0

I have created two files. One named as index.php and the other is edit.php. I have included index.php into edit.php. edit.php is for editing the posts. Posts are editing fine but the problem is, whenever I tried to update the it gives my error."Notice, undefined variable edit on line 10" here is the line $edit_id = $_GET['edit']; But I have declared in index.php <td><a href="edit.php?edit=<?php echo $id; ?>">Edit</a></td> I have also declared a query to update the data. But whenever I tried to update the data. It does not update else removed. Here is my index.php file. Any help would be appreciated. Thanks and regards,

<!DOCTYPE html>

    <?php
    session_start();
    if(!isset($_SESSION['user_name'])) {
    header("location: login.php");
    } else {
            ?>

    <html>
    <head>
    <link rel="stylesheet" href="admin_style.css"> 
    <title>Admin Panel</title>
    </head>
    <body>
    <header>
    <h1><a href="index.php"> Welcome to Admin Panel</a> </h1>
    </header>
    <h3 align="center">This is Admin Area</h3>
    <aside>
    <h3>Welcome <?php echo $_SESSION['user_name']; ?></h3>
    <h2>Manage Content</h2>
    <p><a href="index.php?view=view">View Posts</a></p>
    <p><a href="index.php?insert=insert">Insert Posts</a></p>
    <p><a href="logout.php">Logout</a></p>
    </aside>

    <?php
    if(isset($_GET['insert'])){
    include("Post.php");
    }
    ?>
    <?php if(isset($_GET['view'])) { ?>
    <table width="1000" align="center" border="1">
    <tr>
    <td align="center" colspan="9"><h1>View all Posts</h1></td>
    </tr>
    <tr align="center">
    <th>Post No</th>
    <th>Post Title</th>
    <th>Post Date</th>
    <th>Post Author</th>
    <th>Post Image</th>
    <th>Post Content</th>
    <th>Edit</th>
    <th>Delete</th>
    </tr>
    <?php
    include("connect.php");
    if(isset($_GET['view'])) {
    $query = "SELECT * FROM posts order by 1 DESC";
    $run = mysqli_query($con, $query);
    $i=1;
    while($row=mysqli_fetch_array($run)) {
    $id = $row['Post_id'];
    $title = $row['Post_title'];
    $date = $row['Post_date'];
    $author = $row['Post_author'];
    $image = $row['Post_image'];
    $content = substr($row['Post_content'],0,50);
    ?>

    <tr align="center">
    <td><?php echo $i++; ?></td>
    <td><?php echo $title; ?></td>
    <td><?php echo $date; ?></td>
    <td><?php echo $author; ?></td>
    <td><img src="../images/<?php echo $image; ?>" width="50" height="50" /> </td>
    <td><?php echo $content; ?></td>
    <td><a href="edit.php?edit=<?php echo $id; ?>">Edit</a></td>
    <td><a href="delete.php?del=<?php echo $id; ?>">Delete</a></td>
    </tr>
    <?php
    } 
    } 
    }
    ?>
    </table>
    </body>
    </html>     
    <?php } ?>

edit.php code is here:

<!DOCTYPE html>
<html>
  <body>
    <?php

        include("index.php");
        include("connect.php");

            $edit_id = $_GET['edit'];
            $query = "SELECT * FROM posts where Post_id = '$edit_id'";
            $run = mysqli_query($con, $query);

            while($row=mysqli_fetch_array($run)) {

                                $edit_id1 = $row['Post_id'];
                                $title = $row['Post_title'];
                                $date = $row['Post_date'];
                                $author = $row['Post_author'];
                                $image = $row['Post_image'];
                                $content = $row['Post_content'];


    ?>


<form method="post" action="edit.php?edit_form=<?php echo $edit_id1;?>" enctype="multipart/form-data">
    Post Title: &nbsp &nbsp <input type="text" name="Title" size="50" value="<?php echo $title; ?>" required /> <br /> 
    Post Author: <input type="text" name="Author" size="50" value="<?php echo $author; ?>" required /> <br />
    Post Image: <input type="file" name="Image" /><img src="../images/<?php echo $image; ?>" width="60" height="60"/> <br /> 
    Post Content: <textarea name="Content" cols="70" rows="20" >
        <?php echo $content; ?>
    </textarea> <br />
    <input type="submit" name="update" value="update" /> <br />         
</form>


    </body>
</html>

    <?php

        if(isset($_POST['update'])) {

            $update_id = $_GET['edit_form'];
            $post_title = $_POST['title'];
            $post_date = date('y-m-d');
            $post_author = $_POST['author'];
            $post_content = $_POST['content'];
            $post_image = $_FILES['image']['name'];
            $post_image_type = $_FILES['image']['type'];
            $post_image_size = $_FILES['image']['size'];
            $post_image_tmp = $_FILES['image']['tmp_name'];

            move_uploaded_file($post_image_tmp,"../images/$post_image");
            $update_query = "update posts set Post_title='$post_title',Post_date='$post_date',Post_author='$post_author',Post_image='$post_image',Post_content='$post_content' where Post_id='$update_id' ";

            if(mysqli_query($con,$update_query)) {

                echo "<script>alert('Post has been updated')</script>";


        }
        }

    ?>          
    <?php } ?>
Qasim Ali
  • 47
  • 1
  • 7

1 Answers1

0

The issues are with your form. When this form is submitted your $edit_id = $_GET['edit']; above is undefined.

You should update that to

if(!empty($_GET['edit'])) {
    //next trust your users; http://php.net/manual/en/mysqli.real-escape-string.php
    $edit_id = mysqli_real_escape_string($con, $_GET['edit']);
    $query = "SELECT * FROM posts where Post_id = '$edit_id'";
    $run = mysqli_query($con, $query);
    while($row=mysqli_fetch_array($run)) {
        $edit_id1 = $row['Post_id'];
        $title = $row['Post_title'];
        $date = $row['Post_date'];
        $author = $row['Post_author'];
        $image = $row['Post_image'];
        $content = $row['Post_content'];
}

Then in your form your name attributes are title cased but in your PHP you have them lowercased. You need to choose one naming convention and stick with it. So either......

<form method="post" action="edit.php?edit_form=<?php echo $edit_id1;?>" enctype="multipart/form-data">
    Post Title: &nbsp &nbsp <input type="text" name="title" size="50" value="<?php echo $title; ?>" required /> <br /> 
    Post Author: <input type="text" name="author" size="50" value="<?php echo $author; ?>" required /> <br />
    Post Image: <input type="file" name="image" /><img src="../images/<?php echo $image; ?>" width="60" height="60"/> <br /> 
    Post Content: <textarea name="content" cols="70" rows="20" >
        <?php echo $content; ?>
    </textarea> <br />
    <input type="submit" name="update" value="update" /> <br />         
</form>

...or....

$update_id = $_GET['edit_form'];
            $post_title = $_POST['Title'];
            $post_date = date('y-m-d');
            $post_author = $_POST['Author'];
            $post_content = $_POST['Content'];
            $post_image = $_FILES['Image']['name'];
            $post_image_type = $_FILES['Image']['type'];
            $post_image_size = $_FILES['Image']['size'];
            $post_image_tmp = $_FILES['Image']['tmp_name'];
chris85
  • 23,846
  • 7
  • 34
  • 51
  • Thank You very much man. @chris85 actually i am new and following the old tutorials which uses mysql. I am having some troubles. Could you please clear some confusions? 1. Is php CASE SENSITIVE? – Qasim Ali Mar 29 '15 at 17:22
  • Various things in PHP are and aren't case sensitive... http://stackoverflow.com/questions/20624257/are-php-keywords-case-sensitive http://php.net/manual/en/language.variables.basics.php http://stackoverflow.com/questions/20624257/are-php-keywords-case-sensitive I find it best to keep things lower case and use underscores if/when you want distinction in names. – chris85 Mar 29 '15 at 17:42
  • I am really sorry to disturb you again just one last question @chris85 .As you have seen, I have content and I have defined it as text in database. But whenever I copy something from net which has comas, semi-colons, colons, Quotations etc. it does not work. Data does not submit. What should i do? – Qasim Ali Mar 29 '15 at 17:46
  • It's best to separate data being inputted from the SQL. You should look into prepared statements. http://stackoverflow.com/questions/1290975/how-to-create-a-secure-mysql-prepared-statement-in-php – chris85 Mar 29 '15 at 17:56