"if there is a an "id" value present in URL"

[safety]

Hello. I'm trying to get this to work, however it only ever runs the "else" bit of code. Even if there is a value for id.

 

So if I'm at say... mysite.com/admin.php?page=addentry&id=5 then it still creates a new entry, instead of updating the existing one

 

	// If there is an "id" present in url
// Edit an existing entry
if(isset($_GET['id']))
{
	$sql = "UPDATE news
			SET title=?, entry=?
			WHERE id=?
			LIMIT 1";
	$stmt = $db->prepare($sql);
	$stmt->execute(
			array(
					$_POST['title'],
					$_POST['entry'],
					$_POST['id']
			)
	);
	$stmt->closeCursor();
}

else{

// Save a new entry into the database
$sql = "INSERT INTO news (title, entry) VALUES (?, ?)";
$stmt = $db->prepare($sql);
$stmt->execute(
array($_POST['title'],$_POST['entry'])
);
$stmt->closeCursor();
// Sanitize the page information for use in the success URL
$page = htmlentities(strip_tags($_POST['page']));
// Get the ID of the entry we just saved
$id_obj = $db->query("SELECT LAST_INSERT_ID()");
$id = $id_obj->fetch();
$id_obj->closeCursor();

}

 

my guess is my "if" condition isn't set up right, but I can't see how.

Any words of wisdom guys?

[safety]

probably worth adding that this code is in a separate file update.inc.php and the page i'm on hasa form

<form method="post" action="inc/update.inc.php">

would this have something to do with it?

[jazzman1]

You cannot execute the script in way what you wrote.

Where is bind_param(). It's wrong :

$stmt->execute(
array(

$_POST['title'],
$_POST['entry'],
$_POST['id']
)

);

 

Also, don't repeat the same code multiple times in your if , else statements.

 

[safety]

you mean I can't run the script in a <form action=""> scenario? It does run the script fine, it's just always adding a new entry instead of updating the current entry.

 

I'm not sure what you mean by bind_param()

 

when you say don't repeat things, should i instead have the repeated lines in a variable or something?

 

EDIT: or would it be best adding the repeated lines underneath the if/else statement?

[jazzman1]

I've never seen before on the web someone to use execute() in this way. I always follow the manual of php.net -> http://php.net/manual/en/mysqli-stmt.execute.php

About the second question, you don't have to repeat $stmt = $db->prepare($sql),  $stmt->close(), $stmt->bind_param() and $stmt->execute()

To build a bind_param dynamically, you could use a wonderful php function for me named call_user_func_array(). There is a lot of resources on the web.

 

Last one(update statement) never runs properly maybe you don't send any data from $_POST['title'], $_POST['entry'] and  $_POST['id'] .

The url below comes just from anchor tag or from form action attribute?   

mysite.com/admin.php?page=addentry&id=5

 

i highly recommend you to start from the manual  of php.net.

[DavidAM]

if(isset($_GET['id']))

 

is looking for the id value to be in the URL.

 

<form method="post" action="inc/update.inc.php">

 

does NOT have an id value in the URL, so there will be no $_GET['id']

 

Perhaps, your if test should be checking $_POST. However, if there is an "id" field on the form, then isset() will return true, even if it is blank. You may need to check it for empty as well:

 

if ( (isset($_POST['id'])) and (! empty($_POST['id'])) )

 

[safety]

thanks I changed my if to look for $_POST['id']

 

I made a hidden input on my form

<input type="hidden" name="id" value="<?php echo $id ?>" />

 

This worked since i set the value for ID previously either to be the one in the URL or to NULL

 

if(isset($_GET['id']))
				{
					// Save each entry field as individual variables
					$id = $e['id'];
					$title = $e['title'];
					$entry = $e['entry'];
				}
				//if id not present leave form blank
				else{
				$id = NULL;
				$title= NULL;
				$entry = NULL;
				}

 

Thanks for all the help