Trying to post updated values to DB and getting "Fatal error: Uncaught TypeError: mysqli_fetch_assoc(): Argument #1 ($result) must be of type mysqli_result, bool given"

[Zserene]

I have a table with a list of users and an edit button and delete button.  When the edit button is pressed on a site it passes the user_id as p_id to the page that catches it and displays the data.  The problem is when I click on the "update user" button, I get the following error:

Warning: Undefined variable $the_user_id in C:\xampp\htdocs\3-19-21(2) - SafetySite\admin\edit_user.php on line 10

Fatal error: Uncaught TypeError: mysqli_fetch_assoc(): Argument #1 ($result) must be of type mysqli_result, bool given in C:\xampp\htdocs\3-19-21(2) - SafetySite\admin\edit_user.php:14 Stack trace: #0 C:\xampp\htdocs\3-19-21(2) - SafetySite\admin\edit_user.php(14): mysqli_fetch_assoc(false) #1 {main} thrown in C:\xampp\htdocs\3-19-21(2) - SafetySite\admin\edit_user.php on line 14

The weird thing is I had another update user page with a table I created that ran the query to update the table in the database just fine.  But as I created it, it didn't look all that great so I recreated the page and used a bootstrap table because of the much cleaner look.  Both pages have the exact same PHP code, the only difference is the bootstrap table I added in.  So I'm really at a loss with this.  Other than the table and PHP code, there is a script at the bottom of the page for the table itself to allow for searching within the table, i'll include that as well.  The PHP code is as follows:

<?php

//THE "p_id" IS BROUGHT OVER FROM THE EDIT BUTTON ON VIEW_ALL_USERS

if (isset($_GET['p_id'])) {

    $the_user_id = $_GET['p_id'];

}

// QUERY TO PULL THE SITE INFORMATION FROM THE p_id THAT WAS PULLED OVER

$query = "SELECT * FROM users WHERE user_id = $the_user_id ";

$select_user = mysqli_query($connection,$query);

//SET VALUES FROM ARRAY TO VARIABLES

while($row = mysqli_fetch_assoc($select_user)) {

    $user_id = $row['user_id'];

    $user_firstname = $row['user_firstname'];

    $user_lastname = $row['user_lastname'];

    $username = $row['username'];

    $user_email = $row['user_email'];

    $user_phone = $row['user_phone'];

    //$user_image = $row['user_image'];

    $user_title_id = $row['user_title_id'];

    $user_role_id = $row['user_role_id'];

   }

THE UPDATE QUERY CODE....................................................................................................................

<?php

if(isset($_POST['update_user'])) {

    $user_id = $_POST['user_id'];

    $user_firstname = $_POST['user_firstname'];

    $user_lastname = $_POST['user_lastname'];

    $username = $_POST['username'];

    $user_email = $_POST['user_email'];

    $user_phone = $_POST['user_phone'];

    //$user_image = $_POST['user_image'];

    $user_title_id = $_POST['user_title_id'];

    $user_role_id = $_POST['user_role_id'];

    

    $query = "UPDATE users SET ";

    $query .= "user_id = '{$user_id}', ";

    $query .= "user_firstname = '{$user_firstname}', ";

    $query .= "user_lastname = '{$user_lastname}', ";

    $query .= "username = '{$username}', ";

    $query .= "user_email = '{$user_email}', ";

    $query .= "user_phone = '{$user_phone}', ";

    //$query .= "user_image = '{$user_image}', ";

    $query .= "user_title_id = '{$user_title_id}', ";

    $query .= "user_role_id = '{$user_role_id}' ";

    $query .= "WHERE user_id = '{$the_user_id}' ";

    $update_user = mysqli_query($connection,$query);

    if(! $update_user) {

        die("QUERY FAILED" . mysqli_error($connection));

    }

}

?>

THE "UPDATE USER" BUTTON THE USER CLICKS ON TO UPDATE....................................................................................................................

<div class="col-1">

<button class="btn btn-primary" type="submit" name="update_user">Update User</button>

</div>

 

Any Help is Greatly Appreciated!

Edited March 23, 2021 by Zserene

[Barand]

Sounds like $_GET['p_id'] doesn't exist so $the_user_id doesn't get defined.

Stop putting user data directly into the query - use prepared queries.

[Zserene]

This is the button on the users page that sets p_id and sends to edit_user:

and then at the top of the "edit_user" page it looks like p_id is pulled over:

The first for statement at the top of the edit_user page is the

if(isset($_GET['p_id'])) {

    $the_user_id = $_GET['p_id'];

Also the page that catches it displays all the user data fine, its only when i got to update it to the DB that it breaks with error.

[Barand]

The errors you posted refer to lines 10 and 14.

Which ones are they in your code?

[Zserene]

<?php

//THE "p_id" IS BROUGHT OVER FROM THE EDIT BUTTON ON VIEW_ALL_USERS

if (isset($_GET['p_id'])) {

    $the_user_id = $_GET['p_id'];

}

// QUERY TO PULL THE SITE INFORMATION FROM THE p_id THAT WAS PULLED OVER

$query = "SELECT * FROM users WHERE user_id = $the_user_id "; ---------------------------------row 10

$select_user = mysqli_query($connection,$query);

//SET VALUES FROM ARRAY TO VARIABLES

while($row = mysqli_fetch_assoc($select_user)) { -------------------------------------------------row 14

    $user_id = $row['user_id'];

    $user_firstname = $row['user_firstname'];

    $user_lastname = $row['user_lastname'];

    $username = $row['username'];

    $user_email = $row['user_email'];

    $user_phone = $row['user_phone'];

    //$user_image = $row['user_image'];

    $user_title_id = $row['user_title_id'];

    $user_role_id = $row['user_role_id'];

   }

[Barand]

Then how are they related to the update query?

[Zserene]

The p_id pulls over data fine.  It's only when I go to update that the error occurs.

$the_user_id is set to the p_id at the top of the code.  It is then used in the "WHERE" statement of the query to update the correct row in the database:

But this code is a duplicate from another page I made, the only difference is on this page I use a bootstrap table, not sure that should make any difference though.  I don't know

The p_id brought over is for user "1" and is set to $the_user_id via:

if(isset($_GET['p_id'])) {

            $the_user_id = $_GET['p_id'];

}

That same variable $the_user_id is then used to define which row to change in the update query.  

[mac_gyver]

the update form isn't propagating the p_id GET value. if you leave the action='...' attribute completely out of the form tag, the browser will automatically include any existing get parameters when the form is submitted.

next, the p_id value is a required input for that page to work. when it isn't present, any dependent code shouldn't be executed and you should instead set up an error message for the user telling them that a required input has not been supplied. either the user reached the page without using an edit link or there's a programming mistake somewhere, i.e. the current problem.

there's actually a lot of unnecessary code/typing in this, making it harder to see the forest for the trees.  some suggestions -

1. don't copy variables to other variables for nothing. just use the original variables. there are 17 current lines of code doing this that don't add any value to what you are doing.
2. don't change the name of things. the p_id is actually the user_id value. you should use user_id throughout the code.
3. as has already been mentioned, use a prepared query when supplying external, unknown, dynamic values to a query and switch to the much simpler PDO extension. a prepared query, while adding only one php statement per query, actually simplifies the sql query syntax, making it easier to produce error free sql queries.
4. don't use a loop to fetch data from a query that will match at most one row. just directly fetch the row. you should also test if a row was fetched or not and set up a message for the user if there was no matching data.
5. don't build a string (the sql query) using a bunch of concatenation statements. just directly build the query as a single string. you can put white-space in an sql query to format it.
6. don't include the user_id column in the SET part of the update query. the user_id is the defining column that identifies each row of data. by including it in the SET part of the query, any intentional or accidental change can produce duplicate values and will break the association with any related data in other tables.
7. post method form processing code should detect if a post method form has been submitted, trim all input data (this can be done with one single php statement operating on the data as a set), then validate all inputs before using them, storing validation errors in an array, using the field name as the array index. if there are no validation errors (the array is empty), use the input data. if there are validation errors (the array is not empty), display them at the appropriate location in the html document when you re-display the form.