Page 1 of 1
PHP and updating mysql database.
Posted: Mon Feb 09, 2009 1:50 pm
by fionaom87
Hey im trying to update a customer record but seem to be getting the following errors:
Notice: Undefined variable: HTTP_POST_VARS in C:\wamp\www\update1.php on line 4
Warning: Invalid argument supplied for foreach() in C:\wamp\www\update1.php on line 4
Notice: Undefined variable: formVars in C:\wamp\www\update1.php on line 6
Notice: Undefined variable: test in C:\wamp\www\update1.php on line 15
Warning: mysql_close(): supplied argument is not a valid MySQL-Link resource in C:\wamp\www\update1.php on line 15
Here's my code
<?php include 'config.php'; ?> // db connection which is working.
<?php
foreach($HTTP_POST_VARS as $varname => $value) // line 4
$formVars[$varname]=$value;
$query="SELECT * FROM customers WHERE customerid = \"".$formVars["customerid"]."\""; //line 6
$result=mysql_query($query);
$row=mysql_fetch_array($result);
$formVars = array();
$formVars["name"]=$row["name"];
$formVars["address"]=$row["address"];
$formVars["telephoneno"]=$row["telephoneno"];
$formVars["housetype"]=$row["housetype"];
$formVars["customerid"]=$row["customerid"];
mysql_close($test); // line 15
?>
any help would be great.
THanks
Re: PHP and updating mysql database.
Posted: Mon Feb 09, 2009 2:16 pm
by Ziq
Use 'code' tag if post any code.
Warning: Invalid argument supplied for foreach() in C:\wamp\www\update1.php on line 4
It means that $HTTP_POST_VARS is not array. you should check this first
Warning: mysql_close(): supplied argument is not a valid MySQL-Link resource in C:\wamp\www\update1.php on line 15
This means that $test is not valid MySQL-link. How you set the $test?
Read about
error_reporting()
But this code is absolutely bad designed. Why are you using this loop
Code: Select all
foreach($HTTP_POST_VARS as $varname => $value) // line 4
$formVars[$varname]=$value;
if you use only $formVars["customerid"]?
Warning! This code is not protected from SQL-Injection. It's very dangerous error.
Re: PHP and updating mysql database.
Posted: Mon Feb 09, 2009 2:27 pm
by fionaom87
i fixed my errors but nothing is coming from the database. the fields are coming back blank.
Code: Select all
<?php error_reporting (E_ALL ^ E_NOTICE); ?>
<?php include 'config.php'; ?>
<?php
$formVars[$varname]=$value;
$query="SELECT * FROM customers WHERE customerid = \"".$formVars["customerid"]."\"";
$result=mysql_query($query);
$row=mysql_fetch_array($result);
$formVars = array();
$formVars["name"]=$row["name"];
$formVars["address"]=$row["address"];
$formVars["telephoneno"]=$row["telephoneno"];
$formVars["housetype"]=$row["housetype"];
$formVars["customerid"]=$row["customerid"];
mysql_close($con);
?>
<html>
<head>
<title>Update</title>
</head>
<body bgcolor="white">
<form method="post" action="update2.php">
<table>
<col span="1" align="right">
<tr>
<td><font color="blue">Customer Name:</font></td>
<td><input type="text" name="name"
value="<?php echo $formVars["name"]; ?>" size=100></td>
</tr>
<tr>
<td><font color="blue">Customer Address:</font></td>
<td><input type="text" name="address"
value="<?php echo $formVars["address"]; ?>" size=100></td>
</tr>
<tr>
<td><font color="blue">Telephone number:</font></td>
<td><input type="text" name="telephoneno"
value="<?php echo $formVars["telephoneno"]; ?>" size=100></td>
</tr>
<tr>
<td><font color="blue">House Type:</font></td>
<td><input type="text" name="housetype"
value="<?php echo $formVars["housetype"]; ?>" size=100></td>
</tr>
<tr>
<td><font color="blue">Date:</font></td>
<td><input type="text" name="date"
value="<?php echo $formVars["date"]; ?>" size=100></td>
</tr>
<tr>
<td><font color="blue">Customer ID:</font></td>
<td><input type="text" name="customerid"
value="<?php echo $formVars["customerid"]; ?>" size=100></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</body>
</html>
Re: PHP and updating mysql database.
Posted: Mon Feb 09, 2009 2:48 pm
by Ziq
Try this
Code: Select all
$query="SELECT * FROM customers WHERE customerid = \"".$formVars["customerid"]."\"";
echo $query;
$result=mysql_query($query) or die(mysql_error());
Maybe this help you.
Re: PHP and updating mysql database.
Posted: Mon Feb 09, 2009 2:56 pm
by fionaom87
it is now just displaying SELECT * FROM customers WHERE customerid = \"". at the top of my page.
Code: Select all
<?php error_reporting (E_ALL ^ E_NOTICE); ?>
<?php include 'config.php'; ?>
<?php
$formVars[$varname]=$value;
$query="SELECT * FROM customers WHERE customerid = \"".$formVars["customerid"]."\"";
echo $query;
$result=mysql_query($query) or die(mysql_error());
$row=mysql_fetch_array($result);
$formVars = array();
$formVars["name"]=$row["name"];
$formVars["address"]=$row["address"];
$formVars["telephoneno"]=$row["telephoneno"];
$formVars["housetype"]=$row["housetype"];
$formVars["customerid"]=$row["customerid"];
mysql_close($con);
?>
Re: PHP and updating mysql database.
Posted: Mon Feb 09, 2009 3:30 pm
by Ziq
You should read some books first. I'll try to help you.
Code: Select all
<?php
// Here include all files
//...
// This is customerid
$id = intval($_GET['id']);
if (empty($id)) {
// Redirect to error page, for example
exit();
}
// You should use something like mysql_real_escape_string()! but in this case it is not necessary
// besause $id protected by intval()
$query = 'SELECT name, address, telephoneno, housetype, customerid FROM customers WHERE customerid = '.$id;
$result = mysql_query($query) or die(mysql_error());
// Why do you use two variable $row and $formVars?
if (mysql_num_rows($result) > 0) {
$formVars = mysql_fetch_assoc($result);
} else {
// Redirect to 404 page
exit();
}
// If something was submitted
if (isset($_POST['name'])) {
// Check input information
// ...
// If information is valid do something in database.
}
// I don't know specific of your project but I think you have to use htmlspecialchars() to protect your project
// from XSS attack
Then if you want to change customer info you can use URL like
http://yourproject/update2.php?id=[number]
Number is customerid in your database.
And change this
Code: Select all
<form method="post" action="update2.php?id=<?php echo $id; ?>">