Jump to content
Larry Ullman's Book Forums

edit_user.php script, chapter 10


Recommended Posts

Hi Larry,

  First up, great book, I'm really enjoying working through it.

I'm having an issue with editing a user as per chapter 10, code below;

<?php

echo '<h1>Edit a User</h1>';


if ((isset($_GET['id'])) && (is_numeric($_GET['id']))) {
  $id = $_GET['id'];
} elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) {
  $id = $_POST['id'];
} else { # no valid id, kill the script
  echo '<p>Yo this page has been accessed in error</p>';
  exit();
}

require("connect.php");

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

  $errors = [];

    # check for first name
    if (empty($_POST['first'])) {
      $errors[] = 'You forgot to enter your first name';
    } else {
      $fn = mysqli_real_escape_string($conn, trim($_POST['first']));
    }

    #check for last name
    if (empty($_POST['last'])) {
      $errors[] = 'You forgot to enter your last name';
    } else {
      $ln = mysqli_real_escape_string($conn, trim($_POST['last']));
    }

    # check for email address
    if (empty($_POST['email'])) {
      $errors[] = 'You forgot to enter your email address';
    } else {
      $e = mysqli_real_escape_string($conn, trim($_POST['email']));
    }

    # check for errors, then if everything is ok proceed
    if (empty($errors)) {

      #test for unique email address
      $query = "SELECT id FROM users WHERE email='$e' AND id != $id";
      $result = @mysqli_query($conn, $query);

      if (mysqli_num_rows($result) == 0) {
        # make the query
        $query = "UPDATE users SET first='$fn', last='$ln', email='$e'
        WHERE id=$id LIMIT 1";
        $result = @mysqli_query($conn, $query);

        if (mysqli_affected_rows($conn) == 1) { // if it ran fine

          # print a message
          echo '<p>The User has been edited.</p>';
        } else {
          #print an error message
          echo '<p>The User could not be edited, sorry.</p>';
          echo '<p>' . mysqli_error($conn) . '<br>Query: ' . $query . '</p>';
        }

      } else {
        # the email address has already been registered
        echo '<p>The email address has already been registered.</p>';
      }


    } else {
      #report the errors
      echo '<p>The following error(s) occurred: <br>';
      foreach ($errors as $msg) {
        echo " - $msg<br>\n";
      }
      echo '</p><p>Please try again</p>';

    } # end of IF conditional

} # end of submit conditionals

# show the form

#retrieve user information
$query = "SELECT first, last, email FROM users WHERE id=$id";
$result = mysqli_query($conn, $query);

if (mysqli_num_rows($result) == 1) {

  #user ID is valid, show form

  # get user information
  $row = mysqli_fetch_array($result, MYSQLI_NUM);

  #create the form
  echo '<form action="edit_user.php" method="post">
    <p>First Name: <input type="text" name="first" size="15" maxlength="15"
      value=" '. $row[0] .' "></p>
    <p>Last Name: <input type="text" name="last" size="15" maxlength="30"
      value=" '. $row[1] .' "></p>
    <p>Email Address: <input type="email" name="email" size="20" maxlength="60"
      value=" '. $row[2] .' "></p>
    <p><input type="submit" name="submit" value="Submit"></p>
    <input type="hidden" name="id" value=" '. $id .' ">
    </form>';

} else {

  # not a valid user
  echo '<p>Hey this page has been accessed in error!</p>';

}

mysqli_close($conn);


 ?>

I'm getting the error from the GET/POST conditional in the beginning where the $id variable is set (as in the exit() function runs and $id is not set). I can see from running through the links from view_users.php to the edit_users.php page that the GET request is showing the user id in the address bar, and if I echo $id after the first conditional I get the id for the user. Additionally when I access edit_users.php the sticky forms are prefilled with the user data, so something somewhere is working. I just wanted to check that I hadn't made a syntax error or mislabeled something somewhere that I can't see that might lead to this error.

 

Link to comment
Share on other sites

On 5/2/2020 at 10:37 AM, Larry said:

I am not seeing any obvious problem and it sounds like you've done all the due diligence. You're saying the page, when it loads, is edit_user.php?id=1 or whatever?

Larry, that is correct. Thanks for checking, I'll keep at it!

Link to comment
Share on other sites

8 hours ago, Larry said:

And if you change your script to begin


<?php
echo $_GET['id'];
exit;

It would output 1?

Yep, as long as I navigate to the page using the edit link from view_users.php. Otherwise opening that page directly I imagine there is nothing to "get" yet.

Link to comment
Share on other sites

Ah, okay. So you're only having this problem when you click submit to update the information? If so, I think that's because of the extra spaces around the stored value here:

 value=" '. $id .' "

If you look at the HTML source of the page you should see the value stored as " 1 ". I wouldn't think that would cause this problem but I suspect it is. 

Link to comment
Share on other sites

On 5/7/2020 at 10:24 AM, Larry said:

Ah, okay. So you're only having this problem when you click submit to update the information? If so, I think that's because of the extra spaces around the stored value here:


 value=" '. $id .' "

If you look at the HTML source of the page you should see the value stored as " 1 ". I wouldn't think that would cause this problem but I suspect it is. 

Larry, you're completely correct. I thought the whitespace would be ignored, so just added those to make it more readable for me, but there you go. Thank you very much for following up!

Link to comment
Share on other sites

 Share

×
×
  • Create New...