Jump to content

query with an edit page

dudleylearning

By dudleylearning
in PHP Coding Help

 Share

Recommended Posts

dudleylearning Member

dudleylearning

Posted
Posted

Hi All,

 

I'm having a go at making an edit page and have come across a slight problem. I get this error on the edit page when the submit button is pressed:

Notice: Undefined index: id

this is the script that I have attempted:

<?php
# display all php errors
error_reporting(-1);
ini_set('display_errors', 1);

# include dbConnection details
include '../includes/dbconn.php';

# set form input fields
$sql = 'SELECT id, name, email FROM author WHERE id = :id';
$query = $dbConnection->prepare($sql);
$query->bindValue(':id', $_POST['id']);
$query->execute();
$row = $query->fetch();
$name = $row['name'];
$email = $row['email'];
$id = $row['id'];

# if the form has been posted
if (isset($_GET['update_details']))
{
	$sql = 'UPDATE author SET
	name = :name,
	email = :email
	WHERE id = :id';
	
	$query = $dbConnection->prepare($sql);
	$query->bindValue(':id', $id);
	$query->bindValue(':name', $_POST['name']);
	$query->bindValue(':email', $_POST['email']);
	$query->execute();
	
	$message = 'Author details successfully updated';
	header('Location: index.php?message=' . $message);
}
?>

the error makes reference to this line:

$query->bindValue(':id', $_POST['id']);

I can't see where I have gone wrong with it. Any tips on what I should be looking at?

Link to comment
Share on other sites
benanamen Prolific Member

benanamen

Posted
Posted (edited)

You have not done any checks to see if the ID exists before you try to use it. You are also not sending the id value when you submit your form. Use a hidden id field in your form to POST the id value when the form is submitted.

 

How are you expecting to get the ID when the form first loads? Are you clicking an "Edit" link? if so, is the ID attached to it as in

 

edit.php?id=myid

 

If so, change POST to GET.

$query->bindValue(':id', $_GET['id']);

Then in your form set a hidden id field to the value of GET. Then in the script check if the Server request method = POST then do your edit. That is the basics. There is a security consideration that needs to be addressed with the hidden field though. You don't want to allow any user supplied data to be injected directly into your page. I will leave that part for others to tell you about.

Edited by benanamen
Link to comment
Share on other sites
dudleylearning Member

dudleylearning

Posted
  • Author
Posted

How are you expecting to get the ID when the form first loads? Are you clicking an "Edit" link? 

 

ok, forgot to post that one. There is a link for the user to click on from index.php which then opens the edit page:

<form action="edit_author.php" method="post">
<input type="hidden" name="id" value="<?php echo $data['id']; ?>">
<input type="submit" value="Edit">
</form>
Link to comment
Share on other sites
benanamen Prolific Member

benanamen

Posted
Posted (edited)

How did you "inspect it"?  Try this and see what happens. If it works when you hard code the value, the problem is before the edit page.

if(!empty($_POST['id'])){  

# set form input fields
$sql = 'SELECT id, name, email FROM author WHERE id = :id';
$query = $dbConnection->prepare($sql);
$query->bindValue(':id', $_POST['id']);
$query->execute();
$row = $query->fetch();
$name = $row['name'];
$email = $row['email'];
$id = $row['id'];
}
else{
    echo 'ID is missing';
    }
Edited by benanamen
Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted (edited)

to get the initial undefined index error, your index.php page probably has nested forms or some invalid markup at some point and isn't submitting a $_POST['id'] value. it's also possible that with all the redirecting you are doing, that you have redirected back around to the edit_author.php page from somewhere else. you should actually do all of this on a single page. it will simplify all the code and markup you are having to write and test.

 

three things - 

 

1) you should actually be using a link or a get method form on the index.php page, since you are determining what data will be gotten and displayed on the edit_author.php page.

 

2) you must ALWAYS validate the inputs you expect and set up and display error messages when the input isn't present, isn't a valid value or format, or doesn't match any expected data. only use the input value(s) after it has been validated.

 

3) you need to always have an exit; statement after a header() redirect to prevent the rest of the code on the page from running. this may be the cause of your undefined index error, if the code later on the page or on some other page is redirecting to the edit_author.php page.

 

next, your UPDATE form processing code must first test if a post method form was submitted before trying to use the submitted data, then validate that data before using it.

 

the UPDATE form processing code should come first in the logic flow, then you should retrieve any data for populating the form.

 

you also need to detect if the update form has already been submitted to control if you should retrieve the data for populating the form (if there was a validation error and you re-display the form, you want to populate it with the just submitted data, not the values from the SELECT query.) the easiest way of determining if you should run the SELECT query or not is to use an internal array variable to hold the data being operated on. the UPDATE form processing code would copy the submitted $_POST data to the internal array variable. at the point of running the SELECT query, if the internal array variable is empty, run the SELECT query and retrieve the data into the internal array variable. use the internal array variable as the values you populate the form fields with. it will initially be the values from the SELECT query. after the form has been submitted, it will be the submitted form values.

Edited by mac_gyver
Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

I would take that a step further. If the value for id is passed - but is NOT the value you think it is, the logic would still attempt to perform the query, but nothing would be returned if there is no matching id. Also, no need to include the id in the select list of values and assign it to a value - since you already have the id. I would suggest trying this:

 

//Debug lines
echo "Var dump of POST['id']: "
var_dump($_POST['id']);
echo "<br>\n";
 
//Trim the id - if passed, else false
$id = isset($_POST['id']) ? trim($_POST['id']) : false;
if(empty($_POST['id'])){  
    echo 'ID is missing';
} else {
    # set form input fields
    $sql = 'SELECT id, name, email FROM author WHERE id = :id';
    $query = $dbConnection->prepare($sql);
    $query->bindValue(':id', $_POST['id']);
    $query->execute();
    $row = $query->fetch();
    $name = $row['name'];
    $email = $row['email'];
}
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.