-1

I am trying to update multiple entries at once but I'm unable to call the id, the update works fine. Error shows : Notice: Undefined index: id in C:\xampp\htdocs\poshproject\multiedit.php on line 24

<?php include 'header.php'; ?>

<div id="container4"><?php
require ("dbfunction.php");
$con = getDbConnect();


$checkbox2 = $_POST['checkbox2'];

if (!mysqli_connect_errno($con)) {
    $str = implode($checkbox2);
    $queryStr = "SELECT * " .
            "FROM crewlist WHERE  ($str) && crew_id";
}

$result = mysqli_query($con, $queryStr);

if (isset($_POST['submit'])) {
    $checkbox2 = $_POST['checkbox2'];
    foreach ($checkbox2 as $crewname) {

        ?> <form action="handlemultiedit.php" method="post">
            <input type="hidden" name="crew_id" value="<?php echo       $_GET['id']; ?>" />
        <?php echo "<tr><th>" . $crewname . ":</th><br>";
        echo "                    <tr>
                    <td>Shift 1:</td>
                    <td><input type=\"time\" name=\"start_hour\" value=\"start_hour\" id=\"start_hour\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour\" value=\"end_hour\" id=\"end_hour\" step=\"1800\" required>
                    </td>       
                </tr>
                <tr>
                    <td>Shift 2:</td>
                    <td><input type=\"time\" name=\"start_hour2\" value=\"start_hour2\" id=\"start_hour2\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour2\" value=\"end_hour2\" id=\"end_hour2\" step=\"1800\" required>
                    </td>       
                </tr><br><br>";
        ?><?php
    }?><td><input type="submit" value="Submit" ></td></form><?php
}
?>

Here is the handle page

<?php

print_r($_POST);
require 'dbfunction.php';
$con = getDbConnect();
$crew_id = $_POST["crew_id"];

$start_hour = $_POST["start_hour"];
$end_hour = $_POST["end_hour"];
 $start_hour2 = $_POST["start_hour2"];
 $end_hour2 = $_POST["end_hour2"];

if (!mysqli_connect_errno($con)) {
$sqlQueryStr = "UPDATE crewlist SET start_hour = '$start_hour',end_hour = '$end_hour', start_hour2 = '$start_hour2',end_hour2 = '$end_hour2' WHERE crew_id = " . $crew_id . "";
mysqli_query($con, $sqlQueryStr);
}


//header('Location: crewlisting.php');
 mysqli_close($con);
 ?>
forumzeon1
  • 55
  • 3

1 Answers1

0

First: You are setting yourself up for a MySQL-injection attack! You are directly using data POST'ed by the user in the MySQL query, without checking if it might include evil code!

$checkbox2 = $_POST['checkbox2'];

if (!mysqli_connect_errno($con)) {
    $str = implode($checkbox2);
    $queryStr = "SELECT * " .
            "FROM crewlist WHERE  ($str) && crew_id";
}

On to the error message: Line 24 of multiedit.php:

<input type="hidden" name="crew_id" value="<?php echo       $_GET['id']; ?>" />

The error is telling you that the parameter 'id' of GET is not set. Make sure it is set in the URL, as that is where GET retrieves data from: 

multiedit.php?id=123456

or 

header("Location: crewlisting.php?id=$crew_id");

from the handle page if that was the intention.

However, it looks like there are some holes in your code and it doesn't function as intended. Could you clarify what it is supposed to do?

I would guess 

if (isset($_POST['submit'])) {

should be moved to the handling page to check if anything actually was submitted, and 

foreach ($checkbox2 as $crewname) {

should actually be looping over $result from the MySQL query.

Kols
  • 83
  • 6