-2

I create a news section onn my website and want the ability to update it if needed. I had it working using the old mysql method, but want to change it by using PDO.

Can someone point out my error. The form pulls in data for me to update, but its pulling from the wrong row / id.

Here is my query:

<?php
$post_title = "";
$description = "";
$id = $_GET['id'];

$query = $db->query("SELECT title, description FROM htp_news WHERE id='$id'");

$post_title     = $db->query('SELECT title FROM htp_news')->fetchColumn();
$description    = $db->query('SELECT description FROM htp_news')->fetchColumn();

?>

And Here is my form where I'm echoing in the data.

<form method="post" action="update-news.php">
<input type="hidden" name="ud_id" style="width: 100%" value="<?php echo "$id"; ?>">

<div class="grid_12 botspacer60">


Title: <input type="text" name="ud_title" value="<?php echo "$post_title"; ?>">
<br /><br />

News Details:<br />
<textarea id="tiny_mce" name="ud_description" rows="8"><?php echo "$description"; ?></textarea>

I'm not asking to rewrite my code, just a tip or something would be helpful so I can figure out what I did wrong here.

UPDATE This works with some modification to AdRock answer.

    <?php

    $id = isset($_GET['id']) ? $_GET['id'] : NULL;
    $sth = $db->prepare("SELECT `id`, `title`, `description` FROM `htp_news` WHERE `id` = :id");
    $sth->bindParam(':id', $id, PDO::PARAM_INT);
    $sth->setFetchMode(PDO::FETCH_OBJ);
    $sth->execute();

    $row = $sth->fetch();

    ?>
    <form method="post" action="update-news.php">
    <input type="hidden" name="ud_id" style="width: 100%" value="<?php echo $row->id; ?>">

    <div class="grid_12 botspacer60">


    Title: <input type="text" name="ud_title" value="<?php echo $row->title; ?>">
    <br /><br />

    News Details:<br />
    <textarea id="tiny_mce" name="ud_description" rows="8"><?php echo $row->description; ?></textarea>
    </div>


    <div class="grid_12">

        <input type="submit" value="Update">
        <input type="button" value="Cancel" onclick="window.location = '/admin'">
        </div>
    </form>
    </div>

Here is the action script (update-news.php) that I'm using to add the new data into my database.

<?php
include($_SERVER['DOCUMENT_ROOT'] . "/includes/database.php");
// new data
$id             = $_POST['id'];
$title          = $_POST['title'];
$description    = $_POST['description'];
// query
$sql = "UPDATE `htp_news` SET `title`=?, `description`=? WHERE id=?";
$sth = $db->prepare($sql);
$sth->execute(array($title,$description,$id));
echo "The post has been updated.<br />
<a href='edit-delete-news.php'>Update another position.</a><br />";
?>

Thanks for the help.

daugaard47
  • 1,726
  • 5
  • 39
  • 74
  • Change `$id = $_GET['id'];` to `$id = $_GET['ud_id'];` since you're using `name="ud_id"` – Funk Forty Niner Apr 09 '14 at 06:41
  • 2
    @YourCommonSense I knew you would be the first to reply and give my question a good ol down vote. I'm just trying to learn from you guys here. Isn't that what this site is about? – daugaard47 Apr 09 '14 at 06:43
  • 5
    this is what you're doing wrong exactly. "trying to learn from you guys here" is a SURE EXACT offtopic. Stack OVerflow is not a tutoring site. You are confusing it with tuts+. Banging some random lines of code together and then asking "for some hint" is not how questions asked here – Your Common Sense Apr 09 '14 at 06:47
  • I don't see `name="id"` anywhere. Have you tried [`my suggestion`](http://stackoverflow.com/questions/22954644/update-row-with-php-pdo#comment35046356_22954644) yet? @cwd – Funk Forty Niner Apr 09 '14 at 06:54
  • @YourCommonSense Fair enough. Sorry to ask for help. I'm just in a tough spot right now and need to learn this ASAP and don't have much time to learn a completely new language from scratch again, due to a heavy work load. I get what you are saying though. – daugaard47 Apr 09 '14 at 06:58
  • @Fred-ii- yes I tried your suggestion, didn't get it working yet, but thank you for the pointer. – daugaard47 Apr 09 '14 at 06:59
  • You're welcome. That is one factor to consider though. – Funk Forty Niner Apr 09 '14 at 07:00
  • 5
    The only thing that is scaring me in this life is a surgeon who would ask a similar question on a site like this, before treating me. I am sure you can't imagine one. But for some reason people take programming as a some sort of picnic, as something that any toddler can quickly grasp the idea. Let me tell you IT IS NOT! It require YEARS OF HARD WORKING AND LEARNING. No less than surgery takes. So, either learn it, or leave it for the professionals – Your Common Sense Apr 09 '14 at 07:02
  • 1
    @YourCommonSense I'm fully aware of how hard it is, if it was easy I wouldn't be here asking this question at 2 AM when I have to be at work at 8am. – daugaard47 Apr 09 '14 at 07:06
  • First things first, you have no database connection, you are running 3 queries to do the same thing you could do with a single query, your form field names differ from your retrieved parameters on your code and you have no submit button. It looks to me you have not even checked the PHP manual which shows entire examples of how to use PDO and query the database to retrieve data. [**Start here**](http://www.php.net/manual/en/pdostatement.fetch.php)! Also your code is wide open to SQL Injection suggest you to read on prepared statement + PDO. – Prix Apr 09 '14 at 07:07
  • @Prix I have the database, your right about the 3 queries I saw it on another similar question asked here and thought I'd give it a try. It was working except for the id issue so I went with it. I didn't show the submit button because I didn't feel it was relevant to the question. Thanks for the link. – daugaard47 Apr 09 '14 at 07:11
  • 1
    if you show an incomplete form on a question where the form is a important piece people will ask where is the rest because a LOT of people that ask questions here omit important piece of code that in 90% of the cases are the issue with their code. So I suggest you to post only the relevant parts to the question however making sure its a compilable version of it so others can reproduce the issue you're having to guide you on how to fix it. – Prix Apr 09 '14 at 07:15
  • Like fred already pointed you have `name="ud_id"` on your form and you have `$id = $_GET['id'];` on your code so the first issue is the name of it, the second issue is that you're sending a POST form `method="post"` but yet tries to read it as a GET. So the correct would have been `$id = $_POST['ud_id'];` – Prix Apr 09 '14 at 07:18
  • @Prix that gives me an Undefined index: ud_id notice. And didn't fix the id issue. – daugaard47 Apr 09 '14 at 07:26
  • I am sorry my crystal ball is not working at the moment and I can't read your mind to see what your code looks like right now, would you mind updating your question with it(make sure its one that can be used)? and **`Undefined index`** is a very clear error that if you search here u will find why in a second. – Prix Apr 09 '14 at 07:29
  • @Prix See above for my updated code. – daugaard47 Apr 09 '14 at 07:34
  • [“Notice: Undefined variable” and “Notice: Undefined index”](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index) – Prix Apr 09 '14 at 07:38
  • @Prix Thanks that took care of the notice. I appreciate the help. I'll have to work on the original problem tomorrow. It's late and my brain is fried. I'll post my correct answer when I figure it out. Maybe you guys could take off your down vote then, So I'm not banned from asking questions here. Thanks – daugaard47 Apr 09 '14 at 07:43
  • You do not get banned from down vote they merely express the lack of efforts on creating questions as well as other points by the view of the readers. For instance when one post a problem without even doing their own research on the issue. – Prix Apr 09 '14 at 07:44
  • [Checklist before asking a question!](http://meta.stackexchange.com/questions/156810/stack-overflow-question-checklist) [And as for the down vote I don't see anything saying it bans people](http://stackoverflow.com/help/whats-reputation) – Prix Apr 09 '14 at 07:47
  • It doesn't work. There are still several essential errors in this code. Why don't you post the code that really worked for you? – Your Common Sense Apr 10 '14 at 03:54
  • @YourCommonSense It's working exactly how I need it to on my website...? If you see something wrong with it help me out. If you don't want to help me then help all the other people that might see this post and share some of your wisdom. =) – daugaard47 Apr 10 '14 at 04:09
  • It is not about wisdom but about common sense. Why you're posting the code that doesn't work but says it's working? Whom you want to trick here? – Your Common Sense Apr 10 '14 at 04:17
  • @YourCommonSense I don't know what to tell to make you believe this code is working on my site but it is. I'm not trying to trick anyone. The main problem was it was pulling from the wrong id in the database. By adding `$id = isset($_GET['id']) ? $_GET['id'] : NULL;` and tweaking AdRock code it corrected the problem and despite what you guys were saying about it needing to be POST instead of GET that was not working for my situation. Anyways man, I have other stuff I have to work on. Believe what you want, that code is working. I will say though, plus 1 for your coding passion. – daugaard47 Apr 10 '14 at 04:43
  • :) I love this "works better" – Your Common Sense Apr 10 '14 at 13:58
  • @YourCommonSense I just said that "works better" to get a rise out of you. =) Seriously though. The code I previously posted was working, but after going back and forth with you I did more digging and realized some mistakes I was making. Does this look better to you? – daugaard47 Apr 10 '14 at 14:26
  • Please, grow up. It wasn't. – Your Common Sense Apr 10 '14 at 14:47

1 Answers1

-2

Try this

<?php

$sth = $dbh->prepare('SELECT id, title, description FROM htp_news WHERE id = :id')
$sth->bindValue(':id', $_POST['ud_id'], PDO::PARAM_INT);
$sth->execute();

$row = $sth->fetch(PDO::FETCH_ASSOC);

?>
<form method="post" action="update-news.php">
<input type="hidden" name="ud_id" style="width: 100%" value="<?php echo $row[0]['id']; ?>">

<div class="grid_12 botspacer60">


Title: <input type="text" name="ud_title" value="<?php echo $row[0]['title']; ?>">
<br /><br />

News Details:<br />
<textarea id="tiny_mce" name="ud_description" rows="8"><?php echo $row[0]['description']; ?></textarea>
AdRock
  • 2,959
  • 10
  • 66
  • 106
  • Thanks for showing me how to reduce the queries, but unfortunately it didn't work. I just get blank fields now. Not pulling in any info. I'll keep at it though and try to get it working. – daugaard47 Apr 09 '14 at 15:10
  • Does the query work in phpmyadmin and is there a n id in the url? – AdRock Apr 10 '14 at 15:16
  • With the update I posted at the top of the page in my original post it works, so to answer your question, yes and yes /admin/news/edit-news.php?id=116. – daugaard47 Apr 10 '14 at 15:32