Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    New Coder
    Join Date
    Sep 2016
    Posts
    85
    Thanks
    16
    Thanked 0 Times in 0 Posts

    troubleshooting and my brain is shutting down...

    It's telling me line 48 or 58 is what's wrong but I'm not seeing anything and I've been staring at it for two hours. I can't find the issue. Any help is MUCH appreciated... thank you so much!

    The page does load, but on clicking submit, it gives me a mysqli error message.

    PHP Code:
    <?php
    session_start
    ();

    include(
    "connect-db.php");
    include(
    "header.php");
    ?>
    <!DOCTYPE html>
        <html>
        
        <head>
            <meta charset="UTF-8">
            <title>Update Appointment</title>
            <link rel="stylesheet" href="hotash.css">
        </head>
        
        <body>
            <?php
            
            $userID 
    $firstName $lastName $username $password $email $address $city $state $zip $creditcard "";
            if(
    $_SERVER["REQUEST_METHOD"] == "POST") {
                
    $userID $_POST['userID'];
                
    $firstName $_POST['firstName'];
                
    $lastName $_POST['lastName'];
                
    $username $_POST['username'];
                
    $password $_POST['password'];
                
    $email $_POST['email'];
                
    $address $_POST['address'];
                
    $city $_POST['city'];
                
    $state $_POST['state'];
                
    $zip $_POST['zip'];
                
    $creditcard $_POST['creditcard'];
                
                
    $update "UPDATE users SET firstName=$firstName, lastName=$lastName, username=$username, password=$password,
                    email=
    $email, address=$address, city=$city, state=$state, zip=$zip, creditcard=$creditcard
                WHERE userID=
    $userID;";
            
                if(
    mysqli_query($conn$update))
                {
                    echo 
    "Account updated successfully.";
                } else {
                    echo 
    "Error updating account: " mysqli_error($conn);
                }
            }
            
    ?>
            
            <?php
            
            $userID 
    "$_GET[userID]";
            
    $sql "SELECT * FROM users WHERE userID=$userID";
            
    $result mysqli_query($conn$sql);
            
    ?>
            
            <h2>Update Account</h2>
            <form action="<?php echo($_SERVER["PHP_SELF"]);?>" method="POST">
            
            <?php
            
            
    while($row mysqli_fetch_assoc($result)) { ?>
            
            <p>First Name: <input type="text" name="firstName" value="<?php echo $row[firstName];?>"></p>
            <p>Last Name: <input type="text" name="lastName" value="<?php echo $row[lastName];?>"></p>
            <input type="hidden" name="userID" value="<?php echo $row[userID];?>"></p>
            <p>Username: <input type="text" name="username" value="<?php echo $row[username];?>"></p>
            <p>Password: <input type="text" name="password" value="<?php echo $row[password];?>"></p>
            <p>Email: <input type="text" name="email" value="<?php echo $row[email];?>"></p>
            <p>Address: <input type="text" name="address" value="<?php echo $row[address];?>"></p>
            <p>City: <input type="text" name="city" value="<?php echo $row[city];?>"></p>
            <p>State: <input type="text" name="state" value="<?php echo $row[state];?>"></p>
            <p>Zip Code: <input type="text" name="zip" value="<?php echo $row[zip];?>"></p>
            <p>Credit Card Number: <input type="text" name="creditcard" value="<?php echo $row[creditcard];?>"></p>
            <input type="submit" name="submit" value="Update Account"> <?php
            
            
    }?>
            </form>
            
            <button><a href="account.php" style="text-decoration: none;">Back</a></button>
        
        </body>
        </html

  2. #2
    Senior Coder benanamen's Avatar
    Join Date
    Oct 2015
    Posts
    1,091
    Thanks
    2
    Thanked 117 Times in 114 Posts
    Don't you think it would be helpful if you posted exactly what the error message is?

    You set $userID to an empty string so of course your query is going to fail. And here is one reason not to chain a bunch of made up variables to a single value.

    Also, your code is vulnerable to an XSS attack. Do not use PHP_SELF. And never ever put variables in your query. You need to use prepared statements. You are missing an opening P tag. Don't create variables for nothing. Ditch the parenthesis on your echos. Use the output tag to display the variable data.

    What could you possibly be including in header.php when you already have a header hardcoded?

    Your update code should be at the top of the page. Learn about separation of concerns. Don't intermingle php with html like that.

    NEVER EVER output system errors to the user. That info is only good to hackers.

    Since you need to rewrite the whole thing now would be a good time to start using PDO. https://phpdelusions.net/pdo
    Last edited by benanamen; 04-17-2017 at 05:17 AM.
    To save time, lets just assume I am almost never wrong.

    The XY Problem
    The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.

    "This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"

  3. #3
    New Coder
    Join Date
    Sep 2016
    Posts
    85
    Thanks
    16
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by benanamen View Post
    Don't you think it would be helpful if you posted exactly what the error message is?

    You set $userID to an empty string so of course your query is going to fail. And here is one reason not to chain a bunch of made up variables to a single value.

    Also, your code is vulnerable to an XSS attack. Do not use PHP_SELF. And never ever put variables in your query. You need to use prepared statements. You are missing an opening P tag. Don't create variables for nothing. Ditch the parenthesis on your echos. Use the output tag to display the variable data.

    What could you possibly be including in header.php when you already have a header hardcoded?

    Your update code should be at the top of the page. Learn about separation of concerns. Don't intermingle php with html like that.

    NEVER EVER output system errors to the user. That info is only good to hackers.

    Since you need to rewrite the whole thing now would be a good time to start using PDO. https://phpdelusions.net/pdo
    Sorry. "PHP Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in /home/gallipeau83248/public_html/hotashcigars/updateaccount.php on line 58"

    And then I updated it right after that...? Also, I removed that part and it still doesn't work.

    As I've told you a few times already, I'm just using code that my teacher has taught me. I don't know why she is teaching me a stupid way. But she is the one who told me to use PHP self, and I haven't learned output tags.

    The nav is in the header.

    Okay. Hopefully I'll learn that soon.

    That makes sense. Again though, that's what I was showed to do. My guess was that I should just output those during development and then remove them when it goes live, but again, she hasn't said anything about that.

    I definitely will learn PDO. Just not yet. Right now I have to focus on what they're teaching me in class.

    Thank you for your help.

  4. #4
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,982
    Thanks
    3
    Thanked 483 Times in 472 Posts
    You instructor should be teaching good programming practices, such as how to implement error handling, that would tell you why you are getting the current error, how to validate input data before using it and not executing dependent code when there isn't valid input data and how to write the least amount of code and variables to accomplish a task.

    You need to ALWAYS have error handling for your database statements. If you use exceptions to handle errors (this is the second time I have stated this in your threads on this forum), you won't need to add program logic at each statement that can fail, then let php catch the exception, php will use the error_reporting/display_errors/log_errors settings to determine what happens with the actual error information.

    If you don't already have these, set php's error_reporting to E_ALL and display_errors to ON, preferably in the php.ini on your development system.

    Next, to enable exceptions for the mysqli extension, add the following before the point where you are making the database connection -

    PHP Code:
    // the $driver variable in the following is only used in these two lines of code and has no relationship to any variable you are using in the rest of your code.
    $driver = new mysqli_driver();
    $driver->report_mode MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT// MYSQLI_REPORT_ALL <-- w/index checking; w/o index checking --> MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT; 
    Doing the above will cause any errors with the mysqli statements to throw an exception which php will catch and display the actual error information.
    Finding out HOW to do something is called research, i.e. keep searching until you find the answer. After you attempt to do something and cannot solve a problem with it yourself, would be when you ask others for help.

  5. #5
    Senior Coder benanamen's Avatar
    Join Date
    Oct 2015
    Posts
    1,091
    Thanks
    2
    Thanked 117 Times in 114 Posts
    Your "Teacher" doesn't know what she is doing. If you want to learn any coding, school is not the place to do it. Schools are 10 -15 years or more behind in what they teach.
    To save time, lets just assume I am almost never wrong.

    The XY Problem
    The XY problem is asking about your attempted solution (X) rather than your actual problem (Y). This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.

    "This text has been encoded with ROT26. If you can read this you must have found a backdoor. Congratulations!"

  6. #6
    New Coder
    Join Date
    Sep 2016
    Posts
    85
    Thanks
    16
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by CFMaBiSmAd View Post
    You instructor should be teaching good programming practices, such as how to implement error handling, that would tell you why you are getting the current error, how to validate input data before using it and not executing dependent code when there isn't valid input data and how to write the least amount of code and variables to accomplish a task.

    You need to ALWAYS have error handling for your database statements. If you use exceptions to handle errors (this is the second time I have stated this in your threads on this forum), you won't need to add program logic at each statement that can fail, then let php catch the exception, php will use the error_reporting/display_errors/log_errors settings to determine what happens with the actual error information.

    If you don't already have these, set php's error_reporting to E_ALL and display_errors to ON, preferably in the php.ini on your development system.

    Next, to enable exceptions for the mysqli extension, add the following before the point where you are making the database connection -

    PHP Code:
    // the $driver variable in the following is only used in these two lines of code and has no relationship to any variable you are using in the rest of your code.
    $driver = new mysqli_driver();
    $driver->report_mode MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT// MYSQLI_REPORT_ALL <-- w/index checking; w/o index checking --> MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT; 
    Doing the above will cause any errors with the mysqli statements to throw an exception which php will catch and display the actual error information.
    Like this?

    Code:
    <?php
    
    // the $driver variable in the following is only used in these two lines of code and has no relationship to any variable you are using in the rest of your code.
    $driver = new mysqli_driver();
    $driver->report_mode = MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT; // MYSQLI_REPORT_ALL <-- w/index checking; w/o index checking --> MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT;  
    
    $servername = "localhost";
    
    $username = "---"; // not my actual username
    
    $password = "---"; // not my actual password
    
    $dbname = "---"; // not my actual db name
    
    
    
    
    // Create connection
    
    $conn = mysqli_connect($servername, $username, $password, $dbname);
    
    
    
    // Check connection
    
    if (!$conn) {
    
    	die("Connection failed: " . mysqli_connect_error());
    	
    }
    
    ?>
    And what is the other part? What do you mean by development system? The program I use to make my code?

    And I apologize to both of you for my lack of knowledge. If not school, how do you suggest I learn? Just internet research?

  7. #7
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,982
    Thanks
    3
    Thanked 483 Times in 472 Posts
    Like this?
    Yes. What sort of error did you get when you ran your code with those lines in it?

    What do you mean by development system?
    The system (computer) that are you running your php code on, while developing it.
    Finding out HOW to do something is called research, i.e. keep searching until you find the answer. After you attempt to do something and cannot solve a problem with it yourself, would be when you ask others for help.

  8. #8
    New Coder
    Join Date
    Sep 2016
    Posts
    85
    Thanks
    16
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by CFMaBiSmAd View Post
    Yes. What sort of error did you get when you ran your code with those lines in it?
    Well, when I tried that, it wouldn't connect to the databases at all. I can tell because my echo statement "Thank you for logging in $username" didn't happen. I guess that has something to do with this next part I'm not getting...?

    Quote Originally Posted by CFMaBiSmAd View Post
    The system (computer) that are you running your php code on, while developing it.
    I'm working on a MacBook. I am running the site through hosting on GoDaddy, so I'm using cPanel. Where would I go to add those statements/adjust those rules?

  9. #9
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,982
    Thanks
    3
    Thanked 483 Times in 472 Posts
    hosting on GoDaddy
    You should NOT be learning, developing, and debugging your code on a live server. The constant uploading of files to see the result of each change is a waste of time.

    I'm not a Mac user, but AFAIK, your computer comes with Apache, Mysql, Php installed and you can learn, develop, and debug your code on your computer. If your computer doesn't have Apache, Mysql, Php installed, you can download and install a MAMP (Mac, Apache, Mysql, Php) all in one package.

    As far as your web hosting, you should be able to create a local php.ini, in the document root folder, and put the settings into that file.
    Finding out HOW to do something is called research, i.e. keep searching until you find the answer. After you attempt to do something and cannot solve a problem with it yourself, would be when you ask others for help.

  10. #10
    New Coder
    Join Date
    Sep 2016
    Posts
    85
    Thanks
    16
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by CFMaBiSmAd View Post
    You should NOT be learning, developing, and debugging your code on a live server. The constant uploading of files to see the result of each change is a waste of time.

    I'm not a Mac user, but AFAIK, your computer comes with Apache, Mysql, Php installed and you can learn, develop, and debug your code on your computer. If your computer doesn't have Apache, Mysql, Php installed, you can download and install a MAMP (Mac, Apache, Mysql, Php) all in one package.

    As far as your web hosting, you should be able to create a local php.ini, in the document root folder, and put the settings into that file.
    I don't have to keep uploading. I edit the file right on the hosting site.

    I do have MAMP already. Those are programs that come with it by default?

    Okay. So create a file called php.ini. Then create a file... inside the folder that my website files are in? And how do I just "put settings" into a file.

  11. #11
    New Coder
    Join Date
    Sep 2016
    Posts
    85
    Thanks
    16
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by CFMaBiSmAd View Post
    You instructor should be teaching good programming practices, such as how to implement error handling, that would tell you why you are getting the current error, how to validate input data before using it and not executing dependent code when there isn't valid input data and how to write the least amount of code and variables to accomplish a task.

    You need to ALWAYS have error handling for your database statements. If you use exceptions to handle errors (this is the second time I have stated this in your threads on this forum), you won't need to add program logic at each statement that can fail, then let php catch the exception, php will use the error_reporting/display_errors/log_errors settings to determine what happens with the actual error information.

    If you don't already have these, set php's error_reporting to E_ALL and display_errors to ON, preferably in the php.ini on your development system.

    Next, to enable exceptions for the mysqli extension, add the following before the point where you are making the database connection -

    PHP Code:
    // the $driver variable in the following is only used in these two lines of code and has no relationship to any variable you are using in the rest of your code.
    $driver = new mysqli_driver();
    $driver->report_mode MYSQLI_REPORT_ERROR MYSQLI_REPORT_STRICT// MYSQLI_REPORT_ALL <-- w/index checking; w/o index checking --> MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT; 
    Doing the above will cause any errors with the mysqli statements to throw an exception which php will catch and display the actual error information.
    Okay so I've still been working on this between responses and here's what I've got. Please correct me if I'm wrong.

    I've created a file inside my folder with my web files named php.ini and inside of that file I've added this code:

    Code:
    php_flag  display_errors        on
    php_value error_reporting       2039
    error_reporting(-1);
    ini_set('display_errors', 'On');
    So this, along with that snippet of code with the $driver, should give me better error messages?

  12. #12
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,982
    Thanks
    3
    Thanked 483 Times in 472 Posts
    php_flag display_errors on
    php_value error_reporting 2039
    error_reporting(-1);
    ini_set('display_errors', 'On');
    None of these are valid php.ini statements. The first two are .htaccess statements, but only work when php is running as a server module, which is rare for shared web hosting, not as a cgi application, which is the typical method on shared web hosting. The 2039 value is also doubtful. You would use a -1 to set all bits. The last two are php code statements and can be put into your main .php file, if your php code is running (has no php syntax error.)

    The statements that would be into a php.ini file would be -

    Code:
    error_reporting = E_ALL
    display_errors = ON
    This is all the more reason why you should be using a development system on your computer. You would have been editing the master php.ini, which would have already had settings in it, so you would only be changing values and wouldn't have been faced with what the actual syntax is.
    Last edited by CFMaBiSmAd; 04-18-2017 at 11:13 AM.
    Finding out HOW to do something is called research, i.e. keep searching until you find the answer. After you attempt to do something and cannot solve a problem with it yourself, would be when you ask others for help.

  13. #13
    New Coder
    Join Date
    Sep 2016
    Posts
    85
    Thanks
    16
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by CFMaBiSmAd View Post
    None of these are valid php.ini statements. The first two are .htaccess statements, but only work when php is running as a server module, which is rare for shared web hosting, not as a cgi application, which is the typical method on shared web hosting. The 2039 value is also doubtful. You would use a -1 to set all bits. The last two are php code statements and can be put into your main .php file, if your php code is running (has no php syntax error.)

    The statements that would be into a php.ini file would be -

    Code:
    error_reporting = E_ALL
    display_errors = ON
    This is all the more reason why you should be using a development system on your computer. You would have been editing the master php.ini, which would have already had settings in it, so you would only be changing values and wouldn't have been faced with what the actual syntax is.
    I understand. I will do it that way in the future.

    Do you know where the php.ini folder is in a MAMP hierarchy? There are so many folders in there. And when I searched, like 50 of them popped up for some reason and idk which is the right one.

  14. #14
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,982
    Thanks
    3
    Thanked 483 Times in 472 Posts
    If you make a .php script with <?php phpinfo(); ?> in it, and open the file through the web server, there will be a Loaded Configuration File line in the first section of the output. This will be the path to the php.ini that php is using.
    Finding out HOW to do something is called research, i.e. keep searching until you find the answer. After you attempt to do something and cannot solve a problem with it yourself, would be when you ask others for help.


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •