Jump to content
Larry Ullman's Book Forums

Using Hidden Form Inputs Scripts 10.1 and 10.2 - Issues passing the id from the 2 files


Recommended Posts

 Hello all,

 I'm having an issue w/ Script 10.2, wherein I keep getting errors from the first part of the script, wherein you check for a valid ID via GET or POST. Basically, I've read online and most people suggest sessions, which is covered later in the book. I've read some past forums on this site, and I don't think there's an issue w/ the database, as I can add/update password, and view the database entries on the browser. For reference, I'm using PHP 7.4.12.

 

In the browser, I can see the URL when I get to the error page, and the URL is displaying "?=57" or whatever each entry's user_id is. I've also tried to change the ['id']'s in the first if/else argument to ['user_id'], to see if they needed to match the column name in mySQL, but to no avail -- I still get the error message, and the same thing happened when I ran the PHP file from the book's website.

When I do this exercise, I've ran it comparing it to Ullman's php file, and am not able to see what I'm doing wrong. Also, I've downloaded the book's php file for this script, and connected it to the view_users.php on my server, but I get the same error message:

"This page has been accessed in error."

My code looks like this:

<?php #Script 10.2 - delete_user.php 

$page_title = 'Delete a User';
include('/Applications/MAMP/htdocs/Chapter 9/includes/header.html');

echo '<h1 style="margin: 100px">Delete a User</h1>';

if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ){
    //from view_users.php 
    $id = $_GET['id'];

} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ){
//Form submission
        $id = $_POST['id'];
} else {
       //no valid ID, kill the script
       echo '<p class="error" style="margin: 100px">Jello This page has been accessed in error.</p>';

       include('/Applications/MAMP/htdocs/Chapter 9/includes/footer.html');

       exit();

    
}

require('../mysqli_connect.php');
    //check if for has been submitted

if ($_SERVER['REQUEST_METHOD'] == 'POST'){
        if ($_POST['sure'] == 'Yes'){ //delete the record
            //making a query
            $q = "DELETE FROM users WHERE user_id=$id LIMIT 1";
            $r = mysqli_query($dbc, $q);
            if (mysqli_affected_rows($dbc) == 1){//if it ran okay
            
                //print a message
                echo '<p style="margin: 100px">The user has been deleted.</p>';
            } else {//if query did not run okay
                echo '<p class="error" style="margin: 100px">The user could not be deleted due to a system error.</p>';
                //public message
                echo '<p>' . mysqli_error($dbc) . '<br>Query: ' . $q . '</p>'; //debug message
            }
            
        } else {//no confirmation or deletion
            echo '<p>The user has NOT been deleted.</p>';
        }

} else { //show the form

    //retreive the user's info"
    $q = "SELECT CONCAT(last_name, ', ', first_name) FROM users WHERE user_id=$id";
    $r = mysqli_query($dbc, $q);

    if (mysqli_num_rows($r) == 1) { //valid user ID, show the form
    
        //get user's information
        $row = mysqli_fetch_array($r, MYSQLI_NUM);

        //display the record being deleted
        echo "<h3>Name: $row[0]</h3>
        Are you sure you want to delete this user?";

        //create the form:
        echo '<form action="delete_user.php" method="post">
        <input type="radio" name="sure" value="Yes"> Yes
        <input type="radio" name="sure" value="No" checked="checked"> No
        <input type="submit" name="submit" value="Submit" >
        <input type="hidden" name="id" value="' . $id . '">
        </form>';
        
    } else { //not a valid user ID
        echo '<p class="error" style="margin: 100px">Hello This page has been accessed in error.</p>';
    }

} //end of main submit conditional

mysqli_close($dbc);

include('/Applications/MAMP/htdocs/Chapter 9/includes/footer.html');
?>

A quick note, I've commented out the exit() command in the first if/else argument, to see if that would change anything, and I get these errors:

Quote

Jello This page has been accessed in error.

Notice: Undefined variable: id in /Applications/MAMP/htdocs/Chapter 9/delete_user.php on line 51

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, bool given in /Applications/MAMP/htdocs/Chapter 9/delete_user.php on line 54
Hello This page has been accessed in error.

'Jello this page has been accessed in error.' is my message for the error in the first if/else statement

I'm guessing the undefined variable on line 51 is caused because the first if/else statement not passing the id from view_users.php, same thing with error on line 54.

What is interesting is you'll see the 'Hello this page has been accessed in error.' message, which is generated by the last if/else statement, generated after mysqli_fetch_array and entering the HTML for the form. I'm guessing this is related to some other error I have in the code. Also to note, that when I run Ullman's .php, this 'hello this page...' error does not appear in the browser.

Since this whole thing depends on the view_users.php, I'll include that code below:

<?php #Script 9.4 - view_users.php 

$page_title = 'View the Current Users';

include('/Applications/MAMP/htdocs/Chapter 9/includes/header.html');

echo '<h1 style="margin-top: 100px;">Registered Users</h1>';

require('../mysqli_connect.php');
$q = "SELECT last_name, first_name, DATE_FORMAT(registration_date, '%M, %d, %Y') AS dr, user_id FROM users ORDER BY registration_date ASC";
$r = @mysqli_query ($dbc, $q);

$num = mysqli_num_rows($r);

if ($num > 0) {

    echo "<p>There are currently $num registered users.</p>\n";

    echo '<table width = "60%">
    <thead>
        <tr>
            <th align="left"><strong>Edit</strong></th>
            <th align="left"><strong>Delete</strong></th>
            <th align="left"><strong>Last Name</strong></th>
            <th align="left"><strong>First Name</strong></th>
            <th align="left"><strong>Date Registered</strong></th>
        </tr>
    </thead>
    <tbody>';

    while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
        echo '<tr>
            <td align="left"><a href=edit_user.php?id=' . $row['user_id'] . '">Edit</a></td>
            <td align="left"><a href=delete_user.php?id=' . $row['user_id'] . '">Delete</a></td>
            <td align="left">' . $row['last_name'] . '</td>
            <td align="left">' . $row['first_name'] . '</td>
            <td align="left">' . $row['dr'] . '</td>
        </tr>
        ';
    }

   
    echo '</tbody></table>';

    mysqli_free_result($r);

} else {

    //Public message
    echo '<p class="error">There are currently no registered users.</p>';

    //Debuging message
    echo '<p>' . mysqli_error($dbc) . '<br><br>Query: ' . $q . '</p>';
} // End of ($r) IF

mysqli_close($dbc); //close db connection

include('/Applications/MAMP/htdocs/Chapter 9/includes/footer.html');
?>

I guess what I don't get is how the 'id' is recognized by the delete_users.php. I get how the hidden field passes the value in the URL via the <a href> in view_users.php, put shouldn't the if( (isset($_GET['id])) ) and so on's in the first if/else actually be looking for the 'user_id' value, rather than just 'id'?

I truly appreciate anyone's help on this. Maybe I just need a set of 'fresh eyes' on it. Thank you all in advance!

 

 

Link to comment
Share on other sites

You've missed the initial double quote for the href value, which could be the cause of this. 

Debugging this is pretty straightforward and you've been doing good detective work. The error you're seeing is b/c either $_GET['id'] or $_POST['id'] isn't set or isn't numeric. The first time the page is loaded is a GET request, so you can ignore the POST bit. So now you can check whether there is a *numeric* id value passed in the URL. Assuming you're testing the script/code you think you're testing, the ONLY possible explanation is that there's not $_GET['id'] or there is one but it's not numeric. 

You said that the url included "?=57", which means there's no "id" being passed. Although that may have been a typo in your post here. My hunch is the lack of an opening " in your view_users.php script means the actual URL in the browser has an extraneous closing ", making it read 

edit_user.php?id=57"

or

edit_user.php?id=57&quot;

In both cases $_GET['id'] is not numeric. 

Link to comment
Share on other sites

17 hours ago, Larry said:

You've missed the initial double quote for the href value, which could be the cause of this. 

Debugging this is pretty straightforward and you've been doing good detective work. The error you're seeing is b/c either $_GET['id'] or $_POST['id'] isn't set or isn't numeric. The first time the page is loaded is a GET request, so you can ignore the POST bit. So now you can check whether there is a *numeric* id value passed in the URL. Assuming you're testing the script/code you think you're testing, the ONLY possible explanation is that there's not $_GET['id'] or there is one but it's not numeric. 

You said that the url included "?=57", which means there's no "id" being passed. Although that may have been a typo in your post here. My hunch is the lack of an opening " in your view_users.php script means the actual URL in the browser has an extraneous closing ", making it read 


edit_user.php?id=57"

or


edit_user.php?id=57&quot;

In both cases $_GET['id'] is not numeric. 

Thanks Larry, that fixed it, by adding the opening quotation mark, it worked as intended. It's weird because learning the new concepts/syntax of php doesn't seem to be causing me problems, but like every time I hit a roadblock it's like bad HTML or something basic like having the wrong link set up. Anyway, I appreciate your help on this.

Perhaps you could clarify for me, or point me to the right resource: I don't understand how the delete_users.php actually knows the 'id' value is the same entered for the user_id from the DB.

<a href="delete_user.php?id=' . $row['user_id'] . '">Delete</a></td>

Does the '?id=' in the a href itself work as assigning the the 'user_id' to the 'id' value? Unless I'm missing something, everywhere else in view_users and delete_users references the 'user_id', as does the db. I guess I don't see why we'd use $_GET['id'] instead of $_GET['user_id']?

Again, thanks for your help on this!

 

Link to comment
Share on other sites

Oh, ah, sorry for confusion! You could name it anything in the URL; it could be "chuck=57". It's the PHP code that then uses this value and knows what to do with it (i.e., you the programmer make the correct association). It's not a big deal in this case but generally you don't want to reveal database details publicly. Hence, "id" is ever marginally more generic than using "user_id". 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...