Questionable cookie in update

Question

KJATL 0 Newbie Poster

15 Years Ago

Hello there,

I am working on an update script that can be broken down into 3 parts.

1. The form (uses id to populate fields)
2. The UPDATE
3. The confirmation.

Form:

<?php require_once("includes/connection.php");

$pid = $_POST['pid'];
$delete = $_POST['Delete'];
$update = $_POST['Update'];

if(isset($update))
{
  $sql = "SELECT * FROM player WHERE id = {$pid}";
  $result = mysql_query($sql, $connection);
  $row = mysql_fetch_array($result)
  or die("Database query failed: " . mysql_error());
  setcookie(pid, $pid, 3600);
  ?>
  <html>
<h3>Update Player</h3>
<br>
    <body>
    <form action="update_player.php" method="post">
<table cellspacing="0" cellpadding="0" width="100%"> 
...
</form>
    </body>
    </html>
  <?php
  
}
else
if(isset($delete))
{
  $sql = "DELETE FROM player WHERE id = {$pid}";
  $result = mysql_query($sql, $connection)
  or die("Database query failed: " . mysql_error());

The UPDATE:

<?php
$pid = $_COOKIE['pid'];
$ln = $_POST['ln'];
$fn = $_POST['fn'];
$mi = $_POST['mi'];
$ad = $_POST['ad'];
...
$DoBYYYY = $_POST['DoBYYYY'];
$team = $_POST['team'];
$output_form = false;

if (empty($ln) || empty($fn) || empty($pcell)){
echo 'You forgot either the last name, first name, or player\'s cell. <br \>';
$output_form = true;
}
else{

$query = "UPDATE player SET last_name = '$ln', first_name = '$fn', middle_initial = '$mi', home_address = '$ad', city = '$ci', state = '$st', zip = '$zi', mother = '$mn', father = '$dn',".
"player_cell = '$pcell', mom_cell = '$mcell', dad_cell = '$dcell', home_number = '$hnumber', mom_work_number = '$mwork', dad_work_number = '$dwork', mom_email = '$memail', dad_email = '$demail', personal_email = '$pemail',".
"preferred_email = '$prefemail', years_played = '$yrsp', medical_conditions = '$medc', emergency_contact_name = '$emerc', emergency_contact_phone = '$emercnumber', texting = '$text', as_of_date = '$AoD',".
"position_played = '$position', preferences = '$prefs', school = '$school', DoBMM = '$DoBMM', DoBDD =  = '$DoBDD', DoBYYYY = '$DoBYYYY', feet = '$feet', inches = '$inches', lbs = '$lbs', oz = '$oz', team = '$team')".
"WHERE id = '$pid'";

if 

$result = mysql_query($query, $connection)
or die("Database query failed: " . mysql_error());

header('Refresh: 1;url=add_thankyou.php');

I'm not getting any MySQL errors and the data is not being updated which suggests to me that i'm using the cookie inappropriately.

Here is the error:

Notice: Use of undefined constant pid - assumed 'pid' in C:\wamp\www\base_ball\update_delete.php on line 13

Any thoughts?

php

2 Contributors
4 Replies
120 Views
1 Day Discussion Span
Latest Post 15 Years Ago Latest Post by KJATL

pritaeas 2,194 ¯\_(ツ)_/¯

15 Years Ago

Don't forget the quotes.

setcookie('pid', $pid, 3600);

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

KJATL 0 Newbie Poster · Answer 1 · 2009-04-23T02:08:53+00:00

Don't forget the quotes.
setcookie('pid', $pid, 3600);

Hello pritaeas!

I have placed quotes around the name of the cookie, but I am still experiencing problems:

$pid = $_POST['pid'];$delete = $_POST['Delete'];
$update = $_POST['Update'];

if(isset($update))
{
  $sql = "SELECT * FROM player WHERE id = {$pid}";
  $result = mysql_query($sql, $connection);
  $row = mysql_fetch_array($result)
  or die("Database query failed: " . mysql_error());
  setcookie('pid', $pid, 3600);

In the second script:

<?php require_once("includes/connection.php"); ?>
<?php
$pid = $_COOKIE['pid'];$ln = $_POST['ln'];
$fn = $_POST['fn'];
$mi = $_POST['mi'];
$ad = $_POST['ad'];
$ci = $_POST['ci'];
$st = $_POST['st'];
$zi = $_POST['zi'];
$mn = $_POST['mn'];
$dn = $_POST['dn'];

Notice: Undefined index: pid in C:\wamp\www\base_ball\update_player.php on line 3
Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')WHERE id = ''' at line 1

I am assuming the query is failing because $pid doesn't carry over. I've changed my browser settings to allow cookies from any website.

Do you have any thoughts?

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 2 · 2009-04-23T16:11:15+00:00

Appears that $pid is empty (not set), and thus the query is invalid. Shouldn't $_POST be $_COOKIE ??

KJATL 0 Newbie Poster · Answer 3 · 2009-04-23T19:13:34+00:00

Appears that $pid is empty (not set), and thus the query is invalid. Shouldn't $_POST be $_COOKIE ??

Maybe, i'm not sure.

On the first script, the player enters pid as an interger value to specify which player they would like to update or delete, if the update button is clicked after information is entered into pid, that information is posted to the next script as $pid. My assumption was that $pid would remain set through the second script, but from the second (editing the record) to the third (performing the update), I though I would need a cookie.

Maybe there is a problem with my method.

---

I've changed my cookie to grab the server time:

setcookie('pid', $pid, time()+3600);

This is still printing that pid is an undefined index.

---

After using the function "print_r($_COOKIE);" I see the following output. I am not sure if this suggests a session is established. The only session I remember establishing was a connection to the database, not a php session:

Array ( [PHPSESSID] => g3i5fqjakvprqgmut894pr5m54 [9d4bb4a09f511681369671a08beff228] => rnnhg0t43bih5p6ke8gkno5a56 [cda3f8363c72cb411c8879ff46e7dbfa] => 356jv7t74i29gjf11a1p0v3tk1 [c0f8b8f4c4af84715b39697f86810ec8] => accf9619f4a96c9642cc37becc69fcfd )