Please help - stuck with errors

[Johnnyboy123]

Been trying to sort this out for a while now, had an earlier post on this as well yet haven't solved it yet. Code has changed  a bit since then but still giving me trouble and I have a due date for this project is is sneaking up on me.

I am trying edit previously entered information from a table which contains a student's registration information into a form.

 

The previously entered info wont display and I am having numerous errors

 

Here is my code

<?php
if (!isset($_POST['sno'])) 
{
$q = "SELECT * FROM student WHERE sno = " . $_GET['sno'];
$result = mysql_query($q);
$person = mysql_fetch_array($result);
}

?>

<h1> You are editing a student </h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">




<p>Course name:</p>
<select name="input1"> 
<?php
$q = "SELECT cname FROM course ";
$result = mysql_query($q);
WHILE ($course = mysql_fetch_array($result))
{
echo "<OPTION>{$course['cname']}</option>";
}
echo " </SELECT>"
?>
<br>

<p>Surname:</p>
<INPUT TYPE = "text"  name = "input2"value= " <?php echo $person['sname']; ?>" /> 
<br>
<p>Initials:</p>
<INPUT TYPE = "text"  name="input3"value="<?php echo $person['init']; ?>" /> 
<br>
<p>Full First Name:</p>
<INPUT TYPE = "text"  name="input4"value="<?php echo $person['fname']; ?>" /> 
<br>
<p>Title:</p>
<INPUT TYPE = "text"  name="input5"value="<?php echo $person['title']; ?>" /> 
<br>
<p>Maiden or previous surname:</p>
<INPUT TYPE = "text"  name="input6"value="<?php echo $person['msname']; ?>" /> 
<br>
<p>Date of Birth:</p>
<INPUT TYPE = "text"  name="input7"value="<?php echo $person['dob']; ?>" /> 
<br>

<p>Gender:</p>
Male	<input type="radio" name="input8" value="m" />
Female	<input type="radio" name="input8" value="f" /><br/>

<br>
<p>Language</p>
<select name="input9">
<option	>English</option>
<option >Afrikaans</option>
</select>

<br>
<p>Identity Number:</p>
<INPUT TYPE = "text"  name="input10"value="<?php echo $person['id']; ?>" /> 
<br>
<p>Home Telephone Code + Number:</p>
<INPUT TYPE = "text"  name="input11"value="<?php echo $person['telh']; ?>" /> 
<br>
<p>Work Telephone Code + Number:</p>
<INPUT TYPE = "text"  name="input12"value="<?php echo $person['telw']; ?>" /> 
<br>
<p>Cell Phone Number:</p>
<INPUT TYPE = "text"  name="input13"value="<?php echo $person['cel']; ?>" /> 
<br>
<p>Fax Code + Number:</p>
<INPUT TYPE = "text"  name="input14"value="<?php echo $person['fax']; ?>" /> 
<br>
<p>E-mail Address:</p>
<INPUT TYPE = "text"  name="input15"value="<?php echo $person['email']; ?>" /> 
<br>
<p>Postal Address of student:</p>
<textarea name="input16" COLS=50 ROWS=5 /><?php echo $person['address']; ?> </textarea>
<br>


<input type= "hidden" name="sno" value="<?php echo $_GET['sno']; ?>" />
<INPUT TYPE = "Submit" name="submit" VALUE = "Update"/>
</form>

<?php

if(isset($_POST['submit']))
{





$u = "UPDATE student SET 
`cname` = '$_POST[input1]', 
`sname` = '$_POST[input2]', 
`init` = '$_POST[input3]',
`fname` = '$_POST[input4]', 
`title` = '$_POST[input5]',
`msname` = '$_POST[input6]', 
`dob` = '$_POST[input7]', 
`sex` = '$_POST[input8]',
`lang` = '$_POST[input9]', 
`idno` ='$_POST[input10]', 
`telh` = '$_POST[input11]', 
`telw` = '$_POST[input12]',
`cel` = '$_POST[input13]', 
`fax` = '$_POST[input14]',
`email` = '$_POST[input15]',
`address` = '$_POST[input16]' 

WHERE ID = $_POST[sno]";
mysql_query($u) or die(mysql_error());

echo "User has been modified!";
header("Location: index.php");

}
?>

 

The errors are ad followed. When I open the form I get these erros and the fields are blank:

Notice: Undefined index: sno in C:\Program Files\EasyPHP-5.3.3\www\Project\editstudent.php on line 27

 

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\Program Files\EasyPHP-5.3.3\www\Project\editstudent.php on line 29

 

 

When i enter new info and submit it I get these errors:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '

Notice: Undefined index: sno in C:\Program Files\EasyPHP-5.3.' at line 19

 

And my fields contain random code e.g "<br /> <b>Notice</b>:  Undefined variable: person in <b>C:\Program Files\EasyPHP-5.3.3\www\Project\editstudent.php</b> on line <b>97</b><br />"

 

Also I dont know if this would help at all but here's the previous page which contains the code for displaying the students information and allowing to edit it, which links to the edit page

 

<?php
        while ($rows = mysql_fetch_array($query)):
echo "<a href=\"editstudent.php?id=" . $rows['sno'] ."\" > edit </a>";
$sno=$rows['sno'];
$cname=$rows['cname'];
$sname=$rows['sname'];
$fname=$rows['fname'];


echo 
" 
<table border=1px> 
<tr>
<td>$sno</td>

<td>$cname</td>

<td>$sname</td>

<td>$fname</td>


</tr>
</table>" ;

endwhile;
?>	

 

Any help would be greatly appreciated. Thanks in advance for your time and effort.

[Fadion]

When an error occurs at a specific line, you should tell us what that line is. Otherwise it's just guessing.

 

Anyway, when using POST data in a query, the first thing to do would be sanitizing the input. Appart from that, you are writing array indexes wrong.

 

//it's NOT
$_POST[input1];

//it IS (notice the single slashes)
$_POST['input1'];

 

You can make this modifications to your UPDATE query.

 

$sno = mysql_real_escape_string($_POST['sno']);

$input1 = htmlentities($_POST['input1'], ENT_QUOTES);
$input2 = htmlentities($_POST['input2'], ENT_QUOTES);
//and so on for every input

$u = "UPDATE student SET cname='$input1', sname='$input2' WHERE id = $sno"; //add the other inputs to the update

 

As we are here, you can't user header() when headers have already been sent. There's a sticky in this forum that explains it.

[Johnnyboy123]

@ GuiltyGear

 

Thank you for your reply. I made the changes which you suggested. I am still however, getting the same errors. Sorry for not pointing out which lines the errors we're. Here are the errors:

Notice: Undefined index: sno in C:\Program Files\EasyPHP-5.3.3\www\Project\editstudent.php on line 27

 

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\Program Files\EasyPHP-5.3.3\www\Project\editstudent.php on line 29

 

line 27 and 29 would refer to these lines of code:

 

 <?php
if (!isset($_POST['sno']))  //25
{   //26
$q = "SELECT * FROM student WHERE sno = " . $_GET['sno'];    //27
$result = mysql_query($q);   //28
$person = mysql_fetch_array($result);   //29
} //30 ?>

 

Thank you for your help.

 

[fugix]

the notice you are receving is because $_POST['sno'] either doesnt exist or is not set yet..probably because your form wasnt submitted yet... as for the warning..try this

$q = "SELECT * FROM student WHERE sno ='$_GET['sno']'";

[fugix]

also...why do you use $_POST and $_GET for you index of sno?

[PFMaBiSmAd]

Have you looked at the lines where the errors are occurring at and attempted to find why you are getting those errors?

 

Why would $_GET['sno'] be undefined? Are you requesting the page with a ?sno=value on the end of the URL? Shouldn't you validate if it exists and is a number before you execute a query that uses that value? When you request the page without a ?sno=value on the end of the URL, what action do you want your code on the page to take? You have to put in program logic to test for these things and take an appropriate action based on the result of the test. A value was supplied and is a number, execute the query; value wasn't supplied, output a message or display some menu choice and don't execute the query.

 

Validating that $_GET['sno'] is a number (or simply casting it as a number) will also prevent sql injection in that query.

 

Why would the first parameter (there's only one) in the mysql_fetch_array($result) statement not be a resource? Isn't that the result resource from your mysql_query() statement? A mysql_query() statement returns a result resource for a SELECT query that executes without any errors. It returns a FALSE (bool) value for queries that failed due to an error. The error message indicates "boolean given." That would imply that your query failed due to an error, which in this case is due to a sql syntax error because $_GET['sno'] doesn't exist.

[PFMaBiSmAd]

... here's the previous page which contains the code for displaying the students information and allowing to edit it, which links to the edit page

 

I don't see where you are putting a ?sno=value on the end of the URL in that code. I do see where you are putting ?id=value on the end of the URL.

[Johnnyboy123]

@ PFMaBiSmAd

 

Thank you. Very informative. Haha yes I spotted that "?id=value" after reading your first post which made me look at my code and think about what I'm doing. Busy trying to correct this error now when submitting new info

 

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE ID = 28' at line 19"

 

However, it now shows the previously entered values without any errors when I select edit. Which is good progress thanks

[PFMaBiSmAd]

The problem in your query is occurring right before the WHERE.

 

I would output the $u variable as part of the die() statement so that you can see exactly what the query is.

[grissom]

Try this :    (watch the inverted commas carefully)

 

$q = "SELECT * FROM student WHERE sno ='$_GET[sno]' ";

 

or if that is still tying you up in knots, break it down

 

$my_sno = $_GET['sno'];                                                    // this time with inverted commas around the 'sno'

$q = "SELECT * FROM student WHERE sno = '$my_sno' ";

[Johnnyboy123]

Got it sorted Thanks for all the help guys.