id="terms" name="terms" value="true" <?= $member['terms'] ? 'checked' : '' ?>> <label for="terms">I agree to the terms.</label><br><br> <span class="error"><?= $errors['terms'] ?></span><br> <input type="submit" value="Submit"> </form> </body> </html>

ok thanks for your help

so for example I've finished my insert sql form, all validated, everything working, really happy with it But now I am going to create an update sql form. So do I have to revalidate the data? I already validated it in the insert sql, so now I have to do it again for the update form? Wouldn't that be repeating code again and again?

I get what your saying. yes that's all i've done with it

And what about when I create my Update sql form. Do I have to re-validate everything again? Or put it in an includes statement or something?

So your saying apart from htmlspecialchars, don't sanitize data, keep sending it back until it passes validation. And also, your saying don't use the built in sanitization filters?

thanks barand

In my database I'm saving as 'Y-m-d' so would I update that line to reflect this?

is there something like checkdate which will take 1 argument as a variable or as $customers['birthdate'] and see that the date is valid? Im looking around and can't fine one

actually checkdate needs 3 parameters so that won't work

can I not do something like this, if all I want to do is make sure it is actually a valid date, nothing more $errors['birthdate'] = checkdate($customers['birthdate']) ? '' : 'Not a valid date';

Hi Guys, My question is if I am doing something like this: $customers['first_name'] = $_POST['fname']; $customers['last_name'] = $_POST['lname']; $errors['first_name'] = is_text($customers['first_name'], 2, 20) ? '' : 'Must be 2-20 characters'; $errors['last_name'] = is_text($customers['last_name'], 2, 20) ? '' : 'Must be 2-20 characters'; How would I validate a date? There seems to be a function called checkdate and validatedate is mentioned (although no longer on php.net) so It must have been taken out. Btw, the date is not known before hand, as it's coming from a form which asks for users birthdate. Many thanks

use the built in function : number_format. using the 2nd argument (decimals) should allow you to print out to 1.25

Hey Barand, Yes that's pretty much what the new book I got shows how to do it, put the errors into an error array and then at the end see if there are any errors, then go from there. But I got some of the steps mixed up and ended up getting to where I got too.

I dont think you need to do that, (fees1 to fees5,) just save the values of fees1 to fees5 in variables, like $num1 and $num2 then just add each variable like you would do in maths. btw that doesn't seem right, You got $num1 then you add it to $sum2 and $sum3 etc, but you dont have $sum2 anywhere in a variale

there is a SUM function in SQL, you can find it here https://www.w3schools.com/sql/sql_count_avg_sum.asp