Good evening
I've been working on creating a basic admin panel in order to allow a friend to edit the content of her own website. The data is stored in a database, and the plan is to allow her to edit/add content to the database.
I've previously used this successfully elsewhere, but this time around I'm having problems - and I'm sure it's something simple. I'm receiving an error message: Error! The 'fid' variable is not valid. I've always used the auto increment as id - this is the first time altering it to fid.
<?php
/*
Allows the user to both create new records and edit existing records
*/
// connect to the database
include("***********.php");
// creates the new/edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($text = '', $yearrange ='', $fid = '') //EDIT THIS IN ALL CASES
{ ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>
<?php if ($fid != '') { echo "Edit Record"; } else { echo "New Record"; } ?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<h1><?php if ($fid != '') { echo "Edit Record"; } else { echo "New Record"; } ?></h1>
<?php if ($error != '') {
echo "<div style='padding:4px; border:1px solid red; color:red'>" . $error
. "</div>";
} ?>
<form action="" method="post">
<div>
<?php if ($fid != '') { ?>
<input type="hidden" name="fid" value="<?php echo $fid; ?>" />
<p>ID: <?php echo $fid; ?></p>
<?php } ?>
<strong>Text: *</strong> <input type="text" name="text" value="<?php echo $text; ?>"/><br/>
<strong>Year Range: *</strong> <input type="text" name="yearrange" value="<?php echo $yearrange; ?>"/>
<p>* required</p>
<input type="submit" name="submit" value="Submit" />
</div>
</form>
</body>
</html>
<?php }
/*
EDIT RECORD
*/
// if the 'id' variable is set in the URL, we know that we need to edit a record
if (isset($_GET['fid']))
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// make sure the 'id' in the URL is valid
if (is_numeric($_POST['fid']))
{
// get variables from the URL/form
$fid = $_POST['fid'];
$text = htmlentities($_POST['text'], ENT_QUOTES);
$yearrange = htmlentities($_POST['yearrange'], ENT_QUOTES);
// check that text and yearrange are both not empty
if ($text == '' || $yearrange == '')
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($text, $yearrange, $fid);
}
else
{
// if everything is fine, update the record in the database
if ($stmt = $mysqli->prepare("UPDATE footer SET text = ?, yearrange = ? WHERE fid=?"))
{
$stmt->bind_param("ssi", $text, $yearrange, $fid);
$stmt->execute();
$stmt->close();
}
// show an error message if the query has an error
else
{
echo "ERROR: could not prepare SQL statement.";
}
// redirect the user once the form is updated
header("Location: footer.php");
}
}
// if the 'id' variable is not valid, show an error message
else
{
echo "Error! The 'fid' variable is not valid.";
}
}
// if the form hasn't been submitted yet, get the info from the database and show the form
else
{
// make sure the 'id' value is valid
if (is_numeric($_GET['fid']) && $_GET['fid'] > 0)
{
// get 'id' from URL
$fid = $_GET['fid'];
// get the record from the database
if($stmt = $mysqli->prepare("SELECT * FROM footer WHERE fid=?"))
{
$stmt->bind_param("i", $fid);
$stmt->execute();
$stmt->bind_result($fid, $text, $yearrange);
$stmt->fetch();
// show the form
renderForm($text, $yearrange, NULL, $fid);
$stmt->close();
}
// show an error if the query has an error
else
{
echo "Error: could not prepare SQL statement";
}
}
// if the 'id' value is not valid, redirect the user back to the footer.php page
else
{
header("Location: footer.php");
}
}
}
// close the mysqli connection
$mysqli->close();
?>
The table creation code is this:
// Create table
$sql = "CREATE TABLE footer
(
fid INT NOT NULL AUTO_INCREMENT,
PRIMARY KEY(fid),
text VARCHAR (50),
yearrange VARCHAR (15)
)";
Any help much appreciated.