0

I received this error :

Notice: Trying to access array offset on the value of type null

when I want to update. I put the codes bellow, pls help me how fix this problem and where are the faults and problems? (In normal situation there is not an error, but when I use ctrl+U and see the source codes, all fields show that error.) I searched a lot on the website, but I didn't find the proper answer or result.

in editform.php

<?php
include_once "InsertDataDatabases.php";
$id = (isset($_POST['id']) ? $_POST['id'] : '');
$query = InsertDataDatabases::SelectDateId($id);
$item = [];
$item = mysqli_fetch_assoc($query);
?>
<form action="updatedata.php" method="post" enctype="multipart/form-data">
    <?php CSRF::CreateToken(); ?>
    <input type="text" name="id" value="<?php echo $item['id']; ?>"><br>
    <label for="name">Name:</label>
    <input type="text" name="name" value="<?php echo $item['name']; ?>"><br><br>
    <label for="email">Email:</label>
    <input type="email" name="email" value="<?php echo $item['email']; ?>"><br><br>
    <input type="file" name="image" value="images/slider/<?php echo $item['image']; ?>"><br>
    <img src="images/slider/<?php echo $item['image']; ?> " width="50px" height="50px" alt=''><br>
    <input type="submit" name="updatebtn" value="UPDATE">

</form>

in updatedata.php

<?php
include_once "InsertDataDatabases.php";
include_once "DataBase.php";
include_once "CSRF.php";
$con = DataBase::ConnectOpen();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (isset($_POST['updatebtn'])) {
        if (CSRF::ValidateToken($_POST["token"])) {
            $id = htmlentities(mysqli_real_escape_string($con, $_POST['id']));
            $name = htmlentities(mysqli_real_escape_string($con, $_POST['name']));
            $email = htmlspecialchars(mysqli_real_escape_string($con, filter_var(trim($_POST['email']), FILTER_SANITIZE_EMAIL)));
            $image = $_FILES['image'];
            InsertDataDatabases::UpdateData($id, $name, $email, $image);
            mysqli_close($con);
            header("Location: index.php");
        }
    }
}

and in InsertDataDatabases.php

public static function SelectDateId($id)
    {
        self::ConnectDataBase();
        return mysqli_query(self::$con, "SELECT * FROM user WHERE id = '{$id}'");
        
    }
 
public static function UpdateData($id, $name, $email, $image)
    {
        self::ConnectDataBase();
        $path = "images/slider";
        $image_new = self::ImageUpload($image, $path);
        if (empty($image_new)) {
            $query = self::EditDataId($id);
            $item = [];
            $item = mysqli_fetch_assoc($query);
            $image_new = $item['image'];
        }
        mysqli_query(self::$con, "update user set name = '$name', email = '$email', image = '$image_new' where id = '$id'");
    }
Dharman
  • 30,962
  • 25
  • 85
  • 135
Farzad
  • 11
  • 3
  • You're viewing source using a `GET` request, so `$_POST['id']` isn't filled in. `editform.php` needs to check the request method, just like `updatedata.php` does. – Barmar Sep 11 '20 at 16:30
  • sorry, I didn't understand your tips, plz explain in detail for me – Farzad Sep 11 '20 at 18:35
  • You have this code in `updatedata.php`: `if ($_SERVER['REQUEST_METHOD'] == 'POST') {` You need similar code in `editform.php` – Barmar Sep 11 '20 at 19:02
  • thanks, I did this but I get the previous result and did not get the proper result. Cuold I ask you to put revised code of that section here? – Farzad Sep 11 '20 at 19:15
  • **Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Sep 11 '20 at 19:46

1 Answers1

0

When you view source, you're not posting the form, so the $_POST variable isn't set. You should check that the $_POST variable is set before trying to use it.

<?php
include_once "InsertDataDatabases.php";
if (isset($_POST['id'])) {
    $id = $_POST['id'];
    $query = InsertDataDatabases::SelectDateId($id);
    $item = [];
    $item = mysqli_fetch_assoc($query);
    ?>
    <form action="updatedata.php" method="post" enctype="multipart/form-data">
        <?php CSRF::CreateToken(); ?>
        <input type="text" name="id" value="<?php echo $item['id']; ?>"><br>
        <label for="name">Name:</label>
        <input type="text" name="name" value="<?php echo $item['name']; ?>"><br><br>
        <label for="email">Email:</label>
        <input type="email" name="email" value="<?php echo $item['email']; ?>"><br><br>
        <input type="file" name="image" value="images/slider/<?php echo $item['image']; ?>"><br>
        <img src="images/slider/<?php echo $item['image']; ?> " width="50px" height="50px" alt=''><br>
        <input type="submit" name="updatebtn" value="UPDATE">
    
    </form>
<?php }
Barmar
  • 741,623
  • 53
  • 500
  • 612
  • thanks very much, but I have two questions. First: when I want to view source code I encountered with error of 'Document Expired', after use of 'try again' key in the browser, I entered in the source code, but I did not any code between body tags. Second : How I understand that if there is this error in source code again? (although when I analyze by Inspect Element, I don't any error) Is it true in your opinion? – Farzad Sep 11 '20 at 19:47
  • It doesn't display the form unless it can look up the value of `$item`. And it can't look that up if there's no `$_POST['id']` – Barmar Sep 11 '20 at 19:48
  • Thanks, How I understand that if there is this error in source code again? (although when I analyze by Inspect Element, I don't any error) Is it true in your opinion? – Farzad Sep 11 '20 at 19:54
  • "Document expired" happens if you try to reload a form submission too long after you original submitted it, to prevent a duplicate form. – Barmar Sep 11 '20 at 19:56
  • Thank you so much for your guidance. It was very helpful. Could I ask your help and guidance here If I faced with any problem again? – Farzad Sep 11 '20 at 20:17