Hi,
I’m doing a relatively simple CMS script. It’s one page, index.php which lists all session information in a table, along with delete and update information. The links for delete and update pass my primary key through the address bar:
[code=php]print “<td>” . “<a href=’delete.php?SessionID=$SessionID’>Delete session</a>” . “</td>” . “n”;
However, here are my problems:
My update functionality will load the preexisting values from the database table but when I try and update the text fields and issue the update query, the fields are not updated.
When I click on my delete link, it doesn’t load my session id parameter, therefore, I can’t see the session that I want to delete.
The code for update is:
[code=php]<?php
//-initialize flag
$done=false;
//-prepare an array of expected items
$expected=array(‘sessiondescription’,’sessionvalue’,’session_id’);
//-create database connection
$db=mysql_connect(“localhost”,””,””) or die(“Can’t connect to the database because: “) . mysql_error();
//-select database
mysql_select_db(“newstudent”);
//-get details of selected records
if($_GET && !$_POST){
if(isset($_GET[‘SessionID’]) && is_numeric($_GET[‘SessionID’])){
$session_id=$_GET[‘SessionID’];
}
else{
$session_id=NULL;
}
if($session_id){
$sql=”SELECT * FROM testnewstudent WHERE SessionID=$session_id”;
$result=mysql_query($sql) or die (mysql_error());
$row=mysql_fetch_assoc($result);
}
if(array_key_exists(‘update’, $_POST)){
//prepare expected items for insertion into database
foreach($_POST as $key=> $value){
if(in_array($key, $expected)){
${$key}=mysql_real_escape_string($value);
}
}
//abandon the process if primary key failed
if(!is_numeric($session_id)){
die(‘Invalid request’);
}
//prepare sql query
$sql=”UPDATE testnewstudent SET SessionDescription=’$sessiondescription’, SessionValue=’$sessionvalue’ WHERE SessionID=$session_id”;
//-submit the query
$done=mysql_query($sql) or die (mysql_error());
}
}
//-redirect page if $session_id on success or $session_id is invalid
if($done || !isset($session_id)){
header(“Location:http://it/newstudent/index.php”);
exit;
}
?>
With values for sessiondescription, sessionvalue in input text fields
The code for the delete is:
[code=php]<?php
//create database connection
$db=mysql_connect(“localhost”,””,””) or die(“Can’t connect to the database because: “) . mysql_error();
//initialize flag
$deleted=false;
//-select database
mysql_select_db(“newstudent”);
//-get details of selected records
if($_GET && !$_POST){
if(isset($_GET[‘SessionID’]) && is_numeric($_GET[‘SessionID’])){
$session_id=$_GET[‘SessionID’];
}
else{
$session_id=NULL;
}
if($session_id){
$sql=”SELECT * FROM testnewstudent WHERE SessionID=$session_id”;
$result=mysql_query($sql) or die (mysql_error());
$row=mysql_fetch_assoc($result);
}
}
//-if confirm deletion button has been clicked, delete record
if(array_key_exists(‘delete’,$_POST)){
//abandon the process if primary key failed
if(!is_numeric($_POST[‘session_id’])){
die(‘Invalid request’);
}
//prepare sql query
$sql=”DELETE testnewstudent WHERE SessionID={$_POST[‘session_id’]}”;
//-submit the query
$deleted=mysql_query($sql) or die (mysql_error());
}
// redirect the page if deletion successful, cancel button clicked, or $_GET[‘article_id’] not defined
if ($deleted || array_key_exists(‘cancel_delete’, $_POST) || !isset($_GET[‘session_id’])) {
header(‘Location: http://it/newstudent/index.php’);
exit;
}
?>
Any ideas of what the problem might be would be greatly appreciated.