Hi there Matthew2Riches,

If you are pulling the data from the database, count the rows returned from query, and then use that as a reference to see if the id requested is valid (ie: out of range), if not, redirect to page 1, or place a friendly notice there to say "oops out of range".

Either would be ok...

if($rows_returned >= strip_tags($_GET['id']))
{
echo "OOps out of range";
}

Cheers,

MRb

EDIT:

If you want to check the db for the value try this:-

$sql = "SELECT * FROM `your_table` WHERE `ID` = '".strip_tags($_GET['id'])."'";
$content = mysql_query($sql, $your_conn_detail) or die(mysql_error());
$detail_there = mysql_num_rows($content) or die(mysql_error());

if($detail_there > 0)
{
echo "id exists";
}else{
echo "There is no matching ID in the database";
exit;
}

Something like that anyway.

Cheers,
MRb

If you are pulling the data from the database, count the rows returned from query, and then use that as a reference to see if the id requested is valid (ie: out of range)

This is not entirly true. This approach is only good if you have a non-autoicrement id in your db.
If your id is autoicrement, then your approach fails:
you start adding records (lets say 10), then you delete 2 and you add another 2 . Total rcords are still 10, but the last id is 14.

Better check if id exist in your databse and if not, redirect user to a fixed page (like index.. or id=1.... or something liek this)

Hi omoutop,

Yeah, I realised that not long after posting, but the time for the 2nd edit had gone.

Thats why I suggested the other approach to see if the actual id from the get was present, and if was (returned true) display the content; else the "not in the db" message.

Cheers for pointing that out anyway ;-p

MRb

Ok... I am confused :-)

Code is below. Hopefully you can see what I am trying to do.

Basically the 'id' and 'password' must match. These are called from a form. On success, the code will point the user to a form with prefilled values (updating a record), if no ID is found, instead of it going to a blank form, i'd like it to go to an error page.

So where I have written 'something to go here' is where I need an IF statement whereby if no ID is found, it will reject the request.

Cheers!

<?php

include("connect.php");

$id = $_POST['id'];
$password = $_POST['password'];

$qProfile = "SELECT * FROM listings WHERE id='$id' AND password='$password'";
$rsProfile = mysql_query($qProfile);
$row = mysql_fetch_array($rsProfile);
extract($row);
$d = stripslashes($d);
$cat = stripslashes($cat);
$subcat = stripslashes($subcat);
$title = stripslashes($title);
$price = stripslashes($price);
$description = stripslashes($description);
$area = stripslashes($area);
$img1 = stripslashes($img1);
$img2 = stripslashes($img2);
$img3 = stripslashes($img3);
$password = stripslashes($password);
$firstname = stripslashes($firstname);
$lastname = stripslashes($lastname);
$email = stripslashes($email);
$phone = stripslashes($phone);
$timestamp = stripslashes($timestamp);

mysql_close();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Edit An Advert</title>

</head>

<body>

<h1>Edit An Advert</h1>

<?php if ([size=3][b]something to go here[/b][/size]) {
echo "<p><a href=\"login.php\">Login</a> to edit your advert.</p>";
} else {
echo "

<form id=\"FormName\" action=\"edited.php\" method=\"post\" name=\"FormName\">

<fieldset>
<legend>Cat</legend>
<div align=\"left\"><label for=\"cat\">cat</label></div>
<input id=\"cat\" name=\"cat\" type=\"text\" size=\"25\" value=\"$cat\" maxlength=\"255\">
<div align=\"left\"><label for=\"subcat\">subcat</label></div>
<input id=\"subcat\" name=\"subcat\" type=\"text\" size=\"25\" value=\"$subcat\" maxlength=\"255\">
</fieldset>

<fieldset>
<legend>Ad Details</legend>
<div align=\"left\"><label for=\"title\">title</label></div>
<input id=\"title\" name=\"title\" type=\"text\" size=\"25\" value=\"$title\" maxlength=\"255\">
<div align=\"left\"><label for=\"price\">price</label></div>
<input id=\"price\" name=\"price\" type=\"text\" size=\"25\" value=\"$price\" maxlength=\"255\">
<div align=\"left\"><label for=\"description\">description</label></div>
<textarea id=\"description\" name=\"description\" rows=\"10\" cols=\"70\">$description</textarea>
<div align=\"left\"><label for=\"area\">area</label></div>
<input id=\"area\" name=\"area\" type=\"text\" size=\"25\" value=\"$area\" maxlength=\"255\">
<div align=\"left\"><label for=\"img1\">img1</label></div>
<input id=\"img1\" name=\"img1\" type=\"text\" size=\"25\" value=\"$img1\" maxlength=\"255\">
<div align=\"left\"><label for=\"img2\">img2</label></div>
<input id=\"img2\" name=\"img2\" type=\"text\" size=\"25\" value=\"$img2\" maxlength=\"255\">
<div align=\"left\"><label for=\"img3\">img3</label></div>
<input id=\"img3\" name=\"img3\" type=\"text\" size=\"25\" value=\"$img3\" maxlength=\"255\">
<div align=\"left\"><label for=\"password\">password</label></div>
<input id=\"password\" name=\"password\" type=\"text\" size=\"25\" value=\"$password\" maxlength=\"255\">
</fieldset>

<fieldset>
<legend>Personal Details</legend>
<div align=\"left\"><label for=\"firstname\">Name</label></div>
<input id=\"firstname\" name=\"firstname\" type=\"text\" size=\"25\" value=\"$firstname\" maxlength=\"255\"> <input id=\"lastname\" name=\"lastname\" type=\"text\" size=\"25\" value=\"$lastname\" maxlength=\"255\">
<div align=\"left\"><label for=\"email\">email</label></div>
<input id=\"email\" name=\"email\" type=\"text\" size=\"25\" value=\"$email\" maxlength=\"255\">
<div align=\"left\"><label for=\"phone\">phone</label></div>
<input id=\"phone\" name=\"phone\" type=\"text\" size=\"25\" value=\"$phone\" maxlength=\"255\">
</fieldset>

<fieldset>
<legend>Update Your Ad</legend>
<input type=\"submit\" name=\"submitButtonName\" value=\"Update Advert\">
<p>Or <a href=\"deleted.php?id=$id\"> delete your ad.</a></p>
</fieldset>

<input type=\"hidden\" name=\"id\" value=\"$id\">
<input id=\"d\" name=\"d\" type=\"hidden\" value=\"$d\">
<input id=\"timestamp\" name=\"timestamp\" type=\"hidden\" value=\"$timestamp\">

</form>

";
} ?>

</body>

</html>

Ok, simple way to do this:

$id = $_GET['id'];
if(isset($id) && $id != "") {
$sql = 'SELECT etc...'; // Make sure you include quotations: id="' . $id . '"
$result = mysql_query($sql);
if(mysql_fetch_array($result)) {
// Page for a correct ID
} else {
header('HTTP/1.1 404 Not Found');
// Page for a incorrect ID
}
} else {
// Page for when no ID has been set
}

[edited by: Readie at 5:15 pm (utc) on Feb 25, 2010]

Extract and display the listing on one page with submit button whose name would be the id of the listing.

When a row is selected by pressing the submit button, it takes you to another page, where there is a form that displays all the data in the database that relates to the id passed from the previous page.

Here you do the changes, and submit this form to update the database, of course, with all sanitisation process completed, where the id is the same as gotten from the previous page.

Not sure if this is the best method, but I prefer to keep it simple.

Hope this helps.

Hey! We're getting somewhere... it will now do as I originally asked! :-)

<?php

include("connect.php");

$id = $_POST['id'];
$password = $_POST['password'];

if (isset($id) && $id != "") {

$sql = "SELECT * FROM listings WHERE id='$id' AND password='$password'";

$result = mysql_query($sql);
$row = mysql_fetch_array($rsProfile);
extract($row);

$id = stripslashes($id);
$password = stripslashes($password);
$d = stripslashes($d);
$cat = stripslashes($cat);
$subcat = stripslashes($subcat);
$title = stripslashes($title);
$price = stripslashes($price);
$description = stripslashes($description);
$area = stripslashes($area);
$img1 = stripslashes($img1);
$img2 = stripslashes($img2);
$img3 = stripslashes($img3);
$password = stripslashes($password);
$firstname = stripslashes($firstname);
$lastname = stripslashes($lastname);
$email = stripslashes($email);
$phone = stripslashes($phone);
$timestamp = stripslashes($timestamp);

mysql_close();

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Edit An Advert</title>

</head>

<body>

<h1>Edit An Advert</h1>

<?php
if (mysql_fetch_array($result)) {

echo "
<form id=\"FormName\" action=\"edited.php\" method=\"post\" name=\"FormName\">

<fieldset>
<legend>Cat</legend>
<div align=\"left\"><label for=\"cat\">cat</label></div>
<input id=\"cat\" name=\"cat\" type=\"text\" size=\"25\" value=\"$cat\" maxlength=\"255\">
<div align=\"left\"><label for=\"subcat\">subcat</label></div>
<input id=\"subcat\" name=\"subcat\" type=\"text\" size=\"25\" value=\"$subcat\" maxlength=\"255\">
</fieldset>

<fieldset>
<legend>Ad Details</legend>
<div align=\"left\"><label for=\"title\">title</label></div>
<input id=\"title\" name=\"title\" type=\"text\" size=\"25\" value=\"$title\" maxlength=\"255\">
<div align=\"left\"><label for=\"price\">price</label></div>
<input id=\"price\" name=\"price\" type=\"text\" size=\"25\" value=\"$price\" maxlength=\"255\">
<div align=\"left\"><label for=\"description\">description</label></div>
<textarea id=\"description\" name=\"description\" rows=\"10\" cols=\"70\">$description</textarea>
<div align=\"left\"><label for=\"area\">area</label></div>
<input id=\"area\" name=\"area\" type=\"text\" size=\"25\" value=\"$area\" maxlength=\"255\">
<div align=\"left\"><label for=\"img1\">img1</label></div>
<input id=\"img1\" name=\"img1\" type=\"text\" size=\"25\" value=\"$img1\" maxlength=\"255\">
<div align=\"left\"><label for=\"img2\">img2</label></div>
<input id=\"img2\" name=\"img2\" type=\"text\" size=\"25\" value=\"$img2\" maxlength=\"255\">
<div align=\"left\"><label for=\"img3\">img3</label></div>
<input id=\"img3\" name=\"img3\" type=\"text\" size=\"25\" value=\"$img3\" maxlength=\"255\">
<div align=\"left\"><label for=\"password\">password</label></div>
<input id=\"password\" name=\"password\" type=\"text\" size=\"25\" value=\"$password\" maxlength=\"255\">
</fieldset>

<fieldset>
<legend>Personal Details</legend>
<div align=\"left\"><label for=\"firstname\">Name</label></div>
<input id=\"firstname\" name=\"firstname\" type=\"text\" size=\"25\" value=\"$firstname\" maxlength=\"255\"> <input id=\"lastname\" name=\"lastname\" type=\"text\" size=\"25\" value=\"$lastname\" maxlength=\"255\">
<div align=\"left\"><label for=\"email\">email</label></div>
<input id=\"email\" name=\"email\" type=\"text\" size=\"25\" value=\"$email\" maxlength=\"255\">
<div align=\"left\"><label for=\"phone\">phone</label></div>
<input id=\"phone\" name=\"phone\" type=\"text\" size=\"25\" value=\"$phone\" maxlength=\"255\">
</fieldset>

<fieldset>
<legend>Update Your Ad</legend>
<input type=\"submit\" name=\"submitButtonName\" value=\"Update Advert\">
</fieldset>

<input type=\"hidden\" name=\"id\" value=\"$id\">
<input id=\"d\" name=\"d\" type=\"hidden\" value=\"$d\">
<input id=\"timestamp\" name=\"timestamp\" type=\"hidden\" value=\"$timestamp\">

</form>
";
}

else { 
echo "Not found!";
}

} else { 
echo "No ID";
}

?>

</body>

</html>

But... The fields won't fill with the information already inside the database, if I type into the blank text inputs, it will write over the existing database information but it just won't display.

The only field that will display is password and ID!

Any ideas?

You know, you can echo with a ' instead of ", that would save you from all those \ eyesores.

<?php
echo '<input id="timestamp" name="timestamp" type="hidden" value="'.$timestamp.'">';
?>

Hi there matthew2riches,

Try this:-

$sql = "SELECT * FROM listings WHERE id='".$id."' AND password='".$password."'";

I think that the only reason $id & $pass are there is because they are set from the $_POST and not from the db call.

But alter the query to that and you will get what you need, also attach this to the end of the mysql_query():-

$result = mysql_query($sql)or die(mysql_error());

Then if there are any sql related issues this will let you know..

Also when you need to do html stuff inside php just go like this:-

<?php
if(whatever)
{//opening tag
$yourvar = "Cool!";
?>
<html>
<body>
<p>Whatever you like!<?php echo $yourvar; ?></p>
<?php
}//closing tag

Either way works, saves the need for escaping vars, but if there is a var needs echoing, just put the tags around it as normal ie: <?php echo $yourvar; ?> but just thought I would mention for future reference..

Cheers,

MRb

After an evening of messing around...... i found a simple way of fixing it but thanks for your help anyway!

Hi there matthew2riches,

What was the sollution that you used in the end then?

MRb