Jump to content

Recommended Posts

<?php
$sql = sprintf("SELECT * FROM `contacts` WHERE `id` = '$checkid'") or die(mysql_error());
$grab = mysql_query($sql);
while ($done = mysql_fetch_assoc($grab)) {
$firstname = $done['firstname'];
$lastname = $done['lastname'];
$address = $done['address'];
$postcode = $done['postcode'];
$email = $done['email'];
$pnumber = $done['pnumber'];
}
die("Sorry, This is not your contact to edit!.");
}
}

?>
<form method="POST" action="<?php $PHP_SELF ?>">
      <p><b>First Name:</b><br><input type="text" name="firstname" size="20" maxlength="255" value="<?php print htmlspecialchars($firstname); ?>" /></p>
      <p><b>Last Name:</b><br><input type="text" name="lastname" size="20" maxlength="255" value="<?php print $lastname ?>" /></p>

      <p><b>Address:</b><br><textarea rows="5" cols="40" name="address" id="$address" value="<?php print $address ?>" ></textarea></p>

      <p><b>Postcode:</b><br><input type="text" name="postcode" size="20" maxlength="255" value="<?php print $postcode ?>" /></p>
      <p><b>Email:</b><br><input type="text" name="email" size="20" maxlength="255" value="<?php print $email ?>" /></p>
      <p><b>Phone Number:</b><br><input type="text" name="pnumber" size="20" maxlength="255" value="<?php print $pnumber ?>" /></p>

      <p><img src="Security/SecureSubmit.php" /></p>

      <p><b>Security Code:</b><br><input name="txtNumber" type="text" id="txtNumber" value="" /></p>
      <p><br><input type="hidden" name="holder" size="20" maxlength="255" value="<?php print $_SESSION['userid']; ?>"/></p>
      <p align="center">
      <input type="submit" name="Edit" value="Submit" />
      <input type="reset" name="reset" value="Reset Form" />
      </p>
      </form>

 

<br /> <b>Notice</b>:  Undefined variable: firstname in <b>C:\xampp\htdocs\family\ContactsView.php</b> on line <b>142</b><br />

 

<br /> <b>Notice</b>:  Undefined variable: lastname in <b>C:\xampp\htdocs\family\ContactsView.php</b> on line <b>143</b><br />

 

<br /> <b>Notice</b>:  Undefined variable: postcode in <b>C:\xampp\htdocs\family\ContactsView.php</b> on line <b>147</b><br />

 

<br /> <b>Notice</b>:  Undefined variable: email in <b>C:\xampp\htdocs\family\ContactsView.php</b> on line <b>148</b><br />

 

<br /> <b>Notice</b>:  Undefined variable: pnumber in <b>C:\xampp\htdocs\family\ContactsView.php</b> on line <b>149</b><br />

 

these are the errors im getting when i view the page (they are inside the text field).

Where does $checkid come from?

 

Sorry my bad didnt post the whole code. . .

 

<?php
if ($_GET['contact'] == "edit") {

$checkid = mysql_real_escape_string(is_numeric($_GET['id']));

$userid = is_numeric($_SESSION['userid']);

$sql = sprintf("SELECT * FROM `contacts` WHERE `id` = '$checkid'") or die(mysql_error());
$grab = mysql_query($sql);
while ($check = mysql_fetch_assoc($grab)) {
$checkidholder = mysql_real_escape_string(is_numeric($check['holder']));
}

if ($checkidholder == '$userid') {

$sql = sprintf("SELECT * FROM `contacts` WHERE `id` = '$checkid'") or die(mysql_error());
$grab = mysql_query($sql);
while ($done = mysql_fetch_assoc($grab)) {
$firstname = $done['firstname'];
$lastname = $done['lastname'];
$address = $done['address'];
$postcode = $done['postcode'];
$email = $done['email'];
$pnumber = $done['pnumber'];
}
die("Sorry, This is not your contact to edit!.");
}
}

?>
<form method="POST" action="<?php $PHP_SELF ?>">
      <p><b>First Name:</b><br><input type="text" name="firstname" size="20" maxlength="255" value="<?php print htmlspecialchars($firstname); ?>" /></p>
      <p><b>Last Name:</b><br><input type="text" name="lastname" size="20" maxlength="255" value="<?php print $lastname ?>" /></p>

      <p><b>Address:</b><br><textarea rows="5" cols="40" name="address" id="$address" value="<?php print $address ?>" ></textarea></p>

      <p><b>Postcode:</b><br><input type="text" name="postcode" size="20" maxlength="255" value="<?php print $postcode ?>" /></p>
      <p><b>Email:</b><br><input type="text" name="email" size="20" maxlength="255" value="<?php print $email ?>" /></p>
      <p><b>Phone Number:</b><br><input type="text" name="pnumber" size="20" maxlength="255" value="<?php print $pnumber ?>" /></p>

      <p><img src="Security/SecureSubmit.php" /></p>

      <p><b>Security Code:</b><br><input name="txtNumber" type="text" id="txtNumber" value="" /></p>
      <p><br><input type="hidden" name="holder" size="20" maxlength="255" value="<?php print $_SESSION['userid']; ?>"/></p>
      <p align="center">
      <input type="submit" name="Edit" value="Submit" />
      <input type="reset" name="reset" value="Reset Form" />
      </p>
      </form>

You know when you assign something to another variable that has "is_numeric()" invoked on it, it will return a boolean.

 

 

$userid = is_numeric($_SESSION['userid']);

 

^ That line proably assigns TRUE to $userid.

 

So you may want to check the variable if they're numeric then assign the actually value to the variable.

 

As far as your error I get this line isn't true:

 

if ($checkidholder == '$userid') {

 

because the variables that are used in your input fields don't have values, so this if block never executes.

You know when you assign something to another variable that has "is_numeric()" invoked on it, it will return a boolean.

 

 

$userid = is_numeric($_SESSION['userid']);

 

^ That line proably assigns TRUE to $userid.

 

So you may want to check the variable if they're numeric then assign the actually value to the variable.

 

As far as your error I get this line isn't true:

 

if ($checkidholder == '$userid') {

 

because the variables that are used in your input fields don't have values, so this if block never executes.

 

what do you mean ?

Like I said, I believe this if statement is failing because none of the variables are being assigned anything and that's why it's throwing all those errors.

 

Check to make sure this if succeeds by echoing something right below it.

 

if ($checkidholder == $userid) {
  echo "*** WORKS ***";
  //rest of code
  .
  .
  .
}

Like I said, I believe this if statement is failing because none of the variables are being assigned anything and that's why it's throwing all those errors.

 

Check to make sure this if succeeds by echoing something right below it.

 

if ($checkidholder == $userid) {
  echo "*** WORKS ***";
  //rest of code
  .
  .
  .
}

 

your right the if statment isnt working :S, i got no print out :S

Like I said, I believe this if statement is failing because none of the variables are being assigned anything and that's why it's throwing all those errors.

 

Check to make sure this if succeeds by echoing something right below it.

 

if ($checkidholder == $userid) {
  echo "*** WORKS ***";
  //rest of code
  .
  .
  .
}

 

your right the if statment isnt working :S, i got no print out :S

 

what IF statment would i use that will work ?

Go through your code and figure out the logic of why the IF statement is even there.  It is then you'll find out the appropriate IF statement.

 

i dont quite follow :S

 

here's the whole page. . . . .

 

<?php session_start();

ini_set('display_errors', 1);
error_reporting(E_ALL);

include 'Database/Connection.php';
include 'Database/Utility.php';

isloggedin();
accessneeded("C");

if (isset($_POST['Add'])) {

$id = 1;
			$checkid="SELECT * FROM contacts WHERE id='$id'";
			$checkidresult = mysql_query($checkid);

			while(mysql_num_rows($checkidresult) > 0)
			{
				$id = $id + 1;
				$checkid="SELECT * FROM menu WHERE id='$id'";
				$checkidresult = mysql_query($checkid);
			}	

  $holder     = mysql_real_escape_string($_POST['holder']);
  $firstname  = mysql_real_escape_string($_POST['firstname']);
  $firstname  = ereg_replace(" ", "", $firstname); 
  $lastname   = mysql_real_escape_string($_POST['lastname']);
  $lastname   = ereg_replace(" ", "", $lastname); 
  $address    = mysql_real_escape_string($_POST['address']);
  $postcode   = mysql_real_escape_string($_POST['postcode']);
  $email      = mysql_real_escape_string($_POST['email']);
  $email      = ereg_replace(" ", "", $email); 
  $pnumber    = mysql_real_escape_string(is_numeric($_POST['pnumber']));
  $pnumber    = ereg_replace(" ", "", $pnumber); 
  $number     = mysql_real_escape_string($_POST['txtNumber']);

  if($holder && $firstname && $lastname && $address && $postcode && $email && $pnumber) {
    $_name = "/^[-!#$%&\'*+\\.\/0-9=?A-Z^`{|}~]+";
    $_host = "([-0-9A-Z]+\.)+";
    $_tlds = "([0-9A-Z]){2,4}$/i";
     
    if( !preg_match($_name."@".$_host.$_tlds,$email) ){
      echo "<div align=\"center\">The email you entered is of invalid format.</div>";
         include("ContactsControl.php?contact=Add");
         die();
    }

    if (md5($number) == $_SESSION['image_random_value']) {

      $sql = "INSERT INTO `contacts` (`holder`, `firstname`, `lastname`, `address`, `postcode`, `email`, `pnumber`) VALUES('$holder', '$firstname', '$lastname', '$address', '$postcode', '$email', '$pnumber')";
      mysql_query($sql) or die(mysql_error());
      header('Location: ContactsView.php?contact=view');
    }
  }
}


if ($_GET['contact'] == "view") {

print "|| <a href='ContactsView.php?contact=add'><img src='Security/PhotoProcess.php?picname=btnadd' border='0'>Add New Contact</a> || <br> || <a href='ContactsView.php?contact=delete'><img src='Security/PhotoProcess.php?picname=btndel' border='0'>Delete A Contact</a> || <br> || <a href='ContactsView.php?contact=editpro'><img src='Security/PhotoProcess.php?picname=btnedit' border='0'>Edit A Contact</a> ||<hr>";

$userid = $_SESSION['userid'];

$count = 0;
$query = mysql_query(sprintf("SELECT * FROM contacts WHERE holder = '$userid'")) or die(mysql_error()); 
while ($row = mysql_fetch_object($query)) {
if ($count!=0){echo "<hr>";}

print "First Name: <font color='red'>$row->firstname<br></font>Last Name: <font color='red'>$row->lastname<br></font>Address: <font color='red'>$row->address<br></font>Postcode: <font color='red'>$row->postcode<br></font>Email: <font color='red'>$row->email<br></font>Phone Number: <font color=red>$row->pnumber<br></font>";

$count++;
}
}
if ($_GET['contact'] == "add") {
?>
      <form method="POST" action="<?php $PHP_SELF ?>">
      <p><b>First Name:</b><br><input type="text" name="firstname" size="20" maxlength="255" /></p>
      <p><b>Last Name:</b><br><input type="text" name="lastname" size="20" maxlength="255" /></p>

      <p><b>Address:</b><br><textarea rows="5" cols="40" name="address" id="$address"></textarea></p>

      <p><b>Postcode:</b><br><input type="text" name="postcode" size="20" maxlength="255" /></p>
      <p><b>Email:</b><br><input type="text" name="email" size="20" maxlength="255" /></p>
      <p><b>Phone Number:</b><br><input type="text" name="pnumber" size="20" maxlength="255" /></p>

      <p><img src="Security/SecureSubmit.php" /></p>

      <p><b>Security Code:</b><br><input name="txtNumber" type="text" id="txtNumber" value="" /></p>
      <p><br><input type="hidden" name="holder" size="20" maxlength="255" value="<?php print $_SESSION['userid']; ?>"/></p>
      <p align="center">
      <input type="submit" name="Add" value="Submit" />
      <input type="reset" name="reset" value="Reset Form" />
      </p>
      </form>
<?php 
}
if ($_GET['contact'] == "editpro") {

$userid = is_numeric($_SESSION['userid']);

$count = 0;
$query = mysql_query(sprintf("SELECT * FROM contacts WHERE holder = '$userid'")) or die(mysql_error()); 
while ($row = mysql_fetch_object($query)) {
if ($count!=0){echo "<hr>";}

print "First Name: <font color='red'>$row->firstname<br></font>Last Name: <font color='red'>$row->lastname<br></font>Address: <font color='red'>$row->address<br></font>Postcode: <font color='red'>$row->postcode<br></font>Email: <font color='red'>$row->email<br></font>Phone Number: <font color=red>$row->pnumber<br></font><a href='ContactsView.php?contact=edit&contactid=$row->id'><img src='Security/PhotoProcess.php?picname=btnedit' border='0'>Edit This Contact</a>";

$count++;
}
}
if ($_GET['contact'] == "edit") {

$checkid = mysql_real_escape_string(is_numeric($_GET['id']));

$userid = $_SESSION['userid'];

$sql = sprintf("SELECT * FROM `contacts` WHERE `id` = '$checkid'") or die(mysql_error());
$grab = mysql_query($sql);
while ($check = mysql_fetch_assoc($grab)) {
$checkidholder = mysql_real_escape_string(is_numeric($check['holder']));
}

if ($userid == $checkidholder) {

$sql = sprintf("SELECT * FROM `contacts` WHERE `id` = '$checkid'") or die(mysql_error());
$grab = mysql_query($sql);
while ($done = mysql_fetch_assoc($grab)) {
$firstname = $done['firstname'];
$lastname = $done['lastname'];
$address = $done['address'];
$postcode = $done['postcode'];
$email = $done['email'];
$pnumber = $done['pnumber'];
}
die("Sorry, This is not your contact to edit!.");
}
}
?>
<form method="POST" action="<?php $PHP_SELF ?>">
      <p><b>First Name:</b><br><input type="text" name="firstname" size="20" maxlength="255" value="<?php print htmlspecialchars($firstname); ?>" /></p>
      <p><b>Last Name:</b><br><input type="text" name="lastname" size="20" maxlength="255" value="<?php print $lastname ?>" /></p>

      <p><b>Address:</b><br><textarea rows="5" cols="40" name="address" id="$address" value="<?php print $address ?>" ></textarea></p>

      <p><b>Postcode:</b><br><input type="text" name="postcode" size="20" maxlength="255" value="<?php print $postcode ?>" /></p>
      <p><b>Email:</b><br><input type="text" name="email" size="20" maxlength="255" value="<?php print $email ?>" /></p>
      <p><b>Phone Number:</b><br><input type="text" name="pnumber" size="20" maxlength="255" value="<?php print $pnumber ?>" /></p>

      <p><img src="Security/SecureSubmit.php" /></p>

      <p><b>Security Code:</b><br><input name="txtNumber" type="text" id="txtNumber" value="" /></p>
      <p><br><input type="hidden" name="holder" size="20" maxlength="255" value="<?php print $_SESSION['userid']; ?>"/></p>
      <p align="center">
      <input type="submit" name="Edit" value="Submit" />
      <input type="reset" name="reset" value="Reset Form" />
      </p>
      </form>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.