Jump to content
Larry Ullman's Book Forums

When I Go To The Update.php I Keep Getting The Error Message This Page Has Been Accessed In Error


Recommended Posts

edit.php

<?php

session_start();
if( !isset($_SESSION['empID']) ) {
   header("Location: login.php");
   exit;
 }
 elseif ( (isset($_SESSION['empID'])) && !$_GET['empID']){
   header("Location: update.php?user=" . $_SESSION['empID']);
 }
 else{
   // select loggedin users detail
   $res=mysql_query("SELECT * FROM Staff  WHERE empID=".$_SESSION['empID']);
   $userRow=mysql_fetch_array($res);
   $id = $_GET['empID'];
 }
$thisPage = "edit";
include('includes/header.html');
include('includes/nav1.php');
echo '<h1>Edit Patients</h1>';
require_once('../mysqli_connect.php');
 
$q = "SELECT firstN, lastN,street,suburb, state,pc, phone,email,patientID FROM Patient ORDER BY firstN";
$r = @mysqli_query($dbc, $q);
$num = mysqli_num_rows($r);
if($num > 0){
echo "<p>There are currently $num registered patients</p>";
echo '<table>
<tr>
<td class = "red">Edit</td><td class = "red">Delete</td><td class = "red">First name</td><td class = "red">Last name</td>
<td class = "red">Street</td><td class = "red">Suburb</td><td class = "red">State</td><td class = "red">Postcode</td><td class = "red"> Phone</td><td class = "red">Email</td></tr>';
while($row = mysqli_fetch_array($r,MYSQLI_ASSOC)) {
echo '<tr>
<td class = "red"><a href ="update.php?id=' . $row['patientID'] . '">Update</td>
<td class = "red"><a href ="update.php?id='. $row['patientID'] . '">Delete</td>
<td class = "red">' . $row['firstN'] . '</td>
<td class = "red">' .$row['lastN'] . '</td>
<td class = "red">' . $row['street'] . '</td>
<td class = "red">' . $row['suburb'] . '</td>
<td class = "red">' . $row['state'] . '</td>
<td class = "red">' . $row['pc']. '</td>
<td class = "red">' . $row['phone'] . '</td>
<td class = "red">' . $row['email'] . '</td>
</tr>';
 
}
echo '</table>';
mysqli_free_result($r);
} else {
echo '<p class = "error">There are currently no patients</p>';
}
mysqli_close($dbc);
echo '<p><a href = "logout.php">Logout</a></p>';
include('includes/footer.html');
?>
update.php 
<?php 
 if((isset($_GET['empID'])) && (is_numeric($_GET['empID']))) {
$id = $_GET['empID'];
} elseif((isset($_POST['empID'])) && (is_numeric($_POST['empID']))) {
$id = $_POST['empID'];
} else {
    echo '<p class = "error">This page has been accessed in error</p>';
include('includes/footer.html');
exit();
}
$thisPage = 'update';
include('includes/header.html');
include('includes/nav1.php');
require_once('../mysqli_connect.php');
 
if($_SERVER['REQUEST_METHOD'] == 'POST') {
   $errors = array();
   if(empty($_POST['firstN'])) {
  $errors[] = 'You forgot to enter your first name';
   } else {
  $fn = mysqli_real_escape_string($dbc, trim($_POST['firstN']));
   }
   if(empty($_POST['lastN'])) {
  $errors[] = 'You forgot to enter your last name';
   } else {
   $ln = mysqli_real_escape_string($dbc,trim($_POST['lastN']));
   }
   if(empty($_POST['email'])) {
  $errors[] = 'You forgot to enter your email address';
   } else {
   $e = mysqli_real_escape_string($dbc, trim($_POST['email']));
   }
   if(empty($errors)) {
  $q = "SELECT patientID FROM Patient WHERE email = '$e' AND patientID!=$id";
  $r = @mysqli_query($dbc,$q);
  if(mysqli_num_rows($r) == 0) {
$q = "UPDATE Patient SET firstN = '$fn', lastN = '$ln', email = '$e' WHERE patientID=$id LIMIT 1";
$r = @mysqli_query($dbc,$q);
if(mysqli_affected_rows($dbc) == 1) {
echo '<p>The patient has been updated</p>';
} else {
echo '<p class = "error">The patient could not be updated due to a system error</p>';
echo '<p>' . mysqli_error($dbc) . '<br/><br/>Query: ' . $q . '</p>';
}
  } else {
echo '<p class = "error">The email address has already been registered</p>';
  }
   } else {
   echo '<p class = "error">The following error(s) have occurred<br/>';
   foreach($errors as $msg) {
echo " -$msg<br/>\n";   
   }
   echo '</p><p>Please try again</p>';
   }
}
$q = "SELECT firstN, lastN, email FROM Patient WHERE patientID=$id";
$r = @mysqli_query($dbc,$q);
if(mysqli_num_rows($r) == 1) {
   $row = mysqli_fetch_array($r,MYSQLI_NUM);
   echo '<h1>Update Patient</h1>';
   echo '<form action = "edit_user.php" method = "post">
<p>First Name: <input type="text" name="firstN" size="15" maxlength="15" value ="'. $row[0] . '"/></p>
<p>Last Name: <input type="text" name="lastN" size="15" maxlength="30"value ="'. $row[1] . '"/></p>
<p>Email Address:<input type="text" name="email" size="20" maxlength="60" value ="' . $row[2] . '"  /> </p>
<p><input type="submit" name="submit" value="Submit" /></p>
<input type="hidden" name="id" value="' . $id . '" />
</form>';
} else {
   echo '<p class = "error">This page has been accessed in error</p>';
mysqli_close($dbc);
 echo "<p><a href=\"edit.php\">Edit Patients</a></p>";
?>
database
/* Starting file for PHP assignment 2
Margaret Vallance
May 2017
*/
 
DROP DATABASE IF EXISTS DF_HMC;
CREATE DATABASE DF_HMC;
USE DF_HMC;
 
CREATE TABLE Staff(
empID CHAR(3),
empFirst VARCHAR(20),
empLast VARCHAR(30),
empUserName VARCHAR(12) NOT NULL,
empPassword CHAR(40) NOT NULL,
empSecurity CHAR(1) DEFAULT 'U',          /*  U=User M=Manager */
PRIMARY KEY (empID)
);
 
INSERT INTO Staff VALUES ('AAA', 'Alan', 'Anderson', 'anders', SHA1('aapwd'), 'U');
INSERT INTO Staff VALUES ('BBB', 'Bob', 'Brown', 'brownie', SHA1('bbpwd'), 'M');
INSERT INTO Staff VALUES ('CCC', 'Cassie', 'Carson', 'cassie', SHA1('ccpwd'), 'U');
 
 
CREATE TABLE Patient (
   patientID  INT AUTO_INCREMENT,
   title VARCHAR(15) DEFAULT 'Mr',
   firstN      VARCHAR(40) NOT NULL,
   lastN    VARCHAR(20) NOT NULL,
   street       VARCHAR(25),
   suburb       VARCHAR(30),
   state        CHAR(3) DEFAULT 'NSW',
   pc      CHAR(4) DEFAULT '2250',
   phone   CHAR(12),
   email VARCHAR(50),
   imageName VARCHAR(50),
   login VARCHAR(12),
   pwd VARCHAR(40),
   PRIMARY KEY (patientID)
);
 
CREATE TABLE EquipmentType (
   typeID CHAR(3),
   description  VARCHAR(50)   NOT NULL,
   checkPeriod INT,
   costPerDay FLOAT(5, 2),
   PRIMARY KEY (typeID)
);
 
CREATE TABLE Equipment (
   serialNo CHAR(10),
   eType CHAR(3)   NOT NULL,
   purchased DATE NOT NULL,
   lastChecked  DATE,
   equipCondition VARCHAR(15) DEFAULT 'Excellent',
   countryMade VARCHAR(25),
   PRIMARY KEY (serialNo),
   FOREIGN KEY (eType) REFERENCES EquipmentType(typeID)
);
 
 
CREATE TABLE Hire(
hireID INT AUTO_INCREMENT,
patID INT,
serialNo CHAR(10) NOT NULL,
dateHired DATE NOT NULL,
dateReturned DATE,
UNIQUE KEY ukHire (patID, serialNo, dateHired),
PRIMARY KEY (hireID),
FOREIGN KEY (patID) REFERENCES Patient(patientID),
FOREIGN KEY (serialNo) REFERENCES Equipment(serialNo)
);
 
 
CREATE TABLE Payment (
paymentID INT AUTO_INCREMENT,
amount FLOAT(5, 2) NOT NULL,
paymentDate DATE NOT NULL,
method  VARCHAR(15),
hireID INT,
    PRIMARY KEY (paymentID),
    FOREIGN KEY (hireID) REFERENCES Hire(hireID)
);
 
 
/*Patient */
INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Admiral','William', 'Adama', '1 Captain Close', 'Caprica', 'VIC', '3209', '02 3321 1123', 'bill@galactica.com', 'wa', 'wapwd');
INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('President','Laura', 'Roslin', '1 Education Street', 'Canberra', 'ACT', '2601', '02 6676 1123', 'laura@earth.gov', 'lr', 'lrpwd');
INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Captain','Lee', 'Adama', '5 Apolla Lane', 'Squadron', 'QLD', '4459', '07 8446 1111', 'lee@galactica.com', 'la', 'lapwd');
INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Ms','Sharon', 'Valerii', '23 Hanger Drive', 'Gosford', 'NSW', '2250', '02 4356 0000', NULL, 'sv', 'svpwd');
INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Miss', 'Kara','Thrace', '10 Cylon Street', 'Wyong', 'NSW', '2259', NULL, 'karaT@blackhole.com', 'kt', 'ktpwd');
INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Mr', 'Karl', 'Agathon', '8 Short Avenue', 'Geminon', 'NSW', '2299', '02 8876 1123', 'helo@galactica.com', 'ka', 'kapwd');
INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Mr','Sam', 'Anders', NULL, NULL, NULL, NULL, NULL, NULL, 'sa', 'sapwd');
INSERT INTO Patient (title, firstN, lastN, street, suburb, state, pc, phone, email, login, pwd) VALUES('Colonel','Saul', 'Tigh', '2 Crew Close', 'Shipton', 'QLD', '4309', '02 8876 1123', 'saul@galactica.com', 'st', 'stpwd');
 
 
 
/*Equipment Type */
INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('WCE', 'Wheelchair - Electric', 90, 5.00);
INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('WCS', 'Wheelchair - Standard', 120, 3.00);
INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('WF3', '3 Wheel Walking Frame', 60, 4.25);
INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('FRL', 'Lightweight Folding Ramp', 100, 5.00);
INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('SCL', 'Large Scooter', 60, 120.00);
INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('CRL', 'Crutches - Long', 365, 1.50);
INSERT INTO EquipmentType (typeID, description, checkPeriod, costPerDay) VALUES ('CRE', 'Crutches - Elbow', 365, 2.50);
 
 
 
/*Equipment*/
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WC99800', 'WCE', '2017-02-01', '2017-03-01', 'Excellent', 'Australia');
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WC99801', 'WCE', '2017-03-01', '2017-04-01', 'Good', 'Australia');
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WC99802', 'WCE', '2017-03-01', '2017-03-02', 'Good', 'China');
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WS99800', 'WCS', '2016-02-01', '2017-04-01', 'Good', 'USA');
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WS99803', 'WCS', '2016-08-01', '2017-01-04', 'Good', 'China');
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('WS99804', 'WF3', '2016-11-01', '2017-04-01', 'Excellent', 'Australia');
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('BF99800', 'WF3', '2016-11-01', '2017-01-21', 'Excellent', 'Australia');
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('BF99802', 'WF3', '2016-02-01', '2016-04-01', 'Some wear', 'France');
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('BF99803', 'SCL', '2017-02-01', '2017-04-01', 'Some wear', 'Australia');
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('CR99800', 'CRL', '2016-10-01', '2017-04-01', 'Some wear', 'China');
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('CR99802', 'CRL', '2016-10-01', '2016-11-01', 'OK', 'Australia');
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('CE99801', 'CRE', '2017-10-01', '2017-04-01', 'OK', 'France');
INSERT INTO Equipment (serialNo, eType, purchased, lastChecked, equipCondition, countryMade) VALUES ('CE99802', 'CRE', '2017-10-01', '2017-04-01','Excellent', 'Australia');
 
 
/*Hire*/
INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 1, 'WC99800', '2017-04-01', '2017-05-01');
INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 1, 'CR99800', '2017-05-01', '2017-05-01');
INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 2, 'WC99800', '2017-04-01', '2017-04-04');
INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 3, 'BF99800', '2017-04-01', NULL);
INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 5, 'WC99800', '2017-05-01', NULL);
INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 5, 'CE99802', '2017-05-01', NULL);
INSERT INTO Hire (hireID, patID, serialNo, dateHired, dateReturned) VALUES (NULL, 5, 'BF99803', '2017-05-01', NULL);
 
 
 
/*Payment*/
INSERT INTO Payment (amount, paymentDate, method, hireID) VALUES (150.00, '2017-05-01', 'Credit Card', 1);
INSERT INTO Payment (amount, paymentDate, method, hireID) VALUES (150.00, '2017-05-01', 'Credit Card', 2);
INSERT INTO Payment (amount, paymentDate, method, hireID) VALUES (25.00, '2017-04-04', 'EFTPOS', 3);
 
/* For Testing */
SELECT * FROM Staff;
SELECT * FROM Patient;
SELECT * FROM Equipment;
SELECT * FROM EquipmentType;
SELECT * FROM Hire;
SELECT * FROM Payment;
 
 
 
 
 
 
  • Upvote 1
Link to comment
Share on other sites

Working it backwards, you'd get that error message only if both of these conditions are false:

 if((isset($_GET['empID'])) && (is_numeric($_GET['empID']))) {
} elseif((isset($_POST['empID'])) && (is_numeric($_POST['empID']))) {

If this is a GET request, confirm that a numeric empID is passed in the URL. If this is a POST request, confirm that a numeric empID is passed with other form data (presumably by looking at the source that's POSTing or just dumping $_POST out in the update page).

Link to comment
Share on other sites

 Share

×
×
  • Create New...