Can't echo data from phpmyadmin

Question

Am was already created form like this and working perfect but on last two forms not working, it displays warning-Undefined variable: reg_no and cost. Am trying to follow algorithm as previous forms but nothing happen. My goal is to update inserted data and here is my form

<!doctype html>
<html>
<head>

<meta charset="utf-8">
<title>Edit invoice</title>
<link rel="stylesheet"  href="box_style.css" />
</head>

<body>

<?php
 
include ("db_con.php");

if(isset($_GET['edit_invoice'])){

        $edit_i_id = $_GET['edit_invoice'];

        $select_invoice = "select * from invoice where i_id='$edit_i_id'";

        $run_query = mysqli_query($con, $select_invoice);

        while ($row_invoice=mysqli_fetch_array($run_query)){
   
  $i_id = $row_invoice['i_id']; 
        $reg_no = $row_invoice['reg_no'];
        $cost = $row_invoice['cost'];

        }
    }

?>

<div class='form'>
<form action="" method="post" enctype="multipart/form-data" >
 
<table width="745" align="center" border="2">
 
 
<p style="text-align: center;"><strong><span style="text-decoration: underline;">EDIT INVOICE:</span></strong></p>
 
 <tr>  
  <td align="right" bgcolor="#dbe5f1"><strong>Registration Number:</strong></td>
  <td><input type="text" name="reg_no" id="reg_no" size="35" class="text" placeholder="Registration Number" value="<?php echo $reg_no; ?>" required=""/></td>  
 </tr>
 
 <tr>  
  <td align="right" bgcolor="#dbe5f1"><strong>Cost(Tshs):</strong></td>
  <td><input type="text" name="cost" id="cost" size="35" class="text" placeholder="Cost" value="<?php echo $cost; ?>" required=""/></td>
 </tr>

 
 <tr>
  <td colspan="6" align="center" bgcolor="#dbe5f1" ><input type="submit" name="update" class="submit-button" value="SAVE CHANGES"></td>  
 </tr>
 
 </table>
 
</form>
</div>


</body>


</html>

Your script is at risk of [**SQL Injection Attack**](https://stackoverflow.com/q/60174/5914775). Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/). Even [if you are escaping inputs, its not safe!](https://stackoverflow.com/q/5741187/5914775). Use [prepared parameterized statements](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. — Tom Udding, Jul 04 '17 at 12:26

BenRoob · Answer 1 · 2017-07-04T13:58:56.703

1

if isset($_GET['edit_invoice']) is false, your $reg_no is not present in later script (where you want to echo it).

Put $reg_no above your isset($_GET...) check and set it null or empty string.

$reg_no = null;
if (isset($_GET['edit_invoice'])) {
   // your code...
}

Edit: Do the same for $cost and $i_id ;)

PLEASE consider Tom Uddings comment with SQL injections!

edited Jul 04 '17 at 13:58

answered Jul 04 '17 at 12:27

BenRoob

1,662
5
22
24

This way clear all undefined variables but it does not displays data from database and also I can't return data to database(updating). – Joseph Aggrey Mhecha Jul 04 '17 at 13:20

score 1 · Accepted Answer · answered Jul 04 '17 at 12:47

1

Remove while loop from your php code since update is for one record based on id The code will be as :

if(isset($_GET['edit_invoice'])){
    $edit_i_id = $_GET['edit_invoice'];
    $select_invoice = "select * from invoice where i_id='$edit_i_id'";
    $run_query = mysqli_query($con, $select_invoice);
    $row_invoice = mysqli_fetch_array($run_query);

    $i_id = $row_invoice['i_id'];   
    $reg_no = $row_invoice['reg_no'];
    $cost = $row_invoice['cost'];
}

answered Jul 04 '17 at 12:47

Gyan

498
6
10

Am trying this but it not echo data from database – Joseph Aggrey Mhecha Jul 04 '17 at 13:30
Are you passing value to edit_invoice parameter in order to get that id in your $edit_i_id? – Gyan Jul 04 '17 at 13:35
Yes I did that. – Joseph Aggrey Mhecha Jul 04 '17 at 14:08

Can't echo data from phpmyadmin

2 Answers2