dudleylearning Posted December 29, 2016 Share Posted December 29, 2016 Hi All, I'm having a go at making an edit page and have come across a slight problem. I get this error on the edit page when the submit button is pressed: Notice: Undefined index: id this is the script that I have attempted: <?php # display all php errors error_reporting(-1); ini_set('display_errors', 1); # include dbConnection details include '../includes/dbconn.php'; # set form input fields $sql = 'SELECT id, name, email FROM author WHERE id = :id'; $query = $dbConnection->prepare($sql); $query->bindValue(':id', $_POST['id']); $query->execute(); $row = $query->fetch(); $name = $row['name']; $email = $row['email']; $id = $row['id']; # if the form has been posted if (isset($_GET['update_details'])) { $sql = 'UPDATE author SET name = :name, email = :email WHERE id = :id'; $query = $dbConnection->prepare($sql); $query->bindValue(':id', $id); $query->bindValue(':name', $_POST['name']); $query->bindValue(':email', $_POST['email']); $query->execute(); $message = 'Author details successfully updated'; header('Location: index.php?message=' . $message); } ?> the error makes reference to this line: $query->bindValue(':id', $_POST['id']); I can't see where I have gone wrong with it. Any tips on what I should be looking at? Quote Link to comment Share on other sites More sharing options...
benanamen Posted December 29, 2016 Share Posted December 29, 2016 (edited) You have not done any checks to see if the ID exists before you try to use it. You are also not sending the id value when you submit your form. Use a hidden id field in your form to POST the id value when the form is submitted. How are you expecting to get the ID when the form first loads? Are you clicking an "Edit" link? if so, is the ID attached to it as in edit.php?id=myid If so, change POST to GET. $query->bindValue(':id', $_GET['id']); Then in your form set a hidden id field to the value of GET. Then in the script check if the Server request method = POST then do your edit. That is the basics. There is a security consideration that needs to be addressed with the hidden field though. You don't want to allow any user supplied data to be injected directly into your page. I will leave that part for others to tell you about. Edited December 29, 2016 by benanamen Quote Link to comment Share on other sites More sharing options...
dudleylearning Posted December 29, 2016 Author Share Posted December 29, 2016 How are you expecting to get the ID when the form first loads? Are you clicking an "Edit" link? ok, forgot to post that one. There is a link for the user to click on from index.php which then opens the edit page: <form action="edit_author.php" method="post"> <input type="hidden" name="id" value="<?php echo $data['id']; ?>"> <input type="submit" value="Edit"> </form> Quote Link to comment Share on other sites More sharing options...
benanamen Posted December 29, 2016 Share Posted December 29, 2016 (edited) Have you verified $data['id'] actually has a value? Easiest way is to just view the page source in your browser. Your problems may actually start before you even get to the last form you posted Edited December 29, 2016 by benanamen Quote Link to comment Share on other sites More sharing options...
dudleylearning Posted December 29, 2016 Author Share Posted December 29, 2016 Yes it does have data when I inspect it. When I manually change: $query->bindValue(':id', $_POST['id']); to $query->bindValue(':id', 1); I can update record 1 without a problem. Quote Link to comment Share on other sites More sharing options...
benanamen Posted December 29, 2016 Share Posted December 29, 2016 (edited) How did you "inspect it"? Try this and see what happens. If it works when you hard code the value, the problem is before the edit page. if(!empty($_POST['id'])){ # set form input fields $sql = 'SELECT id, name, email FROM author WHERE id = :id'; $query = $dbConnection->prepare($sql); $query->bindValue(':id', $_POST['id']); $query->execute(); $row = $query->fetch(); $name = $row['name']; $email = $row['email']; $id = $row['id']; } else{ echo 'ID is missing'; } Edited December 29, 2016 by benanamen Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted December 29, 2016 Share Posted December 29, 2016 (edited) to get the initial undefined index error, your index.php page probably has nested forms or some invalid markup at some point and isn't submitting a $_POST['id'] value. it's also possible that with all the redirecting you are doing, that you have redirected back around to the edit_author.php page from somewhere else. you should actually do all of this on a single page. it will simplify all the code and markup you are having to write and test. three things - 1) you should actually be using a link or a get method form on the index.php page, since you are determining what data will be gotten and displayed on the edit_author.php page. 2) you must ALWAYS validate the inputs you expect and set up and display error messages when the input isn't present, isn't a valid value or format, or doesn't match any expected data. only use the input value(s) after it has been validated. 3) you need to always have an exit; statement after a header() redirect to prevent the rest of the code on the page from running. this may be the cause of your undefined index error, if the code later on the page or on some other page is redirecting to the edit_author.php page. next, your UPDATE form processing code must first test if a post method form was submitted before trying to use the submitted data, then validate that data before using it. the UPDATE form processing code should come first in the logic flow, then you should retrieve any data for populating the form. you also need to detect if the update form has already been submitted to control if you should retrieve the data for populating the form (if there was a validation error and you re-display the form, you want to populate it with the just submitted data, not the values from the SELECT query.) the easiest way of determining if you should run the SELECT query or not is to use an internal array variable to hold the data being operated on. the UPDATE form processing code would copy the submitted $_POST data to the internal array variable. at the point of running the SELECT query, if the internal array variable is empty, run the SELECT query and retrieve the data into the internal array variable. use the internal array variable as the values you populate the form fields with. it will initially be the values from the SELECT query. after the form has been submitted, it will be the submitted form values. Edited December 29, 2016 by mac_gyver Quote Link to comment Share on other sites More sharing options...
Psycho Posted December 29, 2016 Share Posted December 29, 2016 I would take that a step further. If the value for id is passed - but is NOT the value you think it is, the logic would still attempt to perform the query, but nothing would be returned if there is no matching id. Also, no need to include the id in the select list of values and assign it to a value - since you already have the id. I would suggest trying this: //Debug lines echo "Var dump of POST['id']: " var_dump($_POST['id']); echo "<br>\n"; //Trim the id - if passed, else false $id = isset($_POST['id']) ? trim($_POST['id']) : false; if(empty($_POST['id'])){ echo 'ID is missing'; } else { # set form input fields $sql = 'SELECT id, name, email FROM author WHERE id = :id'; $query = $dbConnection->prepare($sql); $query->bindValue(':id', $_POST['id']); $query->execute(); $row = $query->fetch(); $name = $row['name']; $email = $row['email']; } Quote Link to comment Share on other sites More sharing options...
dudleylearning Posted January 2, 2017 Author Share Posted January 2, 2017 thanks for the tips. I got it working Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.