Hi,
I've been working my way through the book and I seem to have hit an error that I don't know how to resolve. I'm hoping someone could give me some suggestions as to how I can resolve it. I'm on chapter 10 and working on the edit_user.php lesson. I have the script written but when I go to test it by editing a users details I get this error message when I submit the edited form:
Fatal error: Function name must be a string in /home/scottm/public_html/tuts/php/edit_user.php on line 36
That error is referring to this line of code:
$fn = mysqli_real_escape_string($dbc, $trim($_POST['first_name']));
For the life of me I can't find the issue, I'm hoping a second set of eyes might be able to see where I'm going wrong. Below is the rest of the code I'm working with, any help would be greatly appreciated.
Thanks in advance
<?php # Script 10.3 - edit-user.php
$page_title = 'Edit A User';
include('includes/header.html');
echo '<h1>Edit a User</h1>';
//check for a valid ID through GET or POST
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { //if the form uses $_GET method
$id = $_GET['id']; //set the value of $id using GET
} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { //or if the form uses $_POST method
$id = $_POST['id']; //set the value of $id using POST
} else { //if there was a problem
echo '<p class="error>This page has been accessed in error.</p>';
include('includes/footer.html');
exit();
}
//include the database connection script
require_once('../../Connections/mysqli_connect.php');
//check to make sure the form has been submitted
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//create an errors array to store all errors generated
$errors = array();
//validate the first name
if(empty($_POST['first_name'])) {
$error[] = 'You forgot to enter your first name';
} else {
$fn = mysqli_real_escape_string($dbc, $trim($_POST['first_name'])); // <----------------This is line 36
}
//validate the last name
if (empty($_POST['lst_name'])) {
$error[] = 'You forgot to enter your last name';
} else {
$ln = mysqli_real_escape_string($dbc, trim($_POST['last_name']));
}
//validate the email address
if (empty($_POST['email'])) {
$error[] = 'you forgot to enter your Email address';
} else {
$e = mysqli_real_escape_string($dbc, trim($_POST['email']));
}
//if there where no errors in the error array, check that the email address is not already in use
if (empty($errors)) {
//test for unique email address
$q = "SELECT user_id FROM users WHERE email=$e AND user_id != $id";
$r = @mysqli_query ($dbc, $q);
if (mysqli_num_rows($r) == 0) { //if the email is unique
//make query
$q = "UPDATE users SET first_name='$fn', last_name='$ln', email='$e' WHERE user_id='$id' LIMIT 1";
$r = @mysqliquery($dbc, $q);
if(mysqli_affected_rows($dbc) == 1) { //if it ran OK
//print message
echo '<p>The user has been edited</p>';
} else { //if it did not run OK
echo '<p class="error">The user could not be edited, dues to a system error. We apologize for the inconvienence</p>'; //public message
echo '<p>' . mysqli_errors($dbc) . '<br />Query: ' . $q . '</p>'; //debugging message
}
} else { //already registered
echo '<p class="error">The email address has already been registered</p>';
}
} else { //Report the errors
echo '<p class="error">The following error(s) occured:<br />';
foreach($errors as $msg) {
echo "$msg<br />\n";
}
echo '</p><p>Please Try Again</p>';
} //END OF if (empty($errors)) IF STATEMENT
} //END OF if($_SERVER['REQUEST_METHOD']) SUBMIT CONDITIONAL
//Always show the form
//Retrieve the users information
$q = "SELECT first_name, last_name, email FROM users WHERE user_id=$id";
$r = @mysqli_query($dbc, $q);
if (mysqli_num_rows($r) == 1) { //if there is a valid user_id, show the form
//get the users information
$row = mysqli_fetch_array ($r, MYSQLI_NUM);
//create the form
echo '<form action="edit_user.php" method="post">
<p>First Name: <input type="text" name="first_name" size="15" maxlength="15" value="' . $row[0] . '" /></p>
<p>Last Name: <input type="text" name="last_name" size="15" maxlength="30" value="' . $row[1] . '" /></p>
<p>Email Address: <input type="text" name="email" size="20" maxlength="60" value="' . $row[2] . '" /></p>
<p><input type="submit" name="submit" value="Submit" /></p>
<input type="hidden" name="id" value="' . $id . '" />
</form>';
} else { //is not a valid user_id
echo '<p class="error">This page has been accessed in error</p>';
}
//close dtabase connection
mysqli_close($dbc);
include('includes/footer.html');
?>