0

I am trying to update a record in database, but I get this error Notice: Undefined variable: id in C:\xampp\htdocs\test\admin\admin\update.php on line 15 have tried the POST AND GET method but still get the error.

Here is my code:

<?php
session_start();
//Include database connection details
include('dbconnect.php');
{   
    if(isset($_GET['id']))
        $id = mysqli_real_escape_string($_POST['id']);  

    $title =  ($_POST['title']);
    //$cname = ($_POST['txtEditor']);
    //$cat = strip_tags($_POST['cat']);
    //$date=date("Y-m-d");

    $sql =("UPDATE newsarticles SET  headline='$title'  WHERE ID='$id'");


    if ($conn->query($sql) === TRUE) {
        echo "Record updated successfully";
    } else {
        echo "Error updating record: " . $conn->error;
    }
}
$conn->close();
//$results = $mysqli->query("UPDATE products SET product_name='52 inch TV', product_code='323343' WHERE ID=24");
?>

here is my form 

  <?php
session_start();
include("dbconnect.php");


 if(isset($_GET['id']))
    $id = strip_tags($_GET['id']);
$sql = "SELECT * FROM newsarticles WHERE id=$id" ;
$result = mysqli_query($conn, $sql);
while ($row = mysqli_fetch_assoc($result))

    {
        $image= $row['photo'];
    $title = $row['headline'];
    $description = ( $row['text']);
    $time = $row['publishDate'];
    }
?>
<link href="plugins/WYSIWYG/editor.css" type="text/css" rel="stylesheet"/>
<script src="plugins/WYSIWYG/editor.js"></script>

<script type="text/javascript">
    $(document).ready(function () {
        $("#txtEditor").Editor();
        $("#txtEditor").Editor("setText", <?php echo json_encode($description) ;?>);
    });
    </script>


<form name="my_form" action="update.php" method="POST"  enctype="multipart/form-data">
  <div class="form-group">
    <label for="exampleInputEmail1">Date</label>
    <input type="text" class="form-control" id="time" name="time"  value="<?php echo date('d-m-Y'); ?>" disabled>
    <small id="emailHelp" class="form-text text-muted"></small>
  </div>
  <div class="form-group">
    <label>Article Title</label>
    <input type="text" class="form-control" id="title" name="title" value="<?php echo $title; ?>" placeholder="title" required />
  </div>
  <div class="form-group">
    <label >select categories</label>
    <select class="form-control" id="cat" name="cat">
      <option value="World">World</option>
 <option value="Sport">Sport</option>
 <option value="Politics">Politics</option>
 <option value="Business">Business</option>
 <option value="Technology">Technology</option>
 <option value="Entertainment">Entertainment</option>
 <option value="Fashion">Fashion</option>
 <option value="Gist">Gist</option>    </select>
  </div>

  <div class="form-group">
    <label>Write Article </label>
    <textarea class="form-control" id="txtEditor" name="txtEditor"></textarea>
  </div>
  <div class="form-group">
    <label for="exampleInputFile">upload image</label>
    <input type="file" accept="image/*" name="myimage" id="myimage" class="form-control-file" id="exampleInputFile" aria-describedby="fileHelp">
    <small id="fileHelp" class="form-text text-muted"></small>

  </div>

  <button onclick=" $('#txtEditor').val($('.Editor-editor').html());" type="Publish" id="Publish" name="Publish" class="btn btn-primary">Publish</button>
</form>

the above code is my form page with php code to display value from database on their respective field

Please any help?

Barmar
  • 741,623
  • 53
  • 500
  • 612
Dero3376
  • 171
  • 3
  • 14
  • you're missing/mash up brackets and mix GET and POST – Jeff Dec 30 '16 at 22:49
  • 1
    post the html form for this then – Funk Forty Niner Dec 30 '16 at 22:49
  • `mysqli_real_escape_string` that is failing you here. Matter of fact, your entire code is failing. – Funk Forty Niner Dec 30 '16 at 22:50
  • `mysqli_real_escape_string()` takes 2 arguments. It should be `mysqli_real_escape_string($conn, $_GET['id'])`. But you really should switch to prepared statements instead of escaping. – Barmar Dec 30 '16 at 22:57
  • In your script, you only set `$id` if `$_GET['id']` is set. But then you still go on to perform the database query anyway. You should have all the code inside the `if`, not just the variable assignment. – Barmar Dec 30 '16 at 23:00
  • Your code is dangerously vulnerable to [SQL injection](https://en.wikipedia.org/wiki/SQL_injection). If `$_POST['title']` has a `'` character in it, your code will break (which an attacker can use to do nasty stuff). – ceejayoz Dec 30 '16 at 23:02
  • @Fred-ii- the link you provided did not solve my problem in already did call it as a variable before using it please look at the code before you make as duplicate – Dero3376 Dec 30 '16 at 23:09
  • @Dero3376 Which file is `update.php`, and what's on line 15? In the code you've posted, line 15 is a blank line. – ceejayoz Dec 31 '16 at 22:45

0 Answers0