What's wrong with this PHP code? Watch

RabbitCFH
Badges: 19
Rep:
?
#1
Report Thread starter 6 years ago
#1
I'm practising PHP and MySQL and I've been trying to make a very simple database manager (as an example, using a basketball team roster). This is my code:

PHP Code:
<?php
require_once 'login.php';
$db_server mysql_connect($db_hostname,$db_username,$db_password);

if (!
$db_server) die("Unable to connect to MySQL: " mysql_error());

mysql_select_db($db_database)
    or die(
"Unable to connect to database: " mysql_error());

if (isset(
$_POST['delete']) && isset($_POST['number'])) 
    

    
$number get_post('number'); 
    
$query "DELETE FROM bulls WHERE number='$number'"
    
    if (!
mysql_query($query$db_server)) 
            echo 
"DELETE failed: $query<br />" 
            
mysql_error() . "<br /><br />"
    
}

if (isset(
$_POST['modify']) && isset($_POST['lastname']))
{
    
$lastname get_post('lastname');
    
$number get_post('number');
    
    
$query "UPDATE bulls SET lastname='$lastname' WHERE number='$number'";
        
    if (!
mysql_query($query$db_server)) echo "CHANGE failed: $query<br />" 
            
mysql_error() . "<br /><br />";
}

if (isset(
$_POST['lastname']) &&
    isset(
$_POST['firstname']) &&
    isset(
$_POST['position']) &&
    isset(
$_POST['born']) &&
    isset(
$_POST['number']) &&
    isset(
$_POST['pic']))
{
    
$lastname     get_post('lastname');
    
$firstname    get_post('firstname');
    
$position     get_post('position');
    
$born         get_post('born');
    
$number       get_post('number');
    
$pic          get_post('pic');
    
    
$query "INSERT INTO bulls VALUES" 
            
"('$lastname', '$firstname', '$position', '$born', '$number', 
            '
$pic')"
    if (!
mysql_query($query$db_server)) echo "INSERT failed: $query<br />" 
            
mysql_error() . "<br /><br />";
}



echo <<<_END
<form action="project1.php" method="post"><pre>
       Last name <input type="text" name="lastname" />
      First name <input type="text" name="firstname" />
Primary position <input type="text" name="position" />
   Year of birth <input type="text" name="born" />
          Number <input type="text" name="number" />
    Select Photo <input type="file" name="pic" />
          <input type="submit" value="ADD PLAYER" />
</pre></form>
_END;

$query "SELECT * FROM bulls";
$result mysql_query($query);

if (!
$result) die ("Database access failed: " mysql_error());
$rows mysql_num_rows($result);

for (
$j $j $rows ; ++$j)
{
    
$row mysql_fetch_row($result);
    echo <<<_END
<pre>
    Last name: 
$row[0]   <input type="text" name="lastname" />  <form action="project1.php" method="post"><input type="hidden" name="modify" value="yes" /><input type="hidden" name="lastname" value="$row[0]" /><input type="submit" value="MODIFY" /></form>
   First name: 
$row[1]   <input type="text" name="firstname" />
     Position: 
$row[2]   <input type="text" name="position" />
Year of birth: 
$row[3]   <input type="text" name="born" />
       Number: 
$row[4]   <input type="text" name="number" />
        Photo: <a href="project1/images/
$row[5]" target="_blank">$row[5]</a>     <input type="file" name="pic" />
</pre>
<form action="project1.php" method="post">
    <input type="hidden" name="delete" value="yes" />
    <input type="hidden" name="number" value="
$row[4]" />
    <input type="submit" value="DELETE PLAYER" /></form>
_END;
}

mysql_close($db_server);

function 
get_post($var)
{
    return 
mysql_real_escape_string($_POST[$var]);
}
?>
Adding and deleting records was fine, as I got this example from a book. I added a couple of small features and wanted to add the option to modify the records. However, I get the following error when i try to modify the 'lastname' value:
Code:
Notice: Undefined index: number in C:\web\project2\project1.php on line 97
I tried slightly modifying the code:

...
if (isset($_POST['modify']) && isset($_POST['lastname']))
{
$lastname = get_post('lastname_ch');
$number = get_post('number');

$query = "UPDATE bulls SET lastname='$lastname' WHERE number='$number'";

if (!mysql_query($query, $db_server)) echo "CHANGE failed: $query<br />" .
mysql_error() . "<br /><br />";
}
...
<form action="project1.php" method="post"><input type="hidden" name="modify" value="yes" /><input type="hidden" name="lastname_ch" value="$row[0]" /><input type="submit" value="MODIFY" /></form>
but the only thing I gained was that I am not getting the error anymore when I try to modify the lastname value (but the value doesn't change anyway).

Where did I go wrong?
Thanks in advance.
0
quote
reply
JGR
Badges: 9
Rep:
?
#2
Report 6 years ago
#2
"number" is a text field, and as such the user needs to fill it in if the modify query is going to find anything to modify. You also don't test whether it is set in the surrounding if statement.
What you probably would want to do is make it a hidden field, *unless* you also want the to modify the user to be able to modify it, in which case you would need some other immutable field to select on instead.

In general, it's also a good idea to fill in any fields which are user-modifiable, or ignore blank post variables, as otherwise just pressing submit will likely wipe the record.
0
quote
reply
RabbitCFH
Badges: 19
Rep:
?
#3
Report Thread starter 6 years ago
#3
(Original post by JGR)
"number" is a text field, and as such the user needs to fill it in if the modify query is going to find anything to modify. You also don't test whether it is set in the surrounding if statement.
What you probably would want to do is make it a hidden field, *unless* you also want the to modify the user to be able to modify it, in which case you would need some other immutable field to select on instead.

In general, it's also a good idea to fill in any fields which are user-modifiable, or ignore blank post variables, as otherwise just pressing submit will likely wipe the record.
I can't get it to work Could you rewrite the code so I could see what exactly is wrong with it? Here is the code, it should read a bit better: http://snipt.org/vAae5

Also, I've been told to start using MySQLi or PDO database, but I want to get this modify function to work first, cause it's really annoying me.
0
quote
reply
JGR
Badges: 9
Rep:
?
#4
Report 6 years ago
#4
To do it properly you'll need to add a primary key column to your database table.
Assuming that you've done that and called it "player_id", see http://snipt.org/vAag0
I've only made minimal changes, I don't code in PHP nowadays, so you'll still to go through it yourself.
1
quote
reply
RabbitCFH
Badges: 19
Rep:
?
#5
Report Thread starter 6 years ago
#5
(Original post by JGR)
To do it properly you'll need to add a primary key column to your database table.
Assuming that you've done that and called it "player_id", see http://snipt.org/vAag0
I've only made minimal changes, I don't code in PHP nowadays, so you'll still to go through it yourself.
Thanks a lot, but this time the page doesn't display and I get the following error:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\web\project2\test.php on line 13

Edit: I fixed it. Now I'm getting a mysql error when trying to modify values but I'll look into it later. Thanks for help!
Edit 2: Everything works now. Guess now it's time to upgrade the database to mysqli or PDO and what not.
0
quote
reply
X

Quick Reply

Attached files
Write a reply...
Reply
new posts
Latest
My Feed

See more of what you like on
The Student Room

You can personalise what you see on TSR. Tell us a little about yourself to get started.

Personalise

Did you get less than your required grades and still get into university?

Yes (49)
29.34%
No - I got the required grades (97)
58.08%
No - I missed the required grades and didn't get in (21)
12.57%

Watched Threads

View All