Hi Larry,
First up, great book, I'm really enjoying working through it.
I'm having an issue with editing a user as per chapter 10, code below;
<?php
echo '<h1>Edit a User</h1>';
if ((isset($_GET['id'])) && (is_numeric($_GET['id']))) {
$id = $_GET['id'];
} elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) {
$id = $_POST['id'];
} else { # no valid id, kill the script
echo '<p>Yo this page has been accessed in error</p>';
exit();
}
require("connect.php");
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$errors = [];
# check for first name
if (empty($_POST['first'])) {
$errors[] = 'You forgot to enter your first name';
} else {
$fn = mysqli_real_escape_string($conn, trim($_POST['first']));
}
#check for last name
if (empty($_POST['last'])) {
$errors[] = 'You forgot to enter your last name';
} else {
$ln = mysqli_real_escape_string($conn, trim($_POST['last']));
}
# check for email address
if (empty($_POST['email'])) {
$errors[] = 'You forgot to enter your email address';
} else {
$e = mysqli_real_escape_string($conn, trim($_POST['email']));
}
# check for errors, then if everything is ok proceed
if (empty($errors)) {
#test for unique email address
$query = "SELECT id FROM users WHERE email='$e' AND id != $id";
$result = @mysqli_query($conn, $query);
if (mysqli_num_rows($result) == 0) {
# make the query
$query = "UPDATE users SET first='$fn', last='$ln', email='$e'
WHERE id=$id LIMIT 1";
$result = @mysqli_query($conn, $query);
if (mysqli_affected_rows($conn) == 1) { // if it ran fine
# print a message
echo '<p>The User has been edited.</p>';
} else {
#print an error message
echo '<p>The User could not be edited, sorry.</p>';
echo '<p>' . mysqli_error($conn) . '<br>Query: ' . $query . '</p>';
}
} else {
# the email address has already been registered
echo '<p>The email address has already been registered.</p>';
}
} else {
#report the errors
echo '<p>The following error(s) occurred: <br>';
foreach ($errors as $msg) {
echo " - $msg<br>\n";
}
echo '</p><p>Please try again</p>';
} # end of IF conditional
} # end of submit conditionals
# show the form
#retrieve user information
$query = "SELECT first, last, email FROM users WHERE id=$id";
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) == 1) {
#user ID is valid, show form
# get user information
$row = mysqli_fetch_array($result, MYSQLI_NUM);
#create the form
echo '<form action="edit_user.php" method="post">
<p>First Name: <input type="text" name="first" size="15" maxlength="15"
value=" '. $row[0] .' "></p>
<p>Last Name: <input type="text" name="last" size="15" maxlength="30"
value=" '. $row[1] .' "></p>
<p>Email Address: <input type="email" name="email" size="20" maxlength="60"
value=" '. $row[2] .' "></p>
<p><input type="submit" name="submit" value="Submit"></p>
<input type="hidden" name="id" value=" '. $id .' ">
</form>';
} else {
# not a valid user
echo '<p>Hey this page has been accessed in error!</p>';
}
mysqli_close($conn);
?>
I'm getting the error from the GET/POST conditional in the beginning where the $id variable is set (as in the exit() function runs and $id is not set). I can see from running through the links from view_users.php to the edit_users.php page that the GET request is showing the user id in the address bar, and if I echo $id after the first conditional I get the id for the user. Additionally when I access edit_users.php the sticky forms are prefilled with the user data, so something somewhere is working. I just wanted to check that I hadn't made a syntax error or mislabeled something somewhere that I can't see that might lead to this error.