Jump to content
Larry Ullman's Book Forums

Chapter 13 Edit_Quotes.php & Delete_Quote.php


Recommended Posts

I'm working with the last chapter in book trying to put it all together but, the edit quotes.php and delete quotes.php, gives me this error below.

"This page has been accessed in error."  

 

I made sure that I'm logged in using the me@example.com and testpass password and even checked my scripts with yours I think everything lined up. Can you please help?

 

Edit_quotes.php Script 

 

 

<?php // Script 13.9 - edit_quote.php
/* This script edits a quote. */
// Define a page title and include the header:
define('TITLE', 'Edit a Quote');
include('templates/header.html');
print '<h2>Edit a Quotation</h2>';
// Restrict access to administators only:
if (!is_administrator()) {
 print '<h2>Access Denied!</h2><p class="error">You do not have permission to access this page.</p>';
 include('templates/footer.html');
 exit();
}
// Need the database connection:
include('../mysqli_connect.php');
if (isset($_GET['id']) && is_numeric($_GET['id']) && ($_GET['id'] > 0) ) { // Display the entry in a form:
 // Define the query.
 $query = "SELECT quote, source, favorite FROM quotes WHERE id={$_GET['id']}";
 if ($result = mysqli_query($dbc, $query)) { // Run the query.
 $row = mysqli_fetch_array($result); // Retrieve the information.
 
  // Make the form:
  print '<form action="edit_quote.php" method="post">
   <p><label>Quote <textarea name="quote" rows="5" cols="30">' . htmlentities($row['quote']) . '</textarea></label></p>
   <p><label>Source <input type="text" name="source"value="' . htmlentities($row['source']) . '"></label></p>
   <p><label>Is this a favorite? <input type="checkbox" name="favorite" value="yes"';
  // Check the box if it is a favorite:
  if ($row['favorite'] == 1) {
   print ' checked="checked"';
  }
  // Complete the form:
  print '></label></p>
   <input type="hidden" name="id" value="' . $_GET['id'] . '">
   <p><input type="submit" name="submit" value="Update This Quote!"></p>
 </form>';
 } else { // Couldn't get the information.
  print '<p class="error">Could not retrieve the quotation because:<br>' . mysqli_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
 }
} elseif (isset($_POST['id']) && is_numeric($_POST['id']) && ($_POST['id'] > 0)) { // Handle the form.
 // Validate and secure the form data:
 $problem = FALSE;
 if ( !empty($_POST['quote']) && !empty($_POST['source']) ) {
  // Prepare the values for storing:
  $quote = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['quote'])));
  $source = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['source'])));
  // Create the "favorite" value:
  if (isset($_POST['favorite'])) {
   $favorite = 1;
  } else {
   $favorite = 0;
  }
 } else {
  print '<p class="error">Please submit both a quotation and a source.</p>';
  $problem = TRUE;
 }
 if (!$problem) {
  // Define the query.
  $query = "UPDATE quotes SET quote='$quote', source='$source', favorite=$favorite WHERE id={$_POST['id']}";
  if ($result = mysqli_query($dbc, $query)) {
   print '<p>The quotation has been updated.</p>';
  } else {
   print '<p class="error">Could not update the quotation because:<br>' . mysqli_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
  }
 } // No problem!
} else { // No ID set.
 print '<p class="error">This page has been accessed in error.</p>';
} // End of main IF.
mysqli_close($dbc); // Close the connection.
include('templates/footer.html'); // Include the footer.
?>

 

Delete_quotes.php Script 

 

 

<?php // Script 13.10 - delete_quote.php
/* This script deletes a quote. */
// Define a page title and include the header:
define('TITLE', 'Delete a Quote');
include('templates/header.html');
print '<h2>Delete a Quotation</h2>';
// Restrict access to administrators only:
if (!is_administrator()) {
 print '<h2>Access Denied!</h2><p class="error">You do not have permission to access this page.</p>';
 include('templates/footer.html');
 exit();
}
// Need the database connection:
include('../mysqli_connect.php');
if (isset($_GET['id']) && is_numeric($_GET['id']) && ($_GET['id'] > 0) ) { // Display the quote in a form:
 // Define the query:
 $query = "SELECT quote, source, favorite FROM quotes WHERE id={$_GET['id']}";
 if ($result = mysqli_query($dbc, $query)) { // Run the query.
  $row = mysqli_fetch_array($result); // Retrieve the information.
  // Make the form:
  print '<form action="delete_quote.php" method="post">
  <p>Are you sure you want to delete this quote?</p>
  <div><blockquote>' . $row['quote'] . '</blockquote>- ' . $row['source'];
  // Is this a favorite?
  if ($row['favorite'] == 1) {
   print ' <strong>Favorite!</strong>';
  }
  print '</div><br><input type="hidden" name="id" value="' . $_GET['id'] . '">
  <p><input type="submit" name="submit" value="Delete this Quote!"></p>
  </form>';
 } else { // Couldn't get the information.
  print '<p class="error">Could not retrieve the quote because:<br>' . mysqli_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
 }
} elseif (isset($_POST['id']) && is_numeric($_POST['id']) && ($_POST['id'] > 0) ) { // Handle the form.
 // Define the query:
 $query = "DELETE FROM quotes WHERE id={$_POST['id']} LIMIT 1";
 $result = mysqli_query($dbc, $query); // Execute the query.
 // Report on the result:
 if (mysqli_affected_rows($dbc) == 1) {
  print '<p>The quote entry has been deleted.</p>';
 } else {
  print '<p class="error">Could not delete the blog entry because:<br>' . mysqli_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
 }
} else { // No ID received.
 print '<p class="error">This page has been accessed in error.</p>';
} // End of main IF.
mysqli_close($dbc); // Close the connection.
include('templates/footer.html');
?>

 

 

 

Link to comment
Share on other sites

  • 2 weeks later...

Okay, if you're getting that error it means no ID was set or received. I assume you're seeing this on the first access of the page? If so, then you're presumably not properly passing the ID in the URL. Check what the URL is, making sure it says ?id=X, where X is a number. 

Link to comment
Share on other sites

  • 6 months later...

Larry, I have a similar issue (I tripled check the code and it is correct).

edit_a_quote.PNG.db40b8e83d3a294a3fe6cdc5ed438e13.PNG

edit_a_quote_after_submit.PNG.af6b9fac273206caf0060507a61b30d7.PNG

when I choose a quote from the "View All Quotes" site I get a correct load, id is displayed in the URL and I can edit.  However, when I click "Update this quote!" I get the access error message.  I can send the code if you need it, but what else should I check?

 

Link to comment
Share on other sites

  • 3 weeks later...
On 3/20/2018 at 10:48 PM, einthetheory said:

I'm working with the last chapter in book trying to put it all together but, the edit quotes.php and delete quotes.php, gives me this error below.

"This page has been accessed in error."  

 

I made sure that I'm logged in using the me@example.com and testpass password and even checked my scripts with yours I think everything lined up. Can you please help?

 

Edit_quotes.php Script 

 

 


<?php // Script 13.9 - edit_quote.php
/* This script edits a quote. */
// Define a page title and include the header:
define('TITLE', 'Edit a Quote');
include('templates/header.html');
print '<h2>Edit a Quotation</h2>';
// Restrict access to administators only:
if (!is_administrator()) {
 print '<h2>Access Denied!</h2><p class="error">You do not have permission to access this page.</p>';
 include('templates/footer.html');
 exit();
}
// Need the database connection:
include('../mysqli_connect.php');
if (isset($_GET['id']) && is_numeric($_GET['id']) && ($_GET['id'] > 0) ) { // Display the entry in a form:
 // Define the query.
 $query = "SELECT quote, source, favorite FROM quotes WHERE id={$_GET['id']}";
 if ($result = mysqli_query($dbc, $query)) { // Run the query.
 $row = mysqli_fetch_array($result); // Retrieve the information.

  // Make the form:
  print '<form action="edit_quote.php" method="post">
   <p><label>Quote <textarea name="quote" rows="5" cols="30">' . htmlentities($row['quote']) . '</textarea></label></p>
   <p><label>Source <input type="text" name="source"value="' . htmlentities($row['source']) . '"></label></p>
   <p><label>Is this a favorite? <input type="checkbox" name="favorite" value="yes"';
  // Check the box if it is a favorite:
  if ($row['favorite'] == 1) {
   print ' checked="checked"';
  }
  // Complete the form:
  print '></label></p>
   <input type="hidden" name="id" value="' . $_GET['id'] . '">
   <p><input type="submit" name="submit" value="Update This Quote!"></p>
 </form>';
 } else { // Couldn't get the information.
  print '<p class="error">Could not retrieve the quotation because:<br>' . mysqli_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
 }
} elseif (isset($_POST['id']) && is_numeric($_POST['id']) && ($_POST['id'] > 0)) { // Handle the form.
 // Validate and secure the form data:
 $problem = FALSE;
 if ( !empty($_POST['quote']) && !empty($_POST['source']) ) {
  // Prepare the values for storing:
  $quote = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['quote'])));
  $source = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['source'])));
  // Create the "favorite" value:
  if (isset($_POST['favorite'])) {
   $favorite = 1;
  } else {
   $favorite = 0;
  }
 } else {
  print '<p class="error">Please submit both a quotation and a source.</p>';
  $problem = TRUE;
 }
 if (!$problem) {
  // Define the query.
  $query = "UPDATE quotes SET quote='$quote', source='$source', favorite=$favorite WHERE id={$_POST['id']}";
  if ($result = mysqli_query($dbc, $query)) {
   print '<p>The quotation has been updated.</p>';
  } else {
   print '<p class="error">Could not update the quotation because:<br>' . mysqli_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
  }
 } // No problem!
} else { // No ID set.
 print '<p class="error">This page has been accessed in error.</p>';
} // End of main IF.
mysqli_close($dbc); // Close the connection.
include('templates/footer.html'); // Include the footer.
?>

 

 

Delete_quotes.php Script 


 



<?php // Script 13.10 - delete_quote.php
/* This script deletes a quote. */
// Define a page title and include the header:
define('TITLE', 'Delete a Quote');
include('templates/header.html');
print '<h2>Delete a Quotation</h2>';
// Restrict access to administrators only:
if (!is_administrator()) {
 print '<h2>Access Denied!</h2><p class="error">You do not have permission to access this page.</p>';
 include('templates/footer.html');
 exit();
}
// Need the database connection:
include('../mysqli_connect.php');
if (isset($_GET['id']) && is_numeric($_GET['id']) && ($_GET['id'] > 0) ) { // Display the quote in a form:
 // Define the query:
 $query = "SELECT quote, source, favorite FROM quotes WHERE id={$_GET['id']}";
 if ($result = mysqli_query($dbc, $query)) { // Run the query.
  $row = mysqli_fetch_array($result); // Retrieve the information.
  // Make the form:
  print '<form action="delete_quote.php" method="post">
  <p>Are you sure you want to delete this quote?</p>
  <div><blockquote>' . $row['quote'] . '</blockquote>- ' . $row['source'];
  // Is this a favorite?
  if ($row['favorite'] == 1) {
   print ' <strong>Favorite!</strong>';
  }
  print '</div><br><input type="hidden" name="id" value="' . $_GET['id'] . '">
  <p><input type="submit" name="submit" value="Delete this Quote!"></p>
  </form>';
 } else { // Couldn't get the information.
  print '<p class="error">Could not retrieve the quote because:<br>' . mysqli_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
 }
} elseif (isset($_POST['id']) && is_numeric($_POST['id']) && ($_POST['id'] > 0) ) { // Handle the form.
 // Define the query:
 $query = "DELETE FROM quotes WHERE id={$_POST['id']} LIMIT 1";
 $result = mysqli_query($dbc, $query); // Execute the query.
 // Report on the result:
 if (mysqli_affected_rows($dbc) == 1) {
  print '<p>The quote entry has been deleted.</p>';
 } else {
  print '<p class="error">Could not delete the blog entry because:<br>' . mysqli_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
 }
} else { // No ID received.
 print '<p class="error">This page has been accessed in error.</p>';
} // End of main IF.
mysqli_close($dbc); // Close the connection.
include('templates/footer.html');
?>

I reformatted OP's code so its easier for everyone else to read

On 3/20/2018 at 10:48 PM, einthetheory said:

 

 

Link to comment
Share on other sites

 Share

×
×
  • Create New...