American_Buddy Posted February 27, 2021 Share Posted February 27, 2021 Hello all, I'm having an issue w/ Script 10.2, wherein I keep getting errors from the first part of the script, whereing you check for a valid ID via GET or POST. Basically, I' Link to comment Share on other sites More sharing options...
American_Buddy Posted February 27, 2021 Author Share Posted February 27, 2021 Hello all, I'm having an issue w/ Script 10.2, wherein I keep getting errors from the first part of the script, wherein you check for a valid ID via GET or POST. Basically, I've read online and most people suggest sessions, which is covered later in the book. I've read some past forums on this site, and I don't think there's an issue w/ the database, as I can add/update password, and view the database entries on the browser. For reference, I'm using PHP 7.4.12. In the browser, I can see the URL when I get to the error page, and the URL is displaying "?=57" or whatever each entry's user_id is. I've also tried to change the ['id']'s in the first if/else argument to ['user_id'], to see if they needed to match the column name in mySQL, but to no avail -- I still get the error message, and the same thing happened when I ran the PHP file from the book's website. When I do this exercise, I've ran it comparing it to Ullman's php file, and am not able to see what I'm doing wrong. Also, I've downloaded the book's php file for this script, and connected it to the view_users.php on my server, but I get the same error message: "This page has been accessed in error." My code looks like this: <?php #Script 10.2 - delete_user.php $page_title = 'Delete a User'; include('/Applications/MAMP/htdocs/Chapter 9/includes/header.html'); echo '<h1 style="margin: 100px">Delete a User</h1>'; if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ){ //from view_users.php $id = $_GET['id']; } elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ){ //Form submission $id = $_POST['id']; } else { //no valid ID, kill the script echo '<p class="error" style="margin: 100px">Jello This page has been accessed in error.</p>'; include('/Applications/MAMP/htdocs/Chapter 9/includes/footer.html'); exit(); } require('../mysqli_connect.php'); //check if for has been submitted if ($_SERVER['REQUEST_METHOD'] == 'POST'){ if ($_POST['sure'] == 'Yes'){ //delete the record //making a query $q = "DELETE FROM users WHERE user_id=$id LIMIT 1"; $r = mysqli_query($dbc, $q); if (mysqli_affected_rows($dbc) == 1){//if it ran okay //print a message echo '<p style="margin: 100px">The user has been deleted.</p>'; } else {//if query did not run okay echo '<p class="error" style="margin: 100px">The user could not be deleted due to a system error.</p>'; //public message echo '<p>' . mysqli_error($dbc) . '<br>Query: ' . $q . '</p>'; //debug message } } else {//no confirmation or deletion echo '<p>The user has NOT been deleted.</p>'; } } else { //show the form //retreive the user's info" $q = "SELECT CONCAT(last_name, ', ', first_name) FROM users WHERE user_id=$id"; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) == 1) { //valid user ID, show the form //get user's information $row = mysqli_fetch_array($r, MYSQLI_NUM); //display the record being deleted echo "<h3>Name: $row[0]</h3> Are you sure you want to delete this user?"; //create the form: echo '<form action="delete_user.php" method="post"> <input type="radio" name="sure" value="Yes"> Yes <input type="radio" name="sure" value="No" checked="checked"> No <input type="submit" name="submit" value="Submit" > <input type="hidden" name="id" value="' . $id . '"> </form>'; } else { //not a valid user ID echo '<p class="error" style="margin: 100px">Hello This page has been accessed in error.</p>'; } } //end of main submit conditional mysqli_close($dbc); include('/Applications/MAMP/htdocs/Chapter 9/includes/footer.html'); ?> A quick note, I've commented out the exit() command in the first if/else argument, to see if that would change anything, and I get these errors: Quote Jello This page has been accessed in error. Notice: Undefined variable: id in /Applications/MAMP/htdocs/Chapter 9/delete_user.php on line 51 Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, bool given in /Applications/MAMP/htdocs/Chapter 9/delete_user.php on line 54 Hello This page has been accessed in error. 'Jello this page has been accessed in error.' is my message for the error in the first if/else statement I'm guessing the undefined variable on line 51 is caused because the first if/else statement not passing the id from view_users.php, same thing with error on line 54. What is interesting is you'll see the 'Hello this page has been accessed in error.' message, which is generated by the last if/else statement, generated after mysqli_fetch_array and entering the HTML for the form. I'm guessing this is related to some other error I have in the code. Also to note, that when I run Ullman's .php, this 'hello this page...' error does not appear in the browser. Since this whole thing depends on the view_users.php, I'll include that code below: <?php #Script 9.4 - view_users.php $page_title = 'View the Current Users'; include('/Applications/MAMP/htdocs/Chapter 9/includes/header.html'); echo '<h1 style="margin-top: 100px;">Registered Users</h1>'; require('../mysqli_connect.php'); $q = "SELECT last_name, first_name, DATE_FORMAT(registration_date, '%M, %d, %Y') AS dr, user_id FROM users ORDER BY registration_date ASC"; $r = @mysqli_query ($dbc, $q); $num = mysqli_num_rows($r); if ($num > 0) { echo "<p>There are currently $num registered users.</p>\n"; echo '<table width = "60%"> <thead> <tr> <th align="left"><strong>Edit</strong></th> <th align="left"><strong>Delete</strong></th> <th align="left"><strong>Last Name</strong></th> <th align="left"><strong>First Name</strong></th> <th align="left"><strong>Date Registered</strong></th> </tr> </thead> <tbody>'; while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { echo '<tr> <td align="left"><a href=edit_user.php?id=' . $row['user_id'] . '">Edit</a></td> <td align="left"><a href=delete_user.php?id=' . $row['user_id'] . '">Delete</a></td> <td align="left">' . $row['last_name'] . '</td> <td align="left">' . $row['first_name'] . '</td> <td align="left">' . $row['dr'] . '</td> </tr> '; } echo '</tbody></table>'; mysqli_free_result($r); } else { //Public message echo '<p class="error">There are currently no registered users.</p>'; //Debuging message echo '<p>' . mysqli_error($dbc) . '<br><br>Query: ' . $q . '</p>'; } // End of ($r) IF mysqli_close($dbc); //close db connection include('/Applications/MAMP/htdocs/Chapter 9/includes/footer.html'); ?> I guess what I don't get is how the 'id' is recognized by the delete_users.php. I get how the hidden field passes the value in the URL via the <a href> in view_users.php, put shouldn't the if( (isset($_GET['id])) ) and so on's in the first if/else actually be looking for the 'user_id' value, rather than just 'id'? I truly appreciate anyone's help on this. Maybe I just need a set of 'fresh eyes' on it. Thank you all in advance! Link to comment Share on other sites More sharing options...
Larry Posted February 28, 2021 Share Posted February 28, 2021 You've missed the initial double quote for the href value, which could be the cause of this. Debugging this is pretty straightforward and you've been doing good detective work. The error you're seeing is b/c either $_GET['id'] or $_POST['id'] isn't set or isn't numeric. The first time the page is loaded is a GET request, so you can ignore the POST bit. So now you can check whether there is a *numeric* id value passed in the URL. Assuming you're testing the script/code you think you're testing, the ONLY possible explanation is that there's not $_GET['id'] or there is one but it's not numeric. You said that the url included "?=57", which means there's no "id" being passed. Although that may have been a typo in your post here. My hunch is the lack of an opening " in your view_users.php script means the actual URL in the browser has an extraneous closing ", making it read edit_user.php?id=57" or edit_user.php?id=57" In both cases $_GET['id'] is not numeric. Link to comment Share on other sites More sharing options...
American_Buddy Posted March 1, 2021 Author Share Posted March 1, 2021 17 hours ago, Larry said: You've missed the initial double quote for the href value, which could be the cause of this. Debugging this is pretty straightforward and you've been doing good detective work. The error you're seeing is b/c either $_GET['id'] or $_POST['id'] isn't set or isn't numeric. The first time the page is loaded is a GET request, so you can ignore the POST bit. So now you can check whether there is a *numeric* id value passed in the URL. Assuming you're testing the script/code you think you're testing, the ONLY possible explanation is that there's not $_GET['id'] or there is one but it's not numeric. You said that the url included "?=57", which means there's no "id" being passed. Although that may have been a typo in your post here. My hunch is the lack of an opening " in your view_users.php script means the actual URL in the browser has an extraneous closing ", making it read edit_user.php?id=57" or edit_user.php?id=57" In both cases $_GET['id'] is not numeric. Thanks Larry, that fixed it, by adding the opening quotation mark, it worked as intended. It's weird because learning the new concepts/syntax of php doesn't seem to be causing me problems, but like every time I hit a roadblock it's like bad HTML or something basic like having the wrong link set up. Anyway, I appreciate your help on this. Perhaps you could clarify for me, or point me to the right resource: I don't understand how the delete_users.php actually knows the 'id' value is the same entered for the user_id from the DB. <a href="delete_user.php?id=' . $row['user_id'] . '">Delete</a></td> Does the '?id=' in the a href itself work as assigning the the 'user_id' to the 'id' value? Unless I'm missing something, everywhere else in view_users and delete_users references the 'user_id', as does the db. I guess I don't see why we'd use $_GET['id'] instead of $_GET['user_id']? Again, thanks for your help on this! Link to comment Share on other sites More sharing options...
Larry Posted March 1, 2021 Share Posted March 1, 2021 Oh, ah, sorry for confusion! You could name it anything in the URL; it could be "chuck=57". It's the PHP code that then uses this value and knows what to do with it (i.e., you the programmer make the correct association). It's not a big deal in this case but generally you don't want to reveal database details publicly. Hence, "id" is ever marginally more generic than using "user_id". Link to comment Share on other sites More sharing options...
American_Buddy Posted March 1, 2021 Author Share Posted March 1, 2021 Okay, that makes sense, I was just confused how exactly the scripts were able to pick up on using the 'id' but I think you explained it well. Again, I appreciate you taking your time to help me solve this issue -- thanks again! Link to comment Share on other sites More sharing options...
Recommended Posts