Member Avatar for Borderline

Good evening

I've been working on creating a basic admin panel in order to allow a friend to edit the content of her own website. The data is stored in a database, and the plan is to allow her to edit/add content to the database.

I've previously used this successfully elsewhere, but this time around I'm having problems - and I'm sure it's something simple. I'm receiving an error message: Error! The 'fid' variable is not valid. I've always used the auto increment as id - this is the first time altering it to fid.

<?php
    /*
        Allows the user to both create new records and edit existing records
    */

    // connect to the database
    include("***********.php");

    // creates the new/edit record form
    // since this form is used multiple times in this file, I have made it a function that is easily reusable
    function renderForm($text = '', $yearrange ='', $fid = '') //EDIT THIS IN ALL CASES
    { ?>
        <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
        <html>
            <head>   
                <title>
                    <?php if ($fid != '') { echo "Edit Record"; } else { echo "New Record"; } ?> 
                </title>
                <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
            </head>
            <body>
                <h1><?php if ($fid != '') { echo "Edit Record"; } else { echo "New Record"; } ?></h1>
                <?php if ($error != '') {
                    echo "<div style='padding:4px; border:1px solid red; color:red'>" . $error
                        . "</div>";
                } ?>

                <form action="" method="post">
                <div>
                    <?php if ($fid != '') { ?>
                        <input type="hidden" name="fid" value="<?php echo $fid; ?>" />
                        <p>ID: <?php echo $fid; ?></p>
                    <?php } ?>

                    <strong>Text: *</strong> <input type="text" name="text" value="<?php echo $text; ?>"/><br/>
                    <strong>Year Range: *</strong> <input type="text" name="yearrange" value="<?php echo $yearrange; ?>"/>
                    <p>* required</p>
                    <input type="submit" name="submit" value="Submit" />
                </div>
                </form>
            </body>
        </html>

    <?php }



        /*

           EDIT RECORD

        */
    // if the 'id' variable is set in the URL, we know that we need to edit a record
    if (isset($_GET['fid']))
    {
        // if the form's submit button is clicked, we need to process the form
        if (isset($_POST['submit']))
        {
            // make sure the 'id' in the URL is valid
            if (is_numeric($_POST['fid']))
            {
                // get variables from the URL/form
                $fid = $_POST['fid'];
                $text = htmlentities($_POST['text'], ENT_QUOTES);
                $yearrange = htmlentities($_POST['yearrange'], ENT_QUOTES);

                // check that text and yearrange are both not empty
                if ($text == '' || $yearrange == '')
                {
                    // if they are empty, show an error message and display the form
                    $error = 'ERROR: Please fill in all required fields!';
                    renderForm($text, $yearrange, $fid);
                }
                else
                {
                    // if everything is fine, update the record in the database
                    if ($stmt = $mysqli->prepare("UPDATE footer SET text = ?, yearrange = ? WHERE fid=?"))
                    {
                        $stmt->bind_param("ssi", $text, $yearrange, $fid);
                        $stmt->execute();
                        $stmt->close();
                    }
                    // show an error message if the query has an error
                    else
                    {
                        echo "ERROR: could not prepare SQL statement.";
                    }

                    // redirect the user once the form is updated
                    header("Location: footer.php");
                }
            }
            // if the 'id' variable is not valid, show an error message
            else
            {
                echo "Error!  The 'fid' variable is not valid.";
            }
        }
        // if the form hasn't been submitted yet, get the info from the database and show the form
        else
        {
            // make sure the 'id' value is valid
            if (is_numeric($_GET['fid']) && $_GET['fid'] > 0)
            {
                // get 'id' from URL
                $fid = $_GET['fid'];

                // get the record from the database
                if($stmt = $mysqli->prepare("SELECT * FROM footer WHERE fid=?"))
                {
                    $stmt->bind_param("i", $fid);
                    $stmt->execute();

                    $stmt->bind_result($fid, $text, $yearrange);
                    $stmt->fetch();

                    // show the form
                    renderForm($text, $yearrange, NULL, $fid);

                    $stmt->close();
                }
                // show an error if the query has an error
                else
                {
                    echo "Error: could not prepare SQL statement";
                }
            }
            // if the 'id' value is not valid, redirect the user back to the footer.php page
            else
            {
                header("Location: footer.php");
            }
        }
    }

    // close the mysqli connection
    $mysqli->close();
?>

The table creation code is this:

// Create table
$sql = "CREATE TABLE footer 
(
fid INT NOT NULL AUTO_INCREMENT,
PRIMARY KEY(fid),
text VARCHAR (50),
yearrange VARCHAR (15)
)";

Any help much appreciated.

at first glance i noticed that there are some thing to revise.

at line 11 you have the "renderForm" function that includes three values

function renderForm($text = '', $yearrange ='', $fid = '')

at line 118 you call the function above by passing a strange NULL value

renderForm($text, $yearrange, NULL, $fid);

then I notice that you are not sending the GET['fid'] parameter never, maybe you need to set your form action to "./?fid=1"

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.