PHP Session problems.

[MBrown]

I have an issue (the first of many but I think this one issue is causing the rest of them) with my session_start.

I have succesfully passed a variable from on page to another which is a primary key for a table. I have succesfully used that variable to pull data from a database to populate a html form so that I can edit the data. But when I submit the edited data and get a bunch of errors the first of which is this...

Notice: Undefined index: serialNumber in C:\wamp\www\edit.php on line 10

I do not understand why am getting this error seeing as I have already used this variable in a query to the database with no errors at all.

Here is my code...

<html>
<head>
<title>Development Get Page</title>
</head>
<body>
<?php
echo '<h1>Gizmo Bids Database (Beta!)</h1>';

session_start();
$serialNumberValue = $_GET['serialNumber'];
echo "The Serial Number is: " .$serialNumberValue. ". <br />"; //this code is just to check to see if my variable passing is working

$con = mysqli_connect("localhost","root","","gizmo");
$form_query = "select * from bids where serialNumber = $serialNumberValue";
$list_sql = "select serialNumber from bids";
$form_result = mysqli_query($con,$form_query);
$form_row = mysqli_fetch_assoc($form_result);



// Check connection
if (mysqli_connect_errno($con))
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
else
 {
  echo "you are connected! <br> <br>";
 }


if(isset($_POST['dueDate']) &&
	isset($_POST['dueTime']) &&
	isset($_POST['state']) &&
	isset($_POST['organization']) &&
	isset($_POST['description']) &&
	isset($_POST['solicitation']) &&
	isset($_POST['note']) &&
	isset($_POST['website']))
	{
		$dueDate = $_POST[dueDate];
		$dueTime = $_POST[dueTime];
		$stateCode = $_POST[state];
		$organization = $_POST[organization];
		$description = $_POST[description];
		$solicitation = $_POST[solicitation];
		$note = $_POST[note];
		$website = $_POST[website];
		
		$query = "UPDATE bids
				  SET dueDate = $dueDate,
					  dueTime = $dueTime,
					  stateCode = $stateCode,
					  organization = $organization,
					  description = $description,
					  solicitation = $solicitation,
					  note = $note,
					  website = $website
				  WHERE serialNumber = $serialNumberValue";
		if (!mysqli_query($query,$con))
			echo "Edit has failed: $query <br />" . mysqli_error() . "<br /><br />";
	}
echo "you have made an edit!";

 
 

//This is the form for the page.  The fields are automatically populated with the current data
echo <<<_END
	<form action="edit.php" method="post">
	<pre>
		Due Date: <input type="date" name="dueDate" id="dueDate" value=$form_row[dueDate] /> Format YEAR-MO-DA <br><br> 
		Due Time: <input type="text" name="dueTime" value=$form_row[dueTime] /> Format HR:MIN:SEC (Military Time)<br><br> 
		State: <input type="text" name="state" value=$form_row[stateCode] /> Format XX <br><br> 
		Organization: <input type="text" name="organization" value=$form_row[organization] /> <br><br>	
		Description: <input type="text" name="description" value=$form_row[description] /> <br><br>
		Solicitation: <input type="text" name="solicitation" value=$form_row[solicitation] /> <br><br>
		Note: <input type="text" name="note" value=$form_row[note]  /> Remove the slash if you don't want it!!! <br><br>
		Website: <input type="text" name="website" value=$form_row[website] /> <br><br>
		<input type="submit" value="Edit Record" />
	</pre>
	</form>
_END;
 
 
 
 
?>



</body>
</html>

Thanks in advance.

 

[Jaydip]

I haven't used PHP in some time but this line doesn't look correct to me.

$form_query = "select * from bids where serialNumber = $serialNumberValue";

I don't think it can substitute variable vales in string.

 

[MBrown]

I haven't used PHP in some time but this line doesn't look correct to me.

$form_query = "select * from bids where serialNumber = $serialNumberValue";

I don't think it can substitute variable vales in string.

It worked for me.

 

[DaveSimmons]

Aren't you passing via post? So you'd read from $_POST not $_GET?

 

[TridenT]

Use $_POST.

Also, I think it's case-sensitive. Beware.

 

[douglasb]

On an unrelated note, I'm going to spare you all the obligatory "Little Bobby Tables" reference, and instead mention that this code is vulnerable to SQL injection.

 

[MBrown]

I was using $_POST initially but I was getting the same problem.

 

[Crusty]

http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php

 

[MBrown]

Let me try and clarify what I my issue is here. After I pass my variable from the previous page to this one, it displays the current table data on the form. That works without any errors. As soon as I press the submit button on this page form, I get the undefined index error. My thought is that the $_POST array is getting overwritten so that my serialNumber index is no longer in the post array. Am I correct with my assumption?

 

[beginner99]

Let me try and clarify what I my issue is here. After I pass my variable from the previous page to this one, it displays the current table data on the form. That works without any errors. As soon as I press the submit button on this page form, I get the undefined index error. My thought is that the $_POST array is getting overwritten so that my serialNumber index is no longer in the post array. Am I correct with my assumption?

You need to start understanding the basic because then the issue here will be obvious.

First just to repeat: Fix SQL-Injection vulnerability!!!
Even if this is just a meaningless hobby project, learn to do it right from the start. It is hard to get rid of bad habits! See link in a previous post but the solution is prepared statements.

The actual issue:

$_GET and $_POST have nothing, absolutely nothing to do with a PHP session:

http://en.wikipedia.org/wiki/HTTP#Request_methods

This is basics of how http works.

Since they are request methods, anything in them will expire at the end of the request. When you click on your submit button that will start a new request to edit.php and everything from your previous request will be lost. $_post will only contain the fields within your form.

If you want to store a value in the session you need to use $_SESSION. See PHP doc...

However this is not required. In this case you can add a hidden input field into your form, name it "serialNumber" and populate it on page load.

Besides that there is plenty other room for improvement like using <br> for layout is terrible as is the form you are creating within <pre>. Use <label> for adding a label to a input element.

http://www.w3.org/wiki/HTML/Elements/label

Use css for design!!! html is for semantics only and <br> is only to be used in actual text displayed and not for layout.

Sorry for being harsh, but again better to adjust as early as possible than getting used to bad habits.

Note that to create a good looking, usable web application you need to know a lot of things:

- HTML
- CSS
- JavaScript
- server side language -> PHP

 

[MBrown]

You need to start understanding the basic because then the issue here will be obvious.

First just to repeat: Fix SQL-Injection vulnerability!!!
Even if this is just a meaningless hobby project, learn to do it right from the start. It is hard to get rid of bad habits! See link in a previous post but the solution is prepared statements.

The actual issue:

$_GET and $_POST have nothing, absolutely nothing to do with a PHP session:

http://en.wikipedia.org/wiki/HTTP#Request_methods

This is basics of how http works.

Since they are request methods, anything in them will expire at the end of the request. When you click on your submit button that will start a new request to edit.php and everything from your previous request will be lost. $_post will only contain the fields within your form.

If you want to store a value in the session you need to use $_SESSION. See PHP doc...

However this is not required. In this case you can add a hidden input field into your form, name it "serialNumber" and populate it on page load.

Besides that there is plenty other room for improvement like using <br> for layout is terrible as is the form you are creating within <pre>. Use <label> for adding a label to a input element.

http://www.w3.org/wiki/HTML/Elements/label

Use css for design!!! html is for semantics only and <br> is only to be used in actual text displayed and not for layout.

Sorry for being harsh, but again better to adjust as early as possible than getting used to bad habits.

Note that to create a good looking, usable web application you need to know a lot of things:

- HTML
- CSS
- JavaScript
- server side language -> PHP

I know that I need to address the SQL injection mess. That's not what I'm on now, and is not what I asked. Anyway I figured out what my problem was and fixed it. And it was exactly what I thought it was. It indeed didn't have anything to do with $_SESSION at this point in my code...I was able figured that out. The issue was when I pressed the submit button, the serialNumber value I had in $_POST was getting lost so what I did was put it back in by doing a hidden input in my form and the error went away.

Now my error is a problem with my SQL syntax, which I am not seeing...

 

[beginner99]

the serialNumber value I had in $_POST was getting lost

It's not getting lost. it was not there because you did not set it in the first place.

I know I'm being pedantic but it's a major difference if you do something just because it works or if you actually understand why it works and why you need to do it that way.

 

[Albatross]

session_start first line after the php tag

 

[haley01]

Well I saw your problem, let me concern this with my seniors for better solution..

Sorry, your IP address is in a range of IP addresses from India that are used for frequent spamming.
-Admin DrPizza