PHP MsSQL Modify/Delete

willscarlet · 12-18-2012, 09:18 PM

First off, thank you guys for helping me fix this little project of mine and teaching me a bit along the way thusfar.

Now the program needs to be able to view a record and allow the user to modify the record or delete the record. For simplicity sake I just have the code written to modify the StreetName, but im getting the following error upon submit:

Notice: Undefined variable: StreetID in C:\Inetpub\wwwroot\msag\modify2.php on line 35

Any suggestions, tips, or constructive critisim will be greatly appreciated. Thank you all in advance.

Here is my code:

PHP Code:


			
<?php include 'includes/head/head_main.php'; ?>



<div id = "top_content">

<body>



<?php



ini_set('display_errors', 1);

error_reporting(E_ALL);  



include 'includes/header/header_main.php'; 



include 'includes/db/connect.php';



if(isset($_POST['delete'])) 

{ 

    $StreetName =     $_POST['StreetName'];

    $StreetID     =     $_POST['StreetID'];



    $resource = "UPDATE MSAG SET StreetName='$StreetName'

                      WHERE StreetID='$StreetID'";

        

 sqlsrv_query($conn, $resource) or die(sqlsrv_error());

  $_html ="<tabel><tr>  

       <td width=\"19%\">RECORD HAS BEEN </td> 

       <td width=\"81%\">UPDATED CLICK <a href=\"index.php\">HERE</a></td> 

     </tr></table>"; 

}



if(isset($_POST['edit'])) 

{ 

    $StreetName =     $_POST['StreetName'];



    $resource = "UPDATE MSAG SET StreetName='$StreetName'

                      WHERE StreetID='$StreetID'";

        

 sqlsrv_query($conn, $resource) or die(sqlsrv_error());

  $_html ="<tabel><tr>  

       <td width=\"19%\">RECORD HAS BEEN </td> 

       <td width=\"81%\">UPDATED CLICK <a href=\"index.php\">HERE</a></td> 

     </tr></table>"; 

}



else

{

$StreetID = (int)($_GET['StreetID']);

$query ="SELECT * FROM MSAG WHERE StreetID=$StreetID";

$resource = sqlsrv_query($conn, $query);



while($result=sqlsrv_fetch_array($resource))

{

echo "

<center>

<h1><u>Record Details</u></h1>

<br>

<br>

</center>

<div id = \"modify\">

<form action=\"\" method=\"post\" id=\"_form\" name=\"_form\" enctype=\"multipart/form-data\">



<table> 

<tr>

<td>Pre Dir:    <br><input type=\"text\" name=\"StreetPrefix\" value=".$result['StreetPrefix']."> <br></td>

<td>Street:     <br><input type=\"text\" name=\"StreetName\" value=".$result['StreetName']."> <br></td>

<td>Suffix:     <br><input type=\"text\" name=\"StreetSuffix\" value=".$result['StreetSuffix']."> <br></td>

<td>Post Dir:     <br><input type=\"text\" name=\"StreetPostDi\" value=".$result['StreetPostDir']."> <br></td>

<td>Community:     <br><input type=\"text\" name=\"COMMUNITY\" value=".$result['COMMUNITY']."> <br></td>

</tr></table>

<br>



<table> 

<tr>  

<td>Low:    <br><input type=\"text\" name=\"LOWNUMBER\" value=".$result['LOWNUMBER']."> <br></td>

<td>High:    <br><input type=\"text\" name=\"HighNumber\" value=".$result['HighNumber']."> <br></td>

<td>EOB:    <br><input type=\"text\" name=\"EOB\" value=".$result['EOB']."> <br></td>

<td>ESN:    <br><input type=\"text\" name=\"ESN\" value=".$result['ESN']."> <br></td>

</tr>

</table>

<br>



<table> 

<tr>

<td>Telco:    <br><input type=\"text\" name=\"TELCO\" value=".$result['TELCO']."> <br></td>

<td>ZIP:    <br><input type=\"text\" name=\"PostOffice\" value=".$result['PostOffice']."> <br></td>

<td>Zone:    <br><input type=\"text\" name=\"ZONE\" value=".$result['ZONE']."> <br></td>

<td>Map:    <br><input type=\"text\" name=\"MAP\" value=".$result['MAP']."> <br></td>

</tr>

</table>

<br>



<table>

<tr>

<td>Archive:     <input type = 'radio' Name ='inactive' value= 'inactive'></td>

<td>&nbsp;</td>

<td>Entered:    <br><input type=\"text\" name=\"DateEntered\" value=".(($result['DateEntered'] instanceof DateTime) ? $result['DateEntered']->format('Y-m-d') : $result['DateEntered'])."> <br></td>

<td>Modified:    <br><input type=\"text\" name=\"DateUpdated\" value=".(($result['DateUpdated'] instanceof DateTime) ? $result['DateUpdated']->format('Y-m-d') : $result['DateUpdated'])."> <br></td>

</tr>

</table>

<br>



<table>

<tr>

<td>Comments:    <br><input type=\"text\" name=\"Comment\" value=".$result['Comment']."> <br></td>

</tr>

</table>

<br>

</div>



<div class = \"button\">

<table>

<tr>

<td>

<input type=\"submit\" align = \"left\" name=\"edit\" value=\"Edit\"/>

<input type=\"hidden\" name=\"id\" value=\"$StreetID\"/>

</td>



<td>

<input type=\"submit\" id=\"delete\" name=\"delete\" value=\"Delete\"/>

<input type=\"hidden\" name=\"id\" value=\"$StreetID\"/>

</td>

</tr>

</table>

</div>

";

}

}

?>

Fou-Lu · 12-18-2012, 10:01 PM

The logic flow is incorrect:

PHP Code:


			
if (condition)
{
    $variable = 'A variable';
}
else
{
    print $variable; // this will fail.
}

Since you generate a variable in a specific branch, the only time that is available is if that branch executes. If it doesn't and chooses and else (or even just keeps going), then the variable has not been assigned to.

So you need to extract the $streetID in both blocks.

Alternatively, join both blocks and control them individually within it:

PHP Code:


			
if (isset($_POST['edit']) || isset($_POST['delete']))
{
    $streetID = $_POST['StreetID'];
    $streetName = $_POST['StreetName'];

    if (isset($_POST['edit']))
    {
        // in edit
    }
    else if (isset($_POST['delete']))
    {
        // in delete.
    }
}

Use the prepared statements as well.

willscarlet · 12-19-2012, 01:22 PM

Ok, I see what you meant about the flawed logic, however, when I redo the code, I still get the same error just on a different line.

Error:
Notice: Undefined index: StreetID in C:\Inetpub\wwwroot\msag\modify2.php on line 17

PHP Code:


			
<?php include 'includes/head/head_main.php'; ?>



<div id = "top_content">

<body>



<?php



ini_set('display_errors', 1);

error_reporting(E_ALL);  



include 'includes/header/header_main.php'; 



include 'includes/db/connect.php';



if (isset($_POST['edit']) || isset($_POST['delete']))

{

    $StreetID = $_POST['StreetID'];

    $StreetName = $_POST['StreetName'];



    if (isset($_POST['edit']))

    {

           $resource = "UPDATE MSAG SET StreetName= '$StreetName'

                     WHERE StreetID='$StreetID'";



 sqlsrv_query($conn, $resource) or die(sqlsrv_error());

  $_html ="<tabel><tr>

       <td width=\"19%\">RECORD HAS BEEN </td>

       <td width=\"81%\">UPDATED CLICK <a href=\"index.php\">HERE</a></td>

     </tr></table>";

    }

    else if (isset($_POST['delete']))

    {

        // in delete.

    }

}



else

{

$StreetID = (int)($_GET['StreetID']);

$query ="SELECT * FROM MSAG WHERE StreetID=$StreetID";

$resource = sqlsrv_query($conn, $query);



while($result=sqlsrv_fetch_array($resource))

{

echo "

<center>

<h1><u>Record Details</u></h1>

<br>

<br>

</center>

<div id = \"modify\">

<form action=\"\" method=\"post\" id=\"_form\" name=\"_form\" enctype=\"multipart/form-data\">



<table> 

<tr>

<td>Pre Dir:    <br><input type=\"text\" name=\"StreetPrefix\" value=".$result['StreetPrefix']."> <br></td>

<td>Street:     <br><input type=\"text\" name=\"StreetName\" value=".$result['StreetName']."> <br></td>

<td>Suffix:     <br><input type=\"text\" name=\"StreetSuffix\" value=".$result['StreetSuffix']."> <br></td>

<td>Post Dir:     <br><input type=\"text\" name=\"StreetPostDi\" value=".$result['StreetPostDir']."> <br></td>

<td>Community:     <br><input type=\"text\" name=\"COMMUNITY\" value=".$result['COMMUNITY']."> <br></td>

</tr></table>

<br>



<table> 

<tr>  

<td>Low:    <br><input type=\"text\" name=\"LOWNUMBER\" value=".$result['LOWNUMBER']."> <br></td>

<td>High:    <br><input type=\"text\" name=\"HighNumber\" value=".$result['HighNumber']."> <br></td>

<td>EOB:    <br><input type=\"text\" name=\"EOB\" value=".$result['EOB']."> <br></td>

<td>ESN:    <br><input type=\"text\" name=\"ESN\" value=".$result['ESN']."> <br></td>

</tr>

</table>

<br>



<table> 

<tr>

<td>Telco:    <br><input type=\"text\" name=\"TELCO\" value=".$result['TELCO']."> <br></td>

<td>ZIP:    <br><input type=\"text\" name=\"PostOffice\" value=".$result['PostOffice']."> <br></td>

<td>Zone:    <br><input type=\"text\" name=\"ZONE\" value=".$result['ZONE']."> <br></td>

<td>Map:    <br><input type=\"text\" name=\"MAP\" value=".$result['MAP']."> <br></td>

</tr>

</table>

<br>



<table>

<tr>

<td>Archive:     <input type = 'radio' Name ='inactive' value= 'inactive'></td>

<td>&nbsp;</td>

<td>Entered:    <br><input type=\"text\" name=\"DateEntered\" value=".(($result['DateEntered'] instanceof DateTime) ? $result['DateEntered']->format('Y-m-d') : $result['DateEntered'])."> <br></td>

<td>Modified:    <br><input type=\"text\" name=\"DateUpdated\" value=".(($result['DateUpdated'] instanceof DateTime) ? $result['DateUpdated']->format('Y-m-d') : $result['DateUpdated'])."> <br></td>

</tr>

</table>

<br>



<table>

<tr>

<td>Comments:    <br><input type=\"text\" name=\"Comment\" value=".$result['Comment']."> <br></td>

</tr>

</table>

<br>

</div>



<div class = \"button\">

<table>

<tr>

<td>

<input type=\"submit\" align = \"left\" name=\"edit\" value=\"Edit\"/>

<input type=\"hidden\" name=\"id\" value=\"$StreetID\"/>

</td>



<td>

<input type=\"submit\" id=\"delete\" name=\"delete\" value=\"Delete\"/>

<input type=\"hidden\" name=\"id\" value=\"$StreetID\"/>

</td>

</tr>

</table>

</div>

";

}

}

?>

Fou-Lu · 12-19-2012, 01:57 PM

These are two different errors.
The second one is because you have no input field called StreetID. They also have to be present before the submit buttons, and you shouldn't reuse them if they are using the same information.

willscarlet · 12-19-2012, 02:04 PM

I think I understand that now. Is this what you are talking about, sir?

PHP Code:


			
<div class = "button\">

<table>

<tr>

<td>

<input type=\"hidden\" name=\"StreetID\" value=\"$StreetID\"/>

<input type=\"submit\" align = \"left\" name=\"edit\" value=\"Edit\"/>

</td>

Putting the hidden input field above the button, and deleteing the hidden imput from above the other button as well. If this is correct, still showing the same error though, sir.

Fou-Lu · 12-19-2012, 02:20 PM

Quote:

Originally Posted by willscarlet

I think I understand that now. Is this what you are talking about, sir?

PHP Code:


			
<div class = "button\">

<table>

<tr>

<td>

<input type=\"hidden\" name=\"StreetID\" value=\"$StreetID\"/>

<input type=\"submit\" align = \"left\" name=\"edit\" value=\"Edit\"/>

</td>

Putting the hidden input field above the button, and deleteing the hidden imput from above the other button as well. If this is correct, still showing the same error though, sir.

Make sure you attach directly to script; do not execute a refresh. You will however have to specify the error. You also have the potential to throw the same index failure on the $_GET call which doesn't check the existence first. That appears to be on line 39.

willscarlet · 12-19-2012, 02:29 PM

On line 39, that is the line that shows allows the page to show fill in the form below with that particular records details, if I remove it, it throws all kinds of errors and wont show the form.

As for your advice here, sir:

Quote:

Make sure you attach directly to script; do not execute a refresh. You will however have to specify the error. You also have the potential to throw the same index failure on the $_GET call which doesn't check the existence first. That appears to be on line 39.

I am confused by that, I am not quite sure what you mean, sir.

My current Code:

PHP Code:


			
<?php include 'includes/head/head_main.php'; ?>



<div id = "top_content">

<body>



<?php



ini_set('display_errors', 1);

error_reporting(E_ALL);  



include 'includes/header/header_main.php'; 



include 'includes/db/connect.php';



if (isset($_POST['edit']) || isset($_POST['delete']))

{

    $StreetID = $_POST['StreetID'];

    $StreetName = $_POST['StreetName'];



    if (isset($_POST['edit']))

    {

           $resource = "UPDATE MSAG SET StreetName= '$StreetName'

                     WHERE StreetID='$StreetID'";



 sqlsrv_query($conn, $resource) or die(sqlsrv_error());

  $_html ="<tabel><tr>

       <td width=\"19%\">RECORD HAS BEEN </td>

       <td width=\"81%\">UPDATED CLICK <a href=\"index.php\">HERE</a></td>

     </tr></table>";

    }

    else if (isset($_POST['delete']))

    {

        // in delete.

    }

}



else

{

$StreetID = (int)($_GET['StreetID']);

$query ="SELECT * FROM MSAG WHERE StreetID=$StreetID";

$resource = sqlsrv_query($conn, $query);



while($result=sqlsrv_fetch_array($resource))

{

echo "

<center>

<h1><u>Record Details</u></h1>

<br>

<br>

</center>

<div id = \"modify\">

<form action=\"\" method=\"post\" id=\"_form\" name=\"_form\" enctype=\"multipart/form-data\">



<table> 

<tr>

<td>Pre Dir:    <br><input type=\"text\" name=\"StreetPrefix\" value=".$result['StreetPrefix']."> <br></td>

<td>Street:     <br><input type=\"text\" name=\"StreetName\" value=".$result['StreetName']."> <br></td>

<td>Suffix:     <br><input type=\"text\" name=\"StreetSuffix\" value=".$result['StreetSuffix']."> <br></td>

<td>Post Dir:     <br><input type=\"text\" name=\"StreetPostDi\" value=".$result['StreetPostDir']."> <br></td>

<td>Community:     <br><input type=\"text\" name=\"COMMUNITY\" value=".$result['COMMUNITY']."> <br></td>

</tr></table>

<br>



<table> 

<tr>  

<td>Low:    <br><input type=\"text\" name=\"LOWNUMBER\" value=".$result['LOWNUMBER']."> <br></td>

<td>High:    <br><input type=\"text\" name=\"HighNumber\" value=".$result['HighNumber']."> <br></td>

<td>EOB:    <br><input type=\"text\" name=\"EOB\" value=".$result['EOB']."> <br></td>

<td>ESN:    <br><input type=\"text\" name=\"ESN\" value=".$result['ESN']."> <br></td>

</tr>

</table>

<br>



<table> 

<tr>

<td>Telco:    <br><input type=\"text\" name=\"TELCO\" value=".$result['TELCO']."> <br></td>

<td>ZIP:    <br><input type=\"text\" name=\"PostOffice\" value=".$result['PostOffice']."> <br></td>

<td>Zone:    <br><input type=\"text\" name=\"ZONE\" value=".$result['ZONE']."> <br></td>

<td>Map:    <br><input type=\"text\" name=\"MAP\" value=".$result['MAP']."> <br></td>

</tr>

</table>

<br>



<table>

<tr>

<td>Archive:     <input type = 'radio' Name ='inactive' value= 'inactive'></td>

<td>&nbsp;</td>

<td>Entered:    <br><input type=\"text\" name=\"DateEntered\" value=".(($result['DateEntered'] instanceof DateTime) ? $result['DateEntered']->format('Y-m-d') : $result['DateEntered'])."> <br></td>

<td>Modified:    <br><input type=\"text\" name=\"DateUpdated\" value=".(($result['DateUpdated'] instanceof DateTime) ? $result['DateUpdated']->format('Y-m-d') : $result['DateUpdated'])."> <br></td>

</tr>

</table>

<br>



<table>

<tr>

<td>Comments:    <br><input type=\"text\" name=\"Comment\" value=".$result['Comment']."> <br></td>

</tr>

</table>

<br>

</div>



<div class = \"button\">

<table>

<tr>

<td>

<input type=\"hidden\" name=\"StreetID\" value=\"$StreetID\"/>

<input type=\"submit\" align = \"left\" name=\"edit\" value=\"Edit\"/>

</td>



<td>

<input type=\"submit\" id=\"delete\" name=\"delete\" value=\"Delete\"/>

</td>

</tr>

</table>

</div>

";

}

}

?>

Fou-Lu · 12-19-2012, 02:30 PM

I didn't say to remove it. I said it can also throw the same error so you need to make sure you post the errors. Or fix it by using an isset check against it first which will need to contain the entirety of the form data within it.