jmr3460

Is this because of a security?

Can I create a global variable ($table) that can be used in my update script that I can use in MySQL queries? Also is is possible to upload a file to a MySQL DataBase? (May not be considered PHP question.) Like Images or data files? jmr3460

I just got my update form to work. The problem was I did not have one of my columns added in my print form. I added a hidden id column. Now my form only has about 7 notices that say that I have undefined indexes. These only come up when I click my edit link. How important is this? I am learning that it is very important to learn to read error statements. This is my whole: <?php $host = 'localhost'; $username = 'root'; $password = ''; $database ='contacts'; mysql_connect($host, $username, $password); mysql_select_db($database); $mysql_query_error = ''; function query($mysql_query){ global $mysql_query_error; $data = mysql_query($mysql_query); $mysql_query_error .= $mysql_query.'<br/>'; if (mysql_errno() !=0){ $mysql_query_error .= '<strong>Query failed: error# '.mysql_errno(). ' -- ' .mysql_error().'</strong><br/>'; } return $data; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <meta name="keywords" content="XTML 1.0, simplicityworks.org"/> <meta name="Discription" content="Simple XHTML page for SimplicityWorks PHP"/> <meta name="Author" content="Mark R."/> <title>SimplicityWorks PHP</title> <link rel="stylesheet" type="text/css" href="css/php.css" title="stylesheet"/> <style type="text/css"> td {padding:5px;border:solid 1px black;} </style> <!--}else if ($_POST['submit'] == 'Save Edits'){--> </head> <body> <?php $fname = $_POST['fname']; $lname = $_POST['lname']; $address = $_POST['address']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; $postId = $_POST['id']; if (isset($_POST['submit'])){ if ($_POST['submit'] == 'Save'){ query("INSERT INTO members(fname,lname,address,city,state,zip) VALUES ('$fname','$lname','$address','$city','$state','$zip')"); }else if(isset($_POST['submit'])){ if ($_POST['submit'] == 'Save Edits'){ query("UPDATE members SET fname='$fname',lname='$lname',address='$address',city='$city',state='$state',zip='$zip' WHERE id='$postId'"); } } } if (isset($_GET['action'])){ if ($_GET['action'] == 'delete'){query('DELETE FROM members WHERE id='.$_GET['id']); } else if ($_GET['action'] == 'edit'){ $infos = query("SELECT * FROM members WHERE id=".$_GET['id']); while($info = mysql_fetch_assoc($infos)){ $info_fname = $info['fname']; $info_lname = $info['lname']; $info_address = $info['address']; $info_city = $info['city']; $info_state = $info['state']; $info_zip = $info['zip']; $info_id = $info['id']; print('<form method="POST" action="index.php"> <input type="hidden" name="id" value="'.$info_id.'"/> <table> <tr><td>First Name:</td><td><input type="text" name="fname" value="'.$info_fname.'"/></td></tr> <tr><td>Last Name:</td><td><input type="text" name="lname" value="'.$info_lname.'"/></td></tr> <tr><td>Address:</td><td><input type="text" name="address" value="'.$info_address.'"/></td></tr> <tr><td>City:</td><td><input type="text" name="city" value="'.$info_city.'" /></td></tr> <tr><td>State:</td><td><input type="text" name="state" value="'.$info_state.'" /></td></tr> <tr><td>Zip:</td><td><input type="text" name="zip" value="'.$info_zip.'" /></td></tr></table> <input type="submit" name="submit" value="Save Edits" /> </form>'); } } } ?> <pre> <form method="POST" action="index.php"> <table> <tr><td>First Name:</td><td><input type="text" name="fname" /></td></tr> <tr><td>Last Name:</td><td><input type="text" name="lname" /></td></tr> <tr><td>Address:</td><td><input type="text" name="address" /></td></tr> <tr><td>City:</td><td><input type="text" name="city" /></td></tr> <tr><td>State:</td><td><input type="text" name="state" /></td></tr> <tr><td>Zip:</td><td><input type="text" name="zip" /></td></tr> <tr><td>Comment:</td><td><textarea name="comment" style="border:solid 2px black;"></textarea></td></tr> </table> <input type="submit" name="submit" value="Save" /> </form> </pre> <?php $contacts = query('SELECT * FROM members'); while($contact = mysql_fetch_assoc($contacts)){ print('<div style="float:left; border:thin solid #cccccc; width:25px; clear:both;">'.$contact['id'].'</div> <div style="float:left; border:thin solid #cccccc; width:50px;">'.$contact['fname'].'</div> <div style="float:left; border:thin solid #cccccc; width:100px;">'.$contact['lname'].'</div> <div style="float:left; border:thin solid #cccccc; width:200px;">'.$contact['address'].'</div> <div style="float:left; border:thin solid #cccccc;width:200px;">'.$contact['city'].'</div> <div style="float:left; border:thin solid #cccccc;width:30px;">'.$contact['state'].'</div> <div style="float:left; border:thin solid #cccccc;width:50px;">'.$contact['zip'].'</div> <div style="float:left;border:thin solid #cccccc;"> <a href="index.php?action=delete&id='.$contact['id'].'">Delete</a> - <a href="index.php?action=edit&id='.$contact['id'].'">Edit</a></div>'); } print('<div style="clear:both"></div><br/><br/>'.$mysql_query_error); ?> <br/><br/> </body> </html> The Notices are in the top of the first block: $fname = $_POST['fname']; $lname = $_POST['lname']; $address = $_POST['address']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; $postId = $_POST['id']; What makes these variables an undefined index? Can I also create a variable that I can use for my table ($table) that will be a global variable?

Let me retry this. I know that the post above is a little hard to read. This is the block that has the error. <?php $id = NULL; $name = $_POST['name']; $age = $_POST['age']; $email = $_POST['email']; $comment = $_POST['comment']; if (isset($_POST['submit'])){ if ($_POST['submit'] == 'Save'){ query("INSERT INTO james(name,age,email,comment) VALUES ('$name','$age','$email','$comment')"); }else if ($_POST['submit'] == 'Save Edits'){ query("UPDATE james SET name='$name',age='$age',email='$email',comment='$comment' WHERE id='.$_POST['id']'"); } } if (isset($_GET['action'])){ if ($_GET['action'] == 'delete'){ query('DELETE FROM james WHERE id='.$_GET['id']); } else if ($_GET['action'] == 'edit'){ $infos = query("SELECT * FROM james WHERE id=".$_GET['id']); while($info = mysql_fetch_assoc($infos)){ $info_name = $info['name']; $info_age = $info['age']; $info_email = $info['email']; $info_comment = $info['comment']; $info_id = $info['id']; print('<form method="POST" action="index.php"> Name: <input type="text" name="name" value="'.$info_name.'"/><br/> Age: <input type="text" name="age" value="'.$info_age.'" /><br/> Email: <input type="text" name="email" value="'.$info_email.'" /><br/> Comment: <input type="text" name="comment" value="'.$info_comment.'" /> <input type="submit" name="submit" value="Save Edits" /> </form>'); } } } ?> This is the error I get with this block: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home3/simplic5/public_html/php/index.php on line 62 line 62 is the UPDATE line. The UPDATE WHERE is the line that has the error. When I try and edit an entry I click on edit and my edit form opens with the data in the fields correctly. I make the changes and click "Save Edits" and I get the error. Can anyone help. jmr3460

MySQL version -- MySQL 5.0.51a * the raw MySQL statement in question [query('UPDATE james SET name=$name,age=$age,email=$email,comment=$comment WHERE id=.$_POST['id]);] * any errors that MySQL returns to the client [uPDATE james SET name=$name,age=$age,email=$email,comment=$comment WHERE id= Query failed: error# 1064 -- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1] [i am afraid that the $_POST['id'] is the problem. I am trying this to pick my WHERE id=.] * the table structure & column indexes of the relevant tables [CREATE TABLE james (id INT PRIMARY KEY AUTO_INCREMENT,name VARCHAR,age VARCHAR,email VARCHAR,comment VARCHAR) VALUES(some,values) ] * the EXPLAIN output for your query, if applicable [The statement I am trying to make is to update a beginning of a contact form. The script opens the Database and will INSERT data, DELETE data, it will open an UPDATE form, but when I try to UPDATE the UPDATE form I get the previous error] * a clear and concise description of what you want this statement to achieve UPDATE an UPDATE form] * a description of what it's currently doing that's not to your liking[Not updating form} * a brief listing of the types of things you've attempted so far [i am very new to MySQL, I have only been studying MySQL for a couple of weeks. I only know what I have read in the books and some 30 minutes of video tutorial. I have learned more from this forum that the video tutorial. My ultimate goal is to create some web forms that any old joe can update on their own, and I was hoping to start a contact database for all of my contacts. I am very interested in the Idea of Databases.] I would be very grateful if someone could help me, jmr3460

Hey I got it. if $_POST['submit']; if $_POST['submit'] =='Save'; In the code at first save on the form was with lower case 's'. Basically I changed the case. I am learning. Everything in its own time. Thanks for all the help. This forum if anything has helped me find the solutions. Thanks Again I will also learn where to post, SORRY!

Hey Thanks, That got rid of my syntax issue but Now the form doesn't insert anything. The only way I can insert data into the table is through phpmyadmin. This is a block that helps me see if some happened: <?php $mysql_query_error = ''; function query($mysql_query){ global $mysql_query_error; $data = mysql_query($mysql_query); $mysql_query_error .= $mysql_query.'<br/>'; if (mysql_errno() !=0){ $mysql_query_error .= '<strong>Query failed: error# '.mysql_errno(). ' -- ' .mysql_error().'</strong><br/>'; } return $data; } ?> This is how I am opening the Database and selecting everything in the table: <?php $host = 'localhost'; $username = 'root'; $password = ''; $database ='contacts'; mysql_connect($host, $username, $password); mysql_select_db($database); $first_name = $_POST['fname']; $last_name = $_POST['lname']; $address = $_POST['address']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; if (isset($_POST['submit'])){ if ($_POST['submit'] == 'save'){ mysql_query("INSERT INTO 'contacts'.'members'(fname,lname,address,city,state,zip) VALUES ('$first_name','$last_name','$address','$city','$state','$zip')"); } } ?> I also have another snippet of code that that tells me at the bottom of the page what queries were taken. <?php $contacts = query('SELECT * FROM members'); while($contact = mysql_fetch_assoc($contacts)){ print('<div style="float:left; border:thin solid #cccccc; width:100px; clear:both;">'.$contact['fname'].'</div> <div style="float:left; border:thin solid #cccccc; width:150px;">'.$contact['lname'].'</div> <div style="float:left; border:thin solid #cccccc; width:150px;">'.$contact['address'].'</div> <div style="float:left; border:thin solid #cccccc; width:150px;">'.$contact['city'].'</div> <div style="float:left; border:thin solid #cccccc; width:50px;">'.$contact['state'].'</div> <div style="float:left; border:thin solid #cccccc; width:100px;">'.$contact['zip'].'</div>'); } print('<div style="clear:both"></div><br/><br/>'.$mysql_query_error); ?> Can you tell me why nothing happens on the insert? Again there is no warning now just nothing is inserted. Thanks again for your help, jmr3460

I have been working on this for a little while. I am following instructions on a tutorial I am taking. I have had some trouble with my testing environment, but it is now solved. I installed WAMP 2.0 and now my php and mysql are connecting. I can also edit my index.php page now. I am going slow but sure. I had the same problem on my other test environment (my rented server) anyway, I can't get this line to validate. I listened to the tutorial and I was told that I have to comment out a single quote string if it is inside another single quote string. I am not even sure if this is the problem, but when I move VALUES down to the next line then my problem is shifted down to that line. I am trying to INSERT $_POST[field] into the TABLE members. This is what I have created: <?php if (isset($_POST['submit'])){ if ($_POST['submit'] == 'save'){ query('INSERT INTO members(fname, lname, address, city, state, zip) VALUES (\'$_POST['fname']\', \'$_POST['lname']\', \'$_POST['address']\', \'$_POST['city']\', \'$_POST['state']\', \'$_POST['zip']\')'); } } ?> This is my form: <form method="POST" action="index.php"> <table> <tr><td>First Name:</td><td><input type="text" name="fname" /></td></tr> <tr><td>Last Name:</td><td><input type="text" name="lname" /></td></tr> <tr><td>Address:</td><td><input type="text" name="address" /></td></tr> <tr><td>City:</td><td><input type="text" name="city" /></td></tr> <tr><td>State:</td><td><input type="text" name="state" /></td></tr> <tr><td>Zip Code:</td><td><input type="text" name="zip" /></td></tr> </table> <input type="submit" name="submit" value="Save" /> </form> Sorry for all the mess I am trying to learn this so I can add my own code (if you will) to my web sites. Thanks very much for any help I could get!!! JMR3460

I looked in services and did not see IIS anywhere as being one of the services. I have never turned on IIS. This machine is fairly new (less than a year). If it did get turned on how do I turn it off and where would the index page be stored. I don't see any folders titled www or anything like that in my windows explorer.

*bump*

I just got apache 2.2 and php5 installed on a desktop with XP. This is a good environment to work at home. Sometimes I like to go to the coffee shop and play around. I tried to install apache 2.2 on my vista laptop and it worked good until I tried to edit my index page and it appears that the server is serving a different page that I found in my htdocs folder. My question is where is my index page stored on a vista machine. I should also say that I had this problem earlier and I uninstalled apache, then later after I had success with the XP monster I decided to attack the vista monster. Can someone help me? Thanks in advance, jmr3460