-2

I'm doing this for an assessment and I'm nearly done but every time I try updating or editing my database with PHP code it gives the Undefined variable error

I've tried isolating the code that it says is causing the error and fixing it but whatever I do it never works

HTML:

<form id = "add_books_form" name = "new_book" method = "post" action = "book_processings.php">

            <div id = "inputs"><label>ISBN  </label><input id = "elements" type = "text" maxlength = "30" name = "ISBN" required/><br></div>
            <div id = "inputs"><label>Title  </label><input id = "elements" type = "text" maxlength = "100" name = "Title" required/><br></div>
            <div id = "inputs"><label>Replacement Cost $  </label><input id = "elements" type = "number" value = "0.00" step = "0.10" min = "0" max = "99.99" name = "ReplacementCost" required/><br></div>
            <div id = "inputs"><label>Adult Theme  </label><select id = "elements" name = "adult_theme">
                            <option value = "Y">Yes</option>
                            <option value = "N">No</option>
                         </select><br></div>
            <div id = "inputs"><label>Category  </label><select id = "elements" name = 'category'>
                        <?php
                                while($all_category_rec = mysqli_fetch_assoc($all_category_qrun)){
                                    echo"<option value = '".$all_category_rec['CategoryID']."'>".$all_category_rec['Category']."</option>";
                                }
                        ?>
                    </select><br></div>
            <div id = "inputs"><label>Author  </label><select id = "elements" name = 'author'>
                        <?php
                                while($all_authors_rec = mysqli_fetch_assoc($all_authors_qrun)){
                                    echo"<option value = '".$all_authors_rec['AuthorID']."'>".$all_authors_rec['FirstName']." ".$all_authors_rec['LastName']."</option>";
                                }
                        ?>
                    </select><br></div>

            <div id = "inputs"><label>Publisher  </label><select id = "elements" name = 'publisher'>
                        <?php
                                while($all_publishers_rec = mysqli_fetch_assoc($all_publishers_qrun)){
                                    echo"<option value = '".$all_publishers_rec['PublisherID']."'>".$all_publishers_rec['PublisherName']."</option>";
                                }
                        ?>
                    </select><br></div>

            <div id = "inputs"><label>Published Year  </label><input id = "elements" type = "number" step = "1" max = "2025" min = "1400" value = "2019" name = "YearOfPublication" required/><br></div>
            <input id = "button" type = "submit" name = "submit" value = "Add Book"/>
        </form>

PHP:

if($_POST['submit'] == 'Add Book'){
        $add_book_query = "INSERT INTO books(ISBN, Title, ReplacementCost, AdultContent, Category, AuthorID, YearOfPublication  , PublisherID)
                   VALUES('$ISBN', '$Title', '$ReplacementCost', '$AdultContent', '$CategoryID', '$AuthorID', '$YearOfPublication', '$PublisherID')";
        $add_book_qrun = mysqli_query($dbcon, $add_book_query);
        if(!$add_book_qrun){
            echo"<h3>Data was not entered.</h3>";
        }else{
            echo"<h3>Data was successfuly enetered.</h3>";
        }
        echo"<form id = 'proc' name = 'go_back' method = 'post' action = 'add_book.php'>";                                          
            echo"<input id = 'button' type = 'submit' name = 'submit2' value = 'Go Back'/>";
        echo"</form>";
    }

for this query, I am expecting it to add the details I have entered into my database but instead, I get unidentified variable for all my values

Temani Afif
  • 245,468
  • 26
  • 309
  • 415
Troy Ansell
  • 1
  • 2
  • Can you post the error message? Usually it will give a line where the break is. – svsdnb May 02 '19 at 22:27
  • Notice: Undefined variable: AuthorID in C:\xampp\htdocs\final\book_processings.php on line 8 it says that for all my variables/values – Troy Ansell May 02 '19 at 22:32
  • The Author dropdown is populating properly in the form I'm assuming? – svsdnb May 02 '19 at 22:41
  • 1
    You're also wide open to SQL injection. See this: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – Chris White May 02 '19 at 22:41
  • There is no [AuthorID] form element, just [author] – tiebob May 02 '19 at 22:44
  • @svsdnb I don't really understand what that means if you mean its not displaying Authors in the drop down then that is not the case all my visual aspects work just not the insert or update queries – Troy Ansell May 02 '19 at 22:45
  • @tiebob if that wast he case then Category would fail too. – svsdnb May 02 '19 at 22:52
  • Yeah I'm just trying to make sure I have the whole picture of where the Author info isn't being utilized. Possibly try to change name="author" or name="authorid" – svsdnb May 02 '19 at 22:53
  • 1
    @svsdnb Becase your `$add_book_query` statement just have first 3 parameter ISBN, Title, ReplacementCost in your form, but I am not sure where the others and how you assigned them. Maybe you can confirm the query statement is fine before it run. Try to trace use `die( $add_book_query) ` below the line it declare. – tiebob May 02 '19 at 23:01
  • @tiebob all of my parameters are in the `$add_book_query` – Troy Ansell May 02 '19 at 23:44
  • All of the variables will be in the `$_POST` array. – Jay Blanchard May 03 '19 at 02:16

1 Answers1

-1

You need to extract these values form the $_POST global array. To see what's in this array, try:

echo (print_r($_POST, true));

Then to extract the variables, try:

$ISBN = $_POST['ISBN'];
$title  = $_POST['Title'];
$replacementcost = $_POST['ReplacementCost'];
etc

Watch out for your capital letters!

As it's an assignment for college I would add something that says 'In a production environment the $_POST global data would be sanitized before use to protect against possible sql injection'

chipbug
  • 19
  • 2
  • 6