Member Avatar for RodneyzPc

Hi..I sure hope you can help me !
2 years ago you helped with a Update Form
and I've been trying to adapt the form to my mySQL
Database.As I'm just learning and trying to figure some of this out
I've seemed to have hit a road block.
. . this was the thread 2 years ago . .
Click Here

I still have a couple of errors..

Notice: Undefined variable: name1 in C:\xampp\htdocs\website\afba_gate_mySQLi\update_row.php on line 31

Notice: Use of undefined constant QUERY_STRING - assumed 'QUERY_STRING' in C:\xampp\htdocs\website\afba_gate_mySQLi\update_row.php on line 34

Update Record
Notice: Undefined variable: shift in C:\xampp\htdocs\website\afba_gate_mySQLi\update_row.php on line 43

. . and at the bottom of the page . .

Notice: Undefined variable: update in C:\xampp\htdocs\website\afba_gate_mySQLi\update_row.php on line 74

My Table only consists of..
id (AI)..name1..name2..name3..name4..shift

I thought I had everything coded right according to all the manuals
and my table..but I guess I was wrong..

Could you please point me in the right direction..?

    <?php
    $hostname = "localhost";//host name
    $dbname = "afba_gate";//database name
    $username = "root";//username you use to login to php my admin
    $password = "jeremy2014";//password you use to login
    //CONNECTION OBJECT
    //This Keeps the Connection to the Databade
    $conn = new MySQLi($hostname, $username, $password, $dbname) or die('Can not connect to database')  
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>Untitled Document</title>
    </head>
    <body>
    <?php
    if(isset($_POST['Submit'])){//if the submit button is clicked
    $id = $_POST['id'];
    $name1 = $_POST['name1'];
    $name2 = $_POST['name2'];
    $name3 = $_POST['name3'];
    $name4= $_POST['name4'];
    $shift= $_POST['shift'];
    $update = "UPDATE shifts SET name1='$name1', name2='$name2', name3='$name3', name4='$name4',shift='$shift' WHERE name1 = ".$name1;
    $conn->query($update) or die("Cannot update");//update or error
    }
    ?>
    <?php
    //Create a query
    $sql = "SELECT * FROM shifts WHERE name1 = '".$name1."'";
    //submit the query and capture the result
    $result = $conn->query($sql) or die(mysql_error());
    $query=getenv(QUERY_STRING);
    parse_str($query);
    //$ud_id = $_POST['id'];
    //$ud_name1 = $_POST['name1'];
    //$ud_name2 = $_POST['name2'];
    //$ud_name3 = $_POST['name3'];
    //$ud_name4 = $_POST['name4'];
    //$ud_shift = $_POST['shift'];
    ?>
    <h2>Update Record <?php echo $shift;?></h2>
    <form action="" method="post">
    <?php
    while ($row = $result->fetch_assoc()) {?>
    <table border="0" cellspacing="10">
    <tr>
    <td>id:</td> <td><input type="text" name="updateid" value="<?php echo $row['id']; ?>"></td>
    </tr>
    <tr>
    <td>name1:</td> <td><input type="text" name="updatename1" value="<?php echo $row['name1']; ?>"></td>
    </tr>
    <tr>
    <td>name2:</td> <td><input type="text" name="updatename2" value="<?php echo $row['name2']; ?>"></td>
    </tr>
    <tr>
    <td>name3:</td> <td><input type="text" name="updatename3" value="<?php echo $row['name3']; ?>"></td>
    </tr>
    <tr>
    <td>name4:</td> <td><input type="text" name="updatename4" size="100" value="<?php echo $row['name4']; ?>"></td>
    <tr>
    <td>shift:</td> <td><input type="text" name="updateshift" size="100" value="<?php echo $row['shift']; ?>"></td>
    </tr>
    </tr>
    <tr>
    <td><INPUT TYPE="Submit" VALUE="Update the Record" NAME="Submit"></td>
    </tr>
    </table>
    <?php }
    ?>
    </form>
    <?php
    if($update){//if the update worked
    echo "<b>Update successful!</b>";
    }
    ?>
    </body>
    </html>
  • 3 Contributors
  • 3 Replies
  • 429 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by RodneyzPc

Recommended Answers

All 3 Replies

Member Avatar for gabrielcastillo

Change your connection to this:

new mysqli($hostname, $username, $password, $dbname);

Change your getenv to this:

$query = $_SERVER['QUERY_STRING'];

Change your update string to this:

$update = "UPDATE shifts SET name1 = '$name1', name2 = '$name2', name3 = '$name3', name4 = '$name4', shift = '$shift' WHERE name1 = '$name1'";
Member Avatar for mattster

Line 34 should be: $query=getenv('QUERY_STRING');

$_POST['name1'] and $_POST['shift'] clearly do not have a value submitted (or they wouldn't return as undefined). As a result, the update query fails along with all succeeding variables.

This highlights serious errors in your code, like you're not even using mysql_real_escape_string(), which is a cringy mistake that can take you to a very dark place. Please run ALL of client-submitted data through proper cleaning and validation.

There are some smaller other things as well, like the open/close in line 28/29 - no need for that. Line 43 is a clear case of something called XSS (cross site scripting). Again, you MUST make sure you check data before doing anything with it, let alone displaying it on the page. Maybe even looking into PHP frameworks if you intend to prodice an application for a client, as no framework would allow such problems.

The error on line 74 is becase $update just equals the text of your query, not actually the result of it. Change line 25/26 to this:

    $update = "UPDATE shifts SET name1='$name1', name2='$name2', name3='$name3', name4='$name4',shift='$shift' WHERE name1 = ".$name1;
    $update = $conn->query($update) or die("Cannot update");

$update will now be set to the result of the query.

Hope this helps.

Member Avatar for RodneyzPc

I probably should stick to just playing my Banjo and delivering Concrete...But..

I added this to the top for the mysql_real_escape_string..if thats right..

function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
  {
  $value = stripslashes($value);
  }
// Quote if not a number
if (!is_numeric($value))
  {
  $value = "'" . mysql_real_escape_string($value) . "'";
  }
return $value;
}

I also did the other additions you recommended..Hope I did them right..

 <?php
function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
  {
  $value = stripslashes($value);
  }
// Quote if not a number
if (!is_numeric($value))
  {
  $value = "'" . mysql_real_escape_string($value) . "'";
  }
return $value;
}
$hostname = "localhost";//host name
$dbname = "afba_gate";//database name
$username = "root";//username you use to login to php my admin
$password = "jeremy2014";//password you use to login
//CONNECTION OBJECT
//This Keeps the Connection to the Databade
$conn = new mysqli($hostname, $username, $password, $dbname) or die('Can not connect to database')
?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>Update the AFBA Gate</title>
    </head>
    <body>
    <?php
    if(isset($_POST['Submit'])){//if the submit button is clicked
    $id = $_POST['id'];
    $name1 = $_POST['name1'];
    $name2 = $_POST['name2'];
    $name3 = $_POST['name3'];
    $name4= $_POST['name4'];
    $shift= $_POST['shift'];
     $update = "UPDATE shifts SET name1='$name1', name2='$name2', name3='$name3', name4='$name4',shift='$shift' WHERE name1 = ".$name1;
    $update = $conn->query($update) or die("Cannot update");
    }
    ?>
    <?php
    //Create a query
    $sql = "SELECT * FROM shifts WHERE name1 = '".$name1."'";
    //submit the query and capture the result
    $result = $conn->query($sql) or die(mysql_error());
    $query=getenv('QUERY_STRING');
    parse_str($query);
    //$ud_id = $_POST['id'];
    //$ud_name1 = $_POST['name1'];
    //$ud_name2 = $_POST['name2'];
    //$ud_name3 = $_POST['name3'];
    //$ud_name4 = $_POST['name4'];
    //$ud_shift = $_POST['shift'];
    ?>
    <h2>Update Record <?php echo $shift;?></h2>
    <form action="" method="post">
    <?php
    while ($row = $result->fetch_assoc()) {?>
    <table border="0" cellspacing="10">
    <tr>
    <td>id:</td> <td><input type="text" name="updateid" value="<?php echo $row['id']; ?>"></td>
    </tr>
    <tr>
    <td>name1:</td> <td><input type="text" name="updatename1" value="<?php echo $row['name1']; ?>"></td>
    </tr>
    <tr>
    <td>name2:</td> <td><input type="text" name="updatename2" value="<?php echo $row['name2']; ?>"></td>
    </tr>
    <tr>
    <td>name3:</td> <td><input type="text" name="updatename3" value="<?php echo $row['name3']; ?>"></td>
    </tr>
    <tr>
    <td>name4:</td> <td><input type="text" name="updatename4" size="100" value="<?php echo $row['name4']; ?>"></td>
    <tr>
    <td>shift:</td> <td><input type="text" name="updateshift" size="100" value="<?php echo $row['shift']; ?>"></td>
    </tr>
    </tr>
    <tr>
    <td><INPUT TYPE="Submit" VALUE="Update the Record" NAME="Submit"></td>
    </tr>
    </table>
    <?php }
    ?>
    </form>
    <?php
    if($update){//if the update worked
    echo "<b>Update successful!</b>";
    }
    ?>
    </body>
    </html>

Just to mention..all the input boxes show up..with the value that I put in thru phpadmin..

but still get these errors..

Notice: Undefined variable: name1 in C:\xampp\htdocs\website\afba_gate_mySQLi\update_row.php on line 45

Update Record
Notice: Undefined variable: shift in C:\xampp\htdocs\website\afba_gate_mySQLi\update_row.php on line 57

Notice: Undefined variable: update in C:\xampp\htdocs\website\afba_gate_mySQLi\update_row.php on line 88

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.