CrownVictoriaCop Posted October 21, 2009 Share Posted October 21, 2009 This is my code for a PHP page. <?php $SID = $_POST['id']; mysql_connect("localhost","safetyfi_secure","hidden") or die("Error: ".mysqlerror()); mysql_select_db("safetyfi_students"); while ($row = mysql_fetch_array("select * from Students where ID = $SID")){ $id = $row['ID']; $studentname = $row['StudentName']; $parentfirstname = $row['ParentFirstName']; $lastname = $row['ParentLastName']; $class = $row['Class']; $address = $row['Address']; $city = $row['City']; $state = $row['State']; $zip = $row['ZIP']; $phone = $row['Phone']; $school = $row['School']; $birthmonth = $row['BirthMonth']; $birthday = $row['BirthDay']; $birthyear = $row['BirthYear']; $paymentmethod = $row['PaymentMethod']; } mysql_free_result($query); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>ODISM Instructor Control Panel</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" type="text/css" href="styles.css" /> <link rel="stylesheet" href="menu.css" type="text/css" /> <script type="text/javascript"> <!-- function MM_validateForm() { //v4.0 if (document.getElementById){ var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments; for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]); if (val) { nm=val.name; if ((val=val.value)!="") { if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@'); if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n'; } else if (test!='R') { num = parseFloat(val); if (isNaN(val)) errors+='- '+nm+' must contain a number.\n'; if (test.indexOf('inRange') != -1) { p=test.indexOf(':'); min=test.substring(8,p); max=test.substring(p+1); if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n'; } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; } } if (errors) alert('The following error(s) occurred:\n'+errors); document.MM_returnValue = (errors == ''); } } //--> </script> </head> <body> <!-- Begin Wrapper --> <div id="wrapper"> <!-- Begin Header --> <div id="header"> <h1><img src="banner.png" width="907" height="100" alt="Imponente Web Services" /></h1> </div> <!-- End Header --> <!-- Begin Left Column --> <div id="leftcolumn"> <div align="center"><font size="4">Student Management</font><br /> </div> <div id="menu"> <ul> <li><a href="directory.php">List Students</a></li> <li><a href="addstudent.php">Add Student</a></li> <li><a href="editstudent.php">Edit Student</a></li> <li><a href="deletestudent.php">Delete Student</a></li> </ul> </div></div> <!-- End Left Column --> <!-- Begin Content Column --> <div id="content"> <p>Edit Student</p> <br /> <p>The student record is displayed below for you to edit.</p> <br /> <form action="updateinfo.php" method="post"> <p>Student's First Name: <input type="text" value="<?php echo $studentname;?>" name="studentname"/><br /> Parent's First Name: <input type="text" value="<?php echo $parentfirstname;?>" name="parentfirstname"/><br /> Parent's Last Name: <input type="text" value="<?php echo $lastname;?>" name="lastname"/><br /> Phone Number: <input type="text" value="<?php echo $phone;?>" name="phone"/><br /> Class: <input type="text" value="<?php echo $class;?>" name="class"/><br /> Address: <input type="text" value="<?php echo $address;?>" name="address"/><br /> City: <input type="text" value="<?php echo $city;?>" name="city"/> <br /> State: <input type="text" value="<?php echo $state;?>" name="state"/><br /> Zip: <input type="text" value="<?php echo $zip;?>" name="state"/><br /> DOB: <input name="state" type="text" value="<?php echo $birthmonth;?>" size="20"/> <input name="state" type="text" value="<?php echo $birthday;?>" size="5"/> <input name="state" type="text" value="<?php echo $birthyear;?>" size="5"/><br> School: <input name="state" type="text" value="<?php echo $school;?>" /><br /> <input name="submit" type="submit" value="Edit Student" /> </form> </p> </div> <!-- End Content Column --> <!-- Begin Right Column --> <div id="rightcolumn"> <div align="center"><font size="4">Other Tools</font><br /> <div id="menu"> <ul> <li><a href="email.php">Email Developer</a></li> <li><a href="http://www.paypal.com">PayPal Management</a></li> </ul> </div> </div> <p> </p> </p> </div> <hr noshade> <!-- End Right Column --> <!-- Begin Footer --> <div id="footer"><b><font color="white">Online Driving School Management 2.00</font></b></div> <!-- End Footer --> </div> <!-- End Wrapper --> </body> </html> Getting the following errors Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home2/safetyfi/public_html/secure/managementv2/editinfo.php on line 8 Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home2/safetyfi/public_html/secure/managementv2/editinfo.php on line 27 Can anyone tell me what is wrong? Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 21, 2009 Share Posted October 21, 2009 Most common reason for this error message is an error with your query. Try echoing mysql_error In your case you're not running query at all... See mysql_query Quote Link to comment Share on other sites More sharing options...
cags Posted October 21, 2009 Share Posted October 21, 2009 Mchl is certainly correct with the easiest method to diagnose the problem. But I can go one step further... mysql_fetch_array expects the argument passed to it to be the result of a successfull cal to mysql_query, but you are just passing it a query string. You want something more like this... $result = mysql_query("select * from Students where ID = $SID"); while ($row = mysql_fetch_array($result)){ Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 21, 2009 Share Posted October 21, 2009 In fact mysql_error would not help here at all, as there was no query sent to server Quote Link to comment Share on other sites More sharing options...
cags Posted October 21, 2009 Share Posted October 21, 2009 lol, oh yes, good point. Quote Link to comment Share on other sites More sharing options...
Jaguar Posted October 21, 2009 Share Posted October 21, 2009 Also you just FYI you should use $SID = mysql_escape_real_string($SID); Your script right now would be very easy to exploit. Someone could drop/delete your students table. Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 21, 2009 Share Posted October 21, 2009 Actually this reminds me of... And the function after or in line 5 is called mysql_error() not mysqlerror() Quote Link to comment Share on other sites More sharing options...
CrownVictoriaCop Posted October 21, 2009 Author Share Posted October 21, 2009 Thanks guys for your advice. Here's my new code: <?php $SID = $_POST['id']; mysql_connect("localhost","safetyfi_secure","hidden") or die("Error: ".mysql_error()); mysql_select_db("safetyfi_students"); $result = mysql_query("select * from Students where ID = $SID"); while ($row = mysql_fetch_array($result)){ $id = $row['ID']; $studentname = $row['StudentName']; $parentfirstname = $row['ParentFirstName']; $lastname = $row['ParentLastName']; $class = $row['Class']; $address = $row['Address']; $city = $row['City']; $state = $row['State']; $zip = $row['ZIP']; $phone = $row['Phone']; $school = $row['School']; $birthmonth = $row['BirthMonth']; $birthday = $row['BirthDay']; $birthyear = $row['BirthYear']; $paymentmethod = $row['PaymentMethod']; } mysql_free_result($result); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>ODISM Instructor Control Panel</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" type="text/css" href="styles.css" /> <link rel="stylesheet" href="menu.css" type="text/css" /> <script type="text/javascript"> <!-- function MM_validateForm() { //v4.0 if (document.getElementById){ var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments; for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]); if (val) { nm=val.name; if ((val=val.value)!="") { if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@'); if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n'; } else if (test!='R') { num = parseFloat(val); if (isNaN(val)) errors+='- '+nm+' must contain a number.\n'; if (test.indexOf('inRange') != -1) { p=test.indexOf(':'); min=test.substring(8,p); max=test.substring(p+1); if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n'; } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; } } if (errors) alert('The following error(s) occurred:\n'+errors); document.MM_returnValue = (errors == ''); } } //--> </script> </head> <body> <!-- Begin Wrapper --> <div id="wrapper"> <!-- Begin Header --> <div id="header"> <h1><img src="banner.png" width="907" height="100" alt="Imponente Web Services" /></h1> </div> <!-- End Header --> <!-- Begin Left Column --> <div id="leftcolumn"> <div align="center"><font size="4">Student Management</font><br /> </div> <div id="menu"> <ul> <li><a href="directory.php">List Students</a></li> <li><a href="addstudent.php">Add Student</a></li> <li><a href="editstudent.php">Edit Student</a></li> <li><a href="deletestudent.php">Delete Student</a></li> </ul> </div></div> <!-- End Left Column --> <!-- Begin Content Column --> <div id="content"> <p>Edit Student</p> <br /> <p>The student record is displayed below for you to edit.</p> <br /> <form action="updateinfo.php" method="post"> <p>Student's First Name: <input type="text" value="<?php echo $studentname;?>" name="studentname"/><br /> Parent's First Name: <input type="text" value="<?php echo $parentfirstname;?>" name="parentfirstname"/><br /> Parent's Last Name: <input type="text" value="<?php echo $lastname;?>" name="lastname"/><br /> Phone Number: <input type="text" value="<?php echo $phone;?>" name="phone"/><br /> Class: <input type="text" value="<?php echo $class;?>" name="class"/><br /> Address: <input type="text" value="<?php echo $address;?>" name="address"/><br /> City: <input type="text" value="<?php echo $city;?>" name="city"/> <br /> State: <input type="text" value="<?php echo $state;?>" name="state"/><br /> Zip: <input type="text" value="<?php echo $zip;?>" name="state"/><br /> DOB: <input name="state" type="text" value="<?php echo $birthmonth;?>" size="20"/> <input name="state" type="text" value="<?php echo $birthday;?>" size="5"/> <input name="state" type="text" value="<?php echo $birthyear;?>" size="5"/><br> School: <input name="state" type="text" value="<?php echo $school;?>" /><br /> <input name="submit" type="submit" value="Edit Student" /> </form> </p> </div> <!-- End Content Column --> <!-- Begin Right Column --> <div id="rightcolumn"> <div align="center"><font size="4">Other Tools</font><br /> <div id="menu"> <ul> <li><a href="email.php">Email Developer</a></li> <li><a href="http://www.paypal.com">PayPal Management</a></li> </ul> </div> </div> <p> </p> </p> </div> <hr noshade> <!-- End Right Column --> <!-- Begin Footer --> <div id="footer"><b><font color="white">Online Driving School Management 2.00</font></b></div> <!-- End Footer --> </div> <!-- End Wrapper --> </body> </html> But I'm still getting the same errors Quote Link to comment Share on other sites More sharing options...
cags Posted October 21, 2009 Share Posted October 21, 2009 Try replacing... $result = mysql_query("select * from Students where ID = $SID"); ... with... $sql = "select * from Students where ID = $SID"; $result = mysql_query($sql) or trigger_error("SQL: $sql, ERROR: " . mysql_error(), E_USER_ERROR); Quote Link to comment Share on other sites More sharing options...
CrownVictoriaCop Posted October 21, 2009 Author Share Posted October 21, 2009 Try replacing... $result = mysql_query("select * from Students where ID = $SID"); ... with... $sql = "select * from Students where ID = $SID"; $result = mysql_query($sql) or trigger_error("SQL: $sql, ERROR: " . mysql_error(), E_USER_ERROR); Doing this brings the up the error Fatal error: SQL: select * from Students where ID = , ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 in /home2/safetyfi/public_html/secure/managementv2/editinfo.php on line 9 Quote Link to comment Share on other sites More sharing options...
cags Posted October 21, 2009 Share Posted October 21, 2009 $SID has no value. Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 21, 2009 Share Posted October 21, 2009 Which in turn means $_POST['id'] has no value. There might be a problem with the form you're using to pass information to this script. Quote Link to comment Share on other sites More sharing options...
CrownVictoriaCop Posted October 21, 2009 Author Share Posted October 21, 2009 Hmmm...here's the form I am using. <form action="editinfo.php"> Student ID: <input name="id" type="text" > <input type="submit"> </form> Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 21, 2009 Share Posted October 21, 2009 Change <form action="editinfo.php"> to <form action="editinfo.php" method="post"> Quote Link to comment Share on other sites More sharing options...
cags Posted October 21, 2009 Share Posted October 21, 2009 <form action="editinfo.php" method="post"> Edit: d'oh Quote Link to comment Share on other sites More sharing options...
CrownVictoriaCop Posted October 21, 2009 Author Share Posted October 21, 2009 It works! Thank you guys so much! You guys deserve something in return for this. One thing is for sure - I'll never use Dreamweaver's form generator again - it didn't put my post method in for some reason. Thank you, thank you, thank you! Anthony Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 21, 2009 Share Posted October 21, 2009 Just remember to use mysql_real_escape_string on $SID. Quote Link to comment Share on other sites More sharing options...
CrownVictoriaCop Posted October 21, 2009 Author Share Posted October 21, 2009 I'll be sure to do that. It's for an administration area, though, that is secured by 401 authorization. Quote Link to comment Share on other sites More sharing options...
Mchl Posted October 21, 2009 Share Posted October 21, 2009 Costs you nothing and adds another layer of security. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.