1

I need a little help with my code. If I substitute the second isset statement with the input name "submit2" everything works fine. However, if I replace the name with a string variable from an array, it doesn't work. I reviewed the ISSET manual and saw that I could use an array. There has to be something I did not take into consideration with my statement.

// First isset
if (isset($_POST['submit1'])) 
{
$firstname = trim($_POST['firstname']);
$lastname = trim($_POST['lastname']);


$sqlPlayersearch = "SELECT id, first_name, last_name, user_city, user_state, user_zip FROM wp_players WHERE first_name = '$firstname' AND last_name = '$lastname'";
$resultSearch = mysqli_query($link, $sqlPlayersearch);
}

$sqlPlyrSrch2 = "SELECT id FROM wp_players WHERE first_name = '$firstname' AND last_name = '$lastname'";
$PlyrSrch2 = mysqli_query($link, $sqlPlyrSrch2);

$plyr = array();
    while ($rowplyr1 = mysqli_fetch_array($PlyrSrch2)) {
$plyr[] = $rowplyr1[0];
}
echo $plyr[0]; // "3"
var_dump($plyr[0]); // string(1) "3"

// Second isset
if (isset($_POST['$plyr[0]'])){

$plyrfound = "Yes, It is Working";
}
?>

<html>
<style type="text/css">
.tgd1  {border-collapse:collapse;border-spacing:0;border-color:#aabcfe;}
.tgd1 td{font-family:Arial, sans-serif;font-size:14px;padding:10px 5px;border-style:solid;border-width:1px;overflow:hidden;word-break:normal;border-color:#aabcfe;color:#669;background-color:#e8edff;}
.tgd1 th{font-family:Arial, sans-serif;font-size:14px;font-weight:normal;padding:10px 5px;border-style:solid;border-width:1px;overflow:hidden;word-break:normal;border-color:#aabcfe;color:#039;background-color:#b9c9fe;}
.tgd1 .tg-hmp3{background-color:#D2E4FC;text-align:left;vertical-align:top}
.tgd1 .tg-baqh{text-align:center;vertical-align:top;font-weight: 900}
.tgd1 .tg-mb3i{background-color:#D2E4FC;text-align:right;vertical-align:top}
.tgd1 .tg-lqy6{text-align:right;vertical-align:top}
.tgd1 .tg-0lax{text-align:left;vertical-align:top}

form {
    display: block;
 }

 form {
 margin-bottom: 20px;
 }             

</style>
<body>
<form method='POST'>
    <label for="fname">First Name</label>
    <input style="width: 200px;" type="text" id="fname" name="firstname" pattern="[A-Za-z]*">
    <label for="lname">Last Name</label>
    <input style="width: 200px;" type="text" id="lname" name="lastname" pattern="[A-Za-z]*">
    <input type="submit" name="submit1" value="Find Player">

  <table class="tgd1"> 
        <tr>
            <th class="tg-baqh" colspan="4">Players</th>
        </tr>
        <tr>
            <td class="tg-baqh" style="text-align:center" width="5%">Player</td>
            <td class="tg-baqh" style="text-align:center" width="8%">City</td>
            <td class="tg-baqh" style="text-align:center" width="10%">State</td>
            <td class="tg-baqh" style="text-align:center" width="10%">Select Player</td>
        </tr>
    <?php  
                 while($row2 = mysqli_fetch_array($resultSearch))  
                 {  $plyr_id = $row2[0];
                     var_dump($plyr_id);?> 

        <tr>  
            <td class="tg-0lax" style="text-align:center"><?php echo $row2[1]; ?> <?php echo $row2[2]; ?></td>
            <td class="tg-lqy6" style="text-align:center"><?php echo $row2[3]; ?></td>
            <td class="tg-lqy6" style="text-align:center"><?php echo $row2[4]; ?></td>
            <td style="text-align:center"><input type="submit" value="Select" name="<?php echo $plyr_id;?>"></td>
        </tr>
</form>
<?php       
}  
?>
</table>
<h1>Eric <?php echo $plyrfound; ?></h1>
</body>
</html>

When I inspect the code in a browser this is what I see:

enter image description here

I have also placed some echo statements and var_dumps to see where I might be making a mistake:

enter image description here

I am expecting to see "Eric Yes, It is working". However, it does not seem to be finding the second isset as a true statement when I hit the "select" button.

Thank you in advance for any assistance.

BigUncleE
  • 51
  • 8
  • 4
    Try to remove quotes in `$_POST['$plyr[0]']`. [Example](https://3v4l.org/IlhWn) – Aksen P Dec 17 '19 at 13:41
  • Same results. I have tried using single quotes, double quotes, no quotes – BigUncleE Dec 17 '19 at 13:43
  • 2
    So just `print_r($_POST);` (Or `var_dump`) and see what's going on in the array, do the same for `$plyr`, and then you'll know why it doesn't work – Alon Eitan Dec 17 '19 at 13:44
  • Also - You can't nest a `form` element as a child of a `tbody` element. Your HTML structure is invalid and probably will case an unexpected behaviour – Alon Eitan Dec 17 '19 at 13:49
  • I removed the nested Form and the same results. – BigUncleE Dec 17 '19 at 13:54
  • I also removed the tbody statement – BigUncleE Dec 17 '19 at 13:55
  • Your code should be something [like this](https://3v4l.org/DrnCM) - Use hidden element to store the player id and wrap it (and the submit button) inside another `form` - Then in your code check `if( isset($_POST['submit_id'] ) { $player_id = $_POST['player_id']; }` – Alon Eitan Dec 17 '19 at 14:04
  • 1
    Also, take a look at [this question](https://stackoverflow.com/questions/16282103/php-mysqli-prevent-sql-injection) because your code is very dangerous and not protected against [SQL injection](https://en.wikipedia.org/wiki/SQL_injection) – Alon Eitan Dec 17 '19 at 14:06
  • 1
    Thank you. That was the solution I was looking for. I will read up on the SQL Injection link you provided. – BigUncleE Dec 17 '19 at 14:54

0 Answers0