i cann't update

Ask about a PHP problem here.
Post Reply
User avatar
ipharaoh
Posts: 5
Joined: Sat Mar 03, 2012 11:54 am

i cann't update

Post by ipharaoh »

hello every body
all i want to do in this project is when you decide to edit a post, by clicking on edit post.
i wanted to show a web form for the user with his old post displayed in the form, and all he have got to do is replacing the old post with news post....

i have the following errors :

Notice: undfined variable: gid in C:\xxxxxx.editnews.php on line 11
Notice: undfined variable: author in C:\xxxxxx.editnews.php on line 25
Notice: undfined variable: titke in C:\xxxxxx.editnews.php on line 25
Notice: undfined variable: content in C:\xxxxxx.editnews.php on line 25

line 25 where i am actually update = mysql_query( .................)

any suggetions please i have working on this simple project over 10 hours now and i don't know what to do anymore
<?php 
#1. Connecting to database #
require("SQL_connect.php");
#-------------------------#

if(isset($_GET['id'])){
	$gid = $_GET['id'];
	}
$data = mysql_query("SELECT * FROM addnews WHERE id='$gid'") or die("CANNOT EXCUTE SELECTION");

while($row = mysql_fetch_assoc($data)){
	$author = $row['author'];
	$title = $row['title'];
	$content = $row['content'];
	
	
}

#-------FORM HERE-----------#
if(isset($_POST['author'],$_POST['title'],$_POST['content']))
{
	$update = mysql_query("UPDATE news_system SET author='$author', title='$title', content='$content' WHERE id='$gid'")
	or die("Something went wrong: Please Try again later..");
}


echo "<form action='".$_SERVER['PHP_SELF']."' method='POST'>
	 Author:<br/>
        <input type='text' name='author' value='".$author."' size='35px'/><br/>
        
        Title:<br/>
        <input type='text' name='title' value='".$title."' size='35px' /><br/>
        
        Content:<br/>
        <textarea name='content' rows='5' cols='50' >".$content."</textarea><br/>
	<input type='submit' value='update' />
</form>";
?>
Top
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: i cann't update

Post by Temor »

The problem is that you never give $author, $title, $gid and $content a value. Easiest thing would be to set those at the top of the page or use the $_POST or $_GET variables directly. Creating a new variable in this case serves no real purpose.
Top
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:
Contact jacek

Re: i cann't update

Post by jacek »

Some general points.
if(isset($_GET['id'])){
        $gid = $_GET['id'];
        }
$data = mysql_query("SELECT * FROM addnews WHERE id='$gid'") or die("CANNOT EXCUTE SELECTION");
Here you check to see if the $_GET variable is defined. But then you try to use a variable that would not be defined below it anyway.
$data = mysql_query("SELECT * FROM addnews WHERE id='$gid'") or die("CANNOT EXCUTE SELECTION");
 
while($row = mysql_fetch_assoc($data)){
        $author = $row['author'];
        $title = $row['title'];
        $content = $row['content'];
}
There is no need to use a loop if you only have one row in your result.
if(isset($_POST['author'],$_POST['title'],$_POST['content']))
{
        $update = mysql_query("UPDATE news_system SET author='$author', title='$title', content='$content' WHERE id='$gid'")
        or die("Something went wrong: Please Try again later..");
}
Okay, but you should consider SQL injection.
echo "<form action='".$_SERVER['PHP_SELF']."' method='POST'>
         Author:<br/>
       <input type='text' name='author' value='".$author."' size='35px'/><br/>
       
       Title:<br/>
       <input type='text' name='title' value='".$title."' size='35px' /><br/>
       
       Content:<br/>
       <textarea name='content' rows='5' cols='50' >".$content."</textarea><br/>
        <input type='submit' value='update' />
</form>";
Echo-ing huge chunks of HTML like this is very un-tidy.
Image
Top
User avatar
ipharaoh
Posts: 5
Joined: Sat Mar 03, 2012 11:54 am

Re: i cann't update

Post by ipharaoh »

Thanks man. i will give it try and i will let you know....i really appreciated your response......
Top
User avatar
ipharaoh
Posts: 5
Joined: Sat Mar 03, 2012 11:54 am

Re: i cann't update

Post by ipharaoh »

Thank you guys for helping me..finaly i fixed this probelm -- i just wanted to say i am new php beginner i don't have this much of experince with the language but i am doing my best to be a good php developer..
any way one more time thank you guys here is the code finaly worked correctly without any errors :) :) 
<?php 
//including connection
include("SQL_connect.php");
include("functions.php");
$gid=0;
if(isset($_GET['id']) && is_numeric($_GET['id']))
    {
	$gid= intval($_GET['id']);
    }


$ERRORS = array();
if(isset($_POST['author'],$_POST['title'],$_POST['content']))
{
$author  = protect($_POST['author']);
$title   = protect($_POST['title']);
$content = protect($_POST['content']);

//checking if no errors
if(empty($author)){
    $ERRORS[] = "ERROR: You cannot leave <span style=\"color:red\">Author</span> empty...!";
    }
	if(empty($title)){
	    $ERRORS[] = "ERROR: You cannot leave <span style=\"color:red\">Title</span> empty...!";
	}
	if(empty($content)){
	    $ERRORS[] = "ERROR: You cannot leave <span style=\"color:red\">Content</span> empty...!";
	}
    //if there is no errors then add values to the addnews table
	if(empty($ERRORS)){
    
    //No ERRORS - UPDATE   addnews SET
    $update = ("UPDATE tbl_news SET author='$author', title='$title', content='$content' WHERE id='$gid'") or die("Something went wrong: Please Try again later..");
    
    //redirecting the user for nonspaming   
	if(mysql_query($update)){
	header("Location: selecting_data.php");
	die();
	}
    
    }
    else {
	foreach($ERRORS as $ERROR){
	    echo $ERROR."<br/>";
	}
    }

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Editing the Posts News</title>
<style type="text/css">

</style>
</head>
<body>

<?php

$select = mysql_query("SELECT * FROM tbl_news WHERE id='".$gid."'");
$row = mysql_fetch_assoc($select);

?>

<br/>
<strong>Edit your post news</strong>
<br/>
<form method="post" action="[syntax=php]<?php protect($_SERVER['PHP_SELF']); ?>
">

Author:<br/>
<input type="text" name="author" value="
<?php echo protect($row['author']); ?>
" size="40" /><br/>

Title:<br/>
<input type="text" name="title" value="
<?php echo protect($row['title']); ?>
" size="40" /><br/>

Content:<br/>
<textarea name="content" rows="7" cols="50" >
<?php echo protect($row['content']); ?>
</textarea><br/>

<br/>
<input type="submit" value="Send.!" />

</form>
<?php mysql_close($connect); ?>
</body>
</html>
[/syntax]
Top
User avatar
ipharaoh
Posts: 5
Joined: Sat Mar 03, 2012 11:54 am

Re: i cann't update

Post by ipharaoh »

here is the security function i made to prevent SQL injection :
if is there something more should i include to prevent SQL injection : Please guys inform me to add with function 
function protect($securing){
    $securing = mysql_real_escape_string($securing);
    $securing = strip_tags($securing);
    $securing = htmlentities($securing);
    return $securing;
    }
Top
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:
Contact jacek

Re: i cann't update

Post by jacek »

Well it would work, but there are cases where you would want to insert html into the database or something that looks like a html tag at least. Then you would need a different function.

Instead of creating a function that is so generic it will never really be used why not just make one that handles escaping and then use htmlentites where you need to.
Image
Top
Post Reply

Return to “PHP”