Forum Moderators: coopster
I've done fairly well with the tutorial but I keep on getting an error and have tried trouble-shooting it for awhile now. I've found the line of code that is giving me an error:
$result = mysql_query("SELECT * FROM personnel WHERE id=$id",$db);
If I take out 'id=$id' or change it to 'id=2', it eliminates the error but the results is not what would be expected. (see #3 below for coding)
There was a note in the tutorial that as of PHP 4.2 (I'm using PHP 5.0), php no longer automatically creates the variables for you so I edited my php.ini file and set the register_globals variable to on. This has not helped at all.
I would so appreciate any assistance at this point, I've been able to conquer the rest of the problems, but this one has me stumped. Once I can get past this, I can use the example for a live application.
#1. input.php
<HTML><?php
$db = mysql_connect("localhost", "root","");
mysql_select_db("learndb",$db);
//for new PHP
$first=$_POST[first];
$last=$_POST[last];
$nickname=$_POST[nickname];
$email=$_POST[email];
$salary=$_POST[salary];
//
$sql = "INSERT INTO personnel (firstname, lastname, nick, email,
salary)
VALUES ('$first','$last','$nickname','$email','$salary')";
$result = mysql_query($sql);
echo "Thank you! Information entered.\n";
?>
<form method="post" action="input.php">
First name:<input type="Text" name="first"><br>
Last name:<input type="Text" name="last"><br>
Nick Name:<input type="Text" name="nickname"><br>
E-mail:<input type="Text" name="email"><br>
Salary:<input type="Text" name="salary"><br>
<input type="Submit"name="submit" value=" Enter information"></form>
</HTML>
#2. viewdb.php
<HTML>
<?php
$db = mysql_connect("localhost", "root","");
mysql_select_db("learndb",$db);
$result = mysql_query("SELECT * FROM personnel",$db);
echo "<TABLE BORDER=2>";
echo"<TR><TD><B>Full Name</B><TD><B>Nick
Name</B><TD><B>Options</B></TR>";
while($myrow = mysql_fetch_array($result))
{
echo "<TR><TD>".$myrow["firstname"]." ".$myrow["lastname"]."<TD>".$myrow["nick"];
echo "<TD><a href=\"view.php?id=".$myrow[id]."\">View</a>";
}
echo "</TABLE>";
?>
</HTML>
#3. view.php
<HTML>
<?php
$db = mysql_connect("localhost", "root","");
mysql_select_db("learndb",$db);
$result = mysql_query("SELECT * FROM personnel WHERE id=$id",$db);
$myrow = mysql_fetch_array($result);
echo "First Name: ".$myrow["firstname"];
echo "<br>Last Name: ".$myrow["lastname"];
echo "<br>Nick Name: ".$myrow["nick"];
echo "<br>Email address: ".$myrow["email"];
echo "<br>Salary: ".$myrow["salary"];
?>
</HTML>
$result = mysql_query("SELECT * FROM personnel WHERE id=$id",$db);
Where does the variable "id" come from?
It's supposed to come from here:
<a href=\"view.php?id=".$myrow[id]."\">View</a>
So when you click that, you should have in your address bar
example.com/view.php?id=1234
But how to get id into $id? A query string is a get request, so,
$id = $_GET['id'];
should do it.
A few things to validate and help: you always want to validate your data. You will learn of the dangers of mysql injection, but a simple one for this is to make sure the variable is set, and make sure it's a number:
if (isset($_GET['id']) and preg_match('/^\d+$/',$_GET['id'])) { $id = $_GET['id']; }
else {
echo "OOPS! not a valid number!";
exit;
}
Error checking is one of the most valuable assets you can add to your programming, and naturally leads to more secure programs. It also makes them easier to debug. :-)
$result = mysql_query($sql) or die("cannot add data: " . mysql_error());
If this query breaks, you will receive the mySQL error here, no matter what it is. Helps point right to where the problem is. add this little bit to every query you run.
if (isset($_GET['id']) and ($_GET['id'] > 0)) { $id = $_GET['id']; }
This is also better because the regexp will also return true for zero as it is a number, and as you can imagine, you'd never have a record with an auto increment id of zero. (smacks forehead . . . )
