PHP and updating mysql database.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
fionaom87
Forum Commoner
Posts: 43
Joined: Mon Feb 02, 2009 10:44 am

PHP and updating mysql database.

Post by fionaom87 »

Hey im trying to update a customer record but seem to be getting the following errors:

Notice: Undefined variable: HTTP_POST_VARS in C:\wamp\www\update1.php on line 4

Warning: Invalid argument supplied for foreach() in C:\wamp\www\update1.php on line 4

Notice: Undefined variable: formVars in C:\wamp\www\update1.php on line 6

Notice: Undefined variable: test in C:\wamp\www\update1.php on line 15

Warning: mysql_close(): supplied argument is not a valid MySQL-Link resource in C:\wamp\www\update1.php on line 15

Here's my code

<?php include 'config.php'; ?> // db connection which is working.
<?php
foreach($HTTP_POST_VARS as $varname => $value) // line 4
$formVars[$varname]=$value;
$query="SELECT * FROM customers WHERE customerid = \"".$formVars["customerid"]."\""; //line 6
$result=mysql_query($query);
$row=mysql_fetch_array($result);
$formVars = array();
$formVars["name"]=$row["name"];
$formVars["address"]=$row["address"];
$formVars["telephoneno"]=$row["telephoneno"];
$formVars["housetype"]=$row["housetype"];
$formVars["customerid"]=$row["customerid"];
mysql_close($test); // line 15
?>



any help would be great.
THanks
User avatar
Ziq
Forum Contributor
Posts: 194
Joined: Mon Aug 25, 2008 12:43 am
Location: Russia, Voronezh

Re: PHP and updating mysql database.

Post by Ziq »

Use 'code' tag if post any code.
Warning: Invalid argument supplied for foreach() in C:\wamp\www\update1.php on line 4
It means that $HTTP_POST_VARS is not array. you should check this first
Warning: mysql_close(): supplied argument is not a valid MySQL-Link resource in C:\wamp\www\update1.php on line 15
This means that $test is not valid MySQL-link. How you set the $test?

Read about error_reporting()

But this code is absolutely bad designed. Why are you using this loop

Code: Select all

 
foreach($HTTP_POST_VARS as $varname => $value) // line 4
$formVars[$varname]=$value;
 
if you use only $formVars["customerid"]?

Warning! This code is not protected from SQL-Injection. It's very dangerous error.
fionaom87
Forum Commoner
Posts: 43
Joined: Mon Feb 02, 2009 10:44 am

Re: PHP and updating mysql database.

Post by fionaom87 »

i fixed my errors but nothing is coming from the database. the fields are coming back blank.



Code: Select all

 
<?php error_reporting (E_ALL ^ E_NOTICE); ?>
<?php include 'config.php'; ?> 
<?php
 
$formVars[$varname]=$value;
$query="SELECT * FROM customers WHERE customerid = \"".$formVars["customerid"]."\"";
$result=mysql_query($query);
$row=mysql_fetch_array($result);
$formVars = array();
$formVars["name"]=$row["name"];
$formVars["address"]=$row["address"];
$formVars["telephoneno"]=$row["telephoneno"];
$formVars["housetype"]=$row["housetype"];
$formVars["customerid"]=$row["customerid"];
mysql_close($con);
?>
<html>
<head>
<title>Update</title>
</head>
<body bgcolor="white">
<form method="post" action="update2.php">
<table>
<col span="1" align="right">
<tr>
<td><font color="blue">Customer Name:</font></td>
<td><input type="text" name="name" 
value="<?php echo $formVars["name"]; ?>" size=100></td>
</tr>
<tr>
<td><font color="blue">Customer Address:</font></td>
<td><input type="text" name="address" 
value="<?php echo $formVars["address"]; ?>" size=100></td>
</tr>
<tr>
<td><font color="blue">Telephone number:</font></td>
<td><input type="text" name="telephoneno" 
value="<?php echo $formVars["telephoneno"]; ?>" size=100></td>
</tr>
<tr>
<td><font color="blue">House Type:</font></td>
<td><input type="text" name="housetype" 
value="<?php echo $formVars["housetype"]; ?>" size=100></td>
</tr>
<tr>
<td><font color="blue">Date:</font></td>
<td><input type="text" name="date" 
value="<?php echo $formVars["date"]; ?>" size=100></td>
</tr>
 
<tr>
<td><font color="blue">Customer ID:</font></td>
<td><input type="text" name="customerid" 
value="<?php echo $formVars["customerid"]; ?>" size=100></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</body>
</html>
 
User avatar
Ziq
Forum Contributor
Posts: 194
Joined: Mon Aug 25, 2008 12:43 am
Location: Russia, Voronezh

Re: PHP and updating mysql database.

Post by Ziq »

Try this

Code: Select all

 
$query="SELECT * FROM customers WHERE customerid = \"".$formVars["customerid"]."\"";
echo $query;
$result=mysql_query($query) or die(mysql_error());
 
Maybe this help you.
fionaom87
Forum Commoner
Posts: 43
Joined: Mon Feb 02, 2009 10:44 am

Re: PHP and updating mysql database.

Post by fionaom87 »

it is now just displaying SELECT * FROM customers WHERE customerid = \"". at the top of my page.


Code: Select all

 
<?php error_reporting (E_ALL ^ E_NOTICE); ?>
<?php include 'config.php'; ?> 
<?php
 
$formVars[$varname]=$value;
 
$query="SELECT * FROM customers WHERE customerid = \"".$formVars["customerid"]."\""; 
echo $query;
$result=mysql_query($query) or die(mysql_error());
 
$row=mysql_fetch_array($result);
$formVars = array();
$formVars["name"]=$row["name"];
$formVars["address"]=$row["address"];
$formVars["telephoneno"]=$row["telephoneno"];
$formVars["housetype"]=$row["housetype"];
$formVars["customerid"]=$row["customerid"];
mysql_close($con);
?>
 
 
User avatar
Ziq
Forum Contributor
Posts: 194
Joined: Mon Aug 25, 2008 12:43 am
Location: Russia, Voronezh

Re: PHP and updating mysql database.

Post by Ziq »

You should read some books first. I'll try to help you.

Code: Select all

 
<?php
//  Here include all files
//...
 
//  This is customerid
$id = intval($_GET['id']);
if (empty($id)) {
    //  Redirect to error page, for example
    exit();
}
 
//  You should use something like mysql_real_escape_string()! but in this case it is not necessary
//  besause $id protected by intval()
$query = 'SELECT name, address, telephoneno, housetype, customerid FROM customers WHERE customerid = '.$id;
$result = mysql_query($query) or die(mysql_error());
//  Why do you use two variable $row and $formVars?
if (mysql_num_rows($result) > 0) {
    $formVars = mysql_fetch_assoc($result);
} else {
    //  Redirect to 404 page
    exit();
}
 
//  If something was submitted
if (isset($_POST['name'])) {
    //  Check input information
    //  ...
    //  If information is valid do something in database.  
}
//  I don't know specific of your project but I think you have to use htmlspecialchars() to protect your project
//  from XSS attack
 
Then if you want to change customer info you can use URL like http://yourproject/update2.php?id=[number]
Number is customerid in your database.

And change this

Code: Select all

 
<form method="post" action="update2.php?id=<?php echo $id; ?>">
 
Post Reply