How to allow only session user to modify review php sql? - php

This is code for user review system, Everything is working fine with this code but i want to allow only those user to modify their reviews who are on session (logged in) so i just want to add if($_SESSION['id']==$row['user_id']) then open modify page or else echo"Access Denied"; i have tried this code but its not fetching session_id & also i am not sure where should i place this code because i will also block edit page please help anyone..i m stucked
edit page is that page where user can add review
modify page is that page where user can update edit already added review
reviews.php
<?php
session_start();
include('server3.php');
include('config.php');
if (isset($_GET['edit'])) {
$id = $_GET['edit'];
$record = mysqli_query($db, "SELECT * FROM info WHERE user_id=$id");
if (count($record) == 1 ) {
$nm = mysqli_fetch_array($record);
$name = $nm['name'];
$address = $nm['address'];
$yid= $nm['id'];
}
}
if (isset($_GET['modify'])) {
$update = true;
$id = $_GET['modify'];
$record2 = mysqli_query($db, "SELECT * FROM info WHERE id=$id");
if (count($record2) == 1 ) {
$n = mysqli_fetch_array($record2);
$name = $n['name'];
$address = $n['address'];
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<link rel="stylesheet" type="text/css" href="somecss.css">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="NAV/jquery.min.js"></script>
<script src="NAV/bootstrap.min.js"></script>
</head>
<body>
<header id="fixed-header">
<center><img id="logo" src="logo.png" height="82" width="350" style="border-radius:8px; margin-top:-100px;"/></center>
</header>
<nav class="navbar navbar-inverse" style="margin-bottom:0px;" >
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#myNavbar">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">NearestMentor.Com</a>
</div>
<div class="collapse navbar-collapse" id="myNavbar">
<ul class="nav navbar-nav">
<li class="active">Home</li>
<li>What's This</li>
<li>How to Use</li>
<li>Contribute & Win</li>
<li>Winner Mentors Leatherboard</li>
<li>Terms</li>
<li>About Us</li>
<li>Donate Us</li>
</ul>
<ul class="nav navbar-nav navbar-right">
<?php
$loggedin = isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true;
if($loggedin) : ?>
<li><span class="glyphicon glyphicon-pencil"> </span>My Q & A</li>
<li><span class="glyphicon glyphicon-user"> </span>Edit Profile</li>
<li><span class="glyphicon glyphicon-log-in"> </span>Logout</li>
<?php else : ?>
<li><span class="glyphicon glyphicon-user"></span> Sign Up</li>
<li><span class="glyphicon glyphicon-log-in"></span> Login</li>
<?php endif; ?>
</ul>
</div>
</div>
</nav>
<?php if (isset($_SESSION['message'])): ?>
<div class="msg">
<?php
echo $_SESSION['message'];
unset($_SESSION['message']);
?>
</div>
<?php endif ?>
<?php $results = mysqli_query($db, "SELECT * FROM info WHERE user_id=$id"); ?>
<table>
<thead>
<tr>
<th>Name</th>
<th>Review</th>
<th colspan="2">Action</th>
</tr>
</thead>
<?php while ($row = mysqli_fetch_array($results)) { ?>
<tr>
<td><?php echo $row['name']; ?></td>
<td><?php echo $row['address']; ?></td>
<td>
<?php
if($row['user_id']==$_SESSION['id'])
{
echo "<a href='review.php?modify=".$row['id'];"class='edit_btn' >Edit</a>";
}
else
{
echo "";
}
?>
</td>
<td>
Delete
</td>
</tr>
<?php } ?>
</table>
<form method="post" action="server3.php" >
<input type="hidden" name="id" value="<?php echo $id; ?>">
<div class="input-group">
<label>USERID</label>
<input type="text" name="user_id" style="width:670px; height:40px;" value=
"<?php echo $id;?>"
</div>
<div class="input-group">
<label>Name</label>
<input type="text" name="name" style="width:670px; height:40px;" value='<?php echo $_SESSION['username'] ?>' readonly="readonly">
</div>
<div class="input-group">
<label>Give Your Review</label>
<input type="text" name="address" style="width:670px;" value="<?php echo $address; ?>">
</div>
<div class="input-group">
<?php if($update=='true')
{
echo '<button class="btn" type="submit" name="update" style="background: #556B2F;" >update</button>';
}
else
{
echo '<button class="btn" type="submit" name="save" >Save</button>';
} ?>
</div>
</form>
</body>
</html>
server3.php
<?php
session_start();
$db = mysqli_connect('localhost', 'root', '', 'mydatabase');
// initialize variables
$name = "";
$address = "";
$id = 0;
$update = false;
if (isset($_POST['save'])) {
$user_id = $_POST['user_id'];
$name = $_POST['name'];
$address = $_POST['address'];
mysqli_query($db, "INSERT INTO info (user_id, name, address) VALUES ('$user_id','$name', '$address')");
$_SESSION['message'] = "Review Saved, Thankyou!";
header('location: review.php?edit='.$user_id);
}
if (isset($_POST['update'])) {
$id = $_POST['id'];
$name = $_POST['name'];
$address = $_POST['address'];
mysqli_query($db, "UPDATE info SET name='$name', address='$address' WHERE id=$id");
$_SESSION['message'] = "Review Updated, Thankyou!";
echo("<script>alert('Review Successfully Updated!')</script>");
echo("<script>window.location = 'index.php';</script>");
}
if (isset($_GET['del'])) {
$id = $_GET['del'];
mysqli_query($db, "DELETE FROM info WHERE id=$id");
$_SESSION['message'] = "Review Deleted, Thankyou!";
echo("<script>alert('Review Successfully Deleted!')</script>");
echo("<script>window.location = 'index.php';</script>");
}
$results = mysqli_query($db, "SELECT * FROM info");
?>


Why not just use an OAuth login like google to create the user and then use that login to authenticate whether the user can edit a review? It makes it easier for users to create an account, which means you are more likely to get those reviews AND you can check if they are actual customers by implementing a system where they can order online and then do a check if they actually buy from you and verify them as a purchaser. Possibly hide reviews that are spam or non-customer reviews.
I was looking at server3.php and you need to do a lot of checks. This code is vulnerable to MySQL Injections and can easily store garbage data into your database server. I recommend using PDO and prepared queries. I also recommend you check for valid email and escape all data input from the user. Right now I hope this is not on a single live website.

Related

PHP code not working correctly. Everything works except the qty of the first product in cart

Like written in the title my code works okay except for the quantity for the first product when there are multiple products, where you can remove by clicking update but cant change the quantity.
<?php
include("functions/functions.php");
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.12/css/all.css" integrity="sha384-G0fIWCsCzJIMAVNQPfjH08cyYaUtMwjJwqiRKxxE/rx96Uroj1BtIQ6MLJuheaO9" crossorigin="anonymous">
<link type="text/css" rel="stylesheet" href="styles/style.css" />
<title>Prodavnica+</title>
</head>
<body>
<div id="header" class="cf">
<img src="images/logo.png" />
<div id="navbar">
<ul>
<li>
Home
</li>
<li>
Products
</li>
<li>
My Account
</li>
<li>
Sign Up
</li>
<li>
Shopping Card
</li>
<li>
Contact Us
</li>
</ul>
</div> <!-- END navbar -->
<div id="search">
<form method="get" action="results.php" enctype="multipart/form-data">
<input type="text" name="search_query" placeholder="Search Product" />
<input type="submit" name="search_button" value="Search" />
</form>
</div>
</div> <!-- END header -->
<?php cart(); ?>
<div id="shop-bar">
<p>
Total items: <?php totalItems() ?>
</p>
<p>
Total price: <?php totalPrice()?>
</p>
<i class="fas fa-shopping-cart"> | </i>
<span> Welcome Guest! </span>
</div> <!-- END shop-bar -->
<div id="container">
<div id="main">
<div id="product-box-cart">
<form action="" method="post" enctype="multipart/form-data">
<table>
<thead>
<th>Product</th>
<th>Quantity</th>
<th>Remove</th>
<th>Price</th>
</thead>
<tbody>
<?php
$total = 0;
global $con;
$ip = getIp();
$run_price = mysqli_query($con,"SELECT * FROM cart WHERE ip_add = '$ip'");
while($row_pro_price = mysqli_fetch_array($run_price)) {
$pro_id = $row_pro_price['p_id'];
$pro_qty = $row_pro_price['qty'];
$run_pro_price2 = mysqli_query($con,"SELECT * FROM products WHERE product_id = '$pro_id'") or die(mysqli_error($con));
while($row_pro_price2 = mysqli_fetch_array($run_pro_price2)) {
$pro_price = array($row_pro_price2['product_price']);
$pro_title = $row_pro_price2['product_title'];
$product_image = $row_pro_price2['product_image'];
$single_price = $row_pro_price2['product_price'];
$pro_price_values = array_sum($pro_price);
$total += $pro_price_values;
?>
<tr>
<td>
<h2><?php echo $pro_title ?></h2>
<img src="admin/product_images/<?php echo $product_image;?>">
</td>
<td>
<input type="text" name="qty[]" value = "<?php echo $pro_qty;?>">
</td>
<td>
<input type="checkbox" name="remove[]" value="<?php echo $pro_id ?>" />
</td>
<td>
<?php echo "$" . $single_price; ?>
</td>
</tr>
</tbody>
<?php }} ?>
</table>
<p>
<b> Total Value: </b> <?php echo "$" . $total;?>
</p>
<div id="check-buttons">
<input type="submit" name="update_cart" value="Update Cart" />
<input type="submit" name="continue" value="Continue Shopping" />
<input type="button" value="Checkout" />
</div>
</form>
<?php
//pressing update cart ->
if(isset($_POST['update_cart'])) {
//removing the products
if(isset($_POST['remove'])) {
foreach($_POST['remove'] as $remove_id) {
$delete_product = "DELETE FROM cart WHERE p_id = '$remove_id' AND ip_add = '$ip'";
$run_delete = mysqli_query($con,$delete_product);
if($run_delete) {
echo "<script>window.open('cart.php','_self')</script>";
}
}
}
//quantity of product
if(isset($_POST['qty'])) {
foreach($_POST['qty'] as $qty_id) {
$update_qty = "UPDATE cart SET qty = '$qty_id' WHERE p_id = '$pro_id' AND ip_add = '$ip'";
$run_qty = mysqli_query($con, $update_qty) or die(mysqli_error($con));
}
}
}
elseif(isset($_POST['continue'])) {
echo "<script>window.open('index.php','_self')</script>";
}
?>
</div> <!-- END product box -->
</div> <!-- END main -->
<div id="side">
<div id="side-category">
<h2>Categories</h2>
<hr />
<table id="mw">
<tr>
<?php
getBrands();
?>
</tr>
</table>
<ul>
<?php
getCats();
?>
</ul>
</div><!-- END side-category-->
</div> <!-- END side -->
</div> <!--END container -->
<div id="footer">
<p>© 2018 by </p>
</div> <!-- END footer -->
</body>
</html>
This is my cart.php page where the code executes. The $pro_id variable is from GET method for adding to cart. Therefore the $pro_id = $_GET[add_cart] which is in index.php. I will also include the index.php file bellow so if needed, one can take a look.
Quick answer would mean a lot. Thanks
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.12/css/all.css" integrity="sha384-G0fIWCsCzJIMAVNQPfjH08cyYaUtMwjJwqiRKxxE/rx96Uroj1BtIQ6MLJuheaO9" crossorigin="anonymous">
<link type="text/css" rel="stylesheet" href="styles/style.css" />
<title>Prodavnica+</title>
</head>
<body>
<div id="header" class="cf">
<img src="images/logo.png" />
<div id="navbar">
<ul>
<li>
Home
</li>
<li>
Products
</li>
<li>
My Account
</li>
<li>
Sign Up
</li>
<li>
Shopping Card
</li>
<li>
Contact Us
</li>
</ul>
</div> <!-- END navbar -->
<div id="search">
<form method="get" action="results.php" enctype="multipart/form-data">
<input type="text" name="search_query" placeholder="Search Product" />
<input type="submit" name="search_button" value="Search" />
</form>
</div>
</div> <!-- END header -->
<?php cart(); ?>
<div id="shop-bar">
<p>
Total items: <?php totalItems() ?>
</p>
<p>
Total price: <?php totalPrice()?>
</p>
<i class="fas fa-shopping-cart"> | </i>
<span> Welcome Guest! </span>
</div> <!-- END shop-bar -->
<div id="container">
<div id="main">
<div id="product-box">
<?php
if(isset($_GET['cat'])) {
getCatPro();
}
elseif(isset($_GET['brand'])) {
getBrandPro();
}
else {
getPro();
}
?>
</div> <!-- END product box -->
</div> <!-- END main -->
<div id="side">
<div id="side-category">
<h2>Categories</h2>
<hr />
<table id="mw">
<tr>
<?php
getBrands();
?>
</tr>
</table>
<ul>
<?php
getCats();
?>
</ul>
</div><!-- END side-category-->
</div> <!-- END side -->
</div> <!--END container -->
<div id="footer">
<p>© 2018 by Djordje Stamenkovic</p>
</div> <!-- END footer -->
</body>
</html>
functions.php
<?php
//database connection
$con = mysqli_connect("localhost","root","","eprodavnica");
// function for getting ip address of the client
/*In this PHP function, first attempt is to get the direct IP address of client’s machine, if not available then try for forwarded for IP address using HTTP_X_FORWARDED_FOR. And if this is also not available, then finally get the IP address using REMOTE_ADDR.*/
function getIp()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
//adding a single product to cart
function cart() {
if(isset($_GET['add_cart'])) {
global $con;
$ip = getIp();
$pro_id = $_GET['add_cart'];
$run_check = mysqli_query($con,"SELECT * FROM cart WHERE ip_add = '$ip' AND p_id = '$pro_id'") or die(mysqli_error($con));
if(mysqli_num_rows($run_check)>0) {
echo "";
} else {
$run_pro = mysqli_query($con, "INSERT INTO cart (p_id, ip_add, qty) values ('$pro_id','$ip',1)") or die(mysqli_error($con));
echo "<script>window.open('index.php','_self')</script>";
}
}
}
//getting the total added items
function totalItems() {
if(isset($_GET['add_cart'])) {
global $con;
$ip = getIp();
$run_items = mysqli_query($con, "SELECT * FROM cart WHERE ip_add='$ip'");
$count_items = mysqli_num_rows($run_items);
} else {
global $con;
$ip = getIp();
$run_items = mysqli_query($con, "SELECT * FROM cart WHERE ip_add='$ip'") or die(mysqli_error($con));
$count_items = mysqli_num_rows($run_items);
}
echo $count_items;
}
//getting the total Price of items in the cart
function totalPrice() {
$total = 0;
global $con;
$ip = getIp();
$run_price = mysqli_query($con,"SELECT * FROM cart WHERE ip_add = '$ip'");
while($row_pro_price = mysqli_fetch_array($run_price)) {
$pro_id = $row_pro_price['p_id'];
$run_pro_price2 = mysqli_query($con,"SELECT * FROM products WHERE product_id = '$pro_id'");
while($row_pro_price2 = mysqli_fetch_array($run_pro_price2)) {
$pro_price = array($row_pro_price2['product_price']);
$pro_price_values = array_sum($pro_price);
$total += $pro_price_values;
}
}
echo "$" . $total;
}
//getting the categories
function getCats() {
global $con;
$run_cats = mysqli_query($con,"SELECT * FROM categories");
while($row_cats = mysqli_fetch_array($run_cats)) {
$cat_id = $row_cats['cat_id'];
$cat_title = $row_cats['cat_title'];
echo "<li>
<a href='index.php?cat=$cat_id'>$cat_title</a>
</li>";
}
}
//getting the brands
function getBrands() {
global $con;
$run_brands = mysqli_query($con,"SELECT * FROM brands");
while($row_brands = mysqli_fetch_array($run_brands)) {
$brand_id = $row_brands['brand_id'];
$brand_title = $row_brands['brand_title'];
echo "<td>
<a href='index.php?brand=$brand_id'>$brand_title</a>
</td>";
}
}
//getting products on main page
function getPro() {
if(!isset($_GET['cat'])){
if(!isset($_GET['brands'])) {
global $con;
$run_pro = mysqli_query($con,"SELECT * FROM products ORDER BY RAND() LIMIT 0,9");
while($row_pro = mysqli_fetch_array($run_pro)) {
$pro_id = $row_pro['product_id'];
$pro_cat = $row_pro['product_cat'];
$pro_brand = $row_pro['product_brand'];
$pro_title = $row_pro['product_title'];
$pro_price = $row_pro['product_price'];
$pro_image = $row_pro['product_image'];
echo "
<div class='single-product cf'>
<h4><a href='#'>$pro_title</a></h4>
<a href='details.php?pro_id=$pro_id'><img src='admin/product_images/$pro_image' /></a>
<p>
Price: $ $pro_price
</p>
<a href='index.php?add_cart=$pro_id'><button>Add To Cart</button></a>
</div>
";
}
}
}
}
//getting the category products
function getCatPro() {
if(isset($_GET['cat'])){
$cat_id = $_GET['cat'];
global $con;
$run_cat_pro = mysqli_query($con,"SELECT * FROM products WHERE product_cat = '$cat_id'");
$count_cats = mysqli_num_rows($run_cat_pro);
if($count_cats == 0) {
echo "<div class='no-cat'>
<h1> We're sorry! There are currently no products with that category. :(</h1>
</div>";
} else {
while($row_cat_pro = mysqli_fetch_array($run_cat_pro)) {
$pro_id = $row_cat_pro['product_id'];
$pro_cat = $row_cat_pro['product_cat'];
$pro_brand = $row_cat_pro['product_brand'];
$pro_title = $row_cat_pro['product_title'];
$pro_price = $row_cat_pro['product_price'];
$pro_image = $row_cat_pro['product_image'];
echo "
<div class='single-product cf'>
<h4><a href='#'>$pro_title</a></h4>
<a href='details.php?pro_id=$pro_id'><img src='admin/product_images/$pro_image' /></a>
<p>
Price: $ $pro_price
</p>
<a href='index.php?add_cart=$pro_id'><button>Add To Cart</button></a>
</div>
";
}
}
}
}
//getting the brand products (in this case sex)
function getBrandPro() {
if(isset($_GET['brand'])){
$brand_id = $_GET['brand'];
global $con;
$run_brand_pro = mysqli_query($con,"SELECT * FROM products WHERE product_brand = '$brand_id'") or die(mysqli_error($con));
$count_brands = mysqli_num_rows($run_brand_pro);
if($count_brands == 0) {
echo "<div class='no-cat'>
<h1> We're sorry! There are currently no products for that sex. :(</h1>
</div>";
} else {
while($row_brand_pro = mysqli_fetch_array($run_brand_pro)) {
$pro_id = $row_brand_pro['product_id'];
$pro_cat = $row_brand_pro['product_cat'];
$pro_brand = $row_brand_pro['product_brand'];
$pro_title = $row_brand_pro['product_title'];
$pro_price = $row_brand_pro['product_price'];
$pro_image = $row_brand_pro['product_image'];
echo "
<div class='single-product cf'>
<h4><a href='#'>$pro_title</a></h4>
<a href='details.php?pro_id=$pro_id'><img src='admin/product_images/$pro_image' /></a>
<p>
Price: $ $pro_price
</p>
<a href='index.php?add_cart=$pro_id'><button>Add To Cart</button></a>
</div>
";
}
}
}
}
NOTE: It works fine when one product is in the cart.

Checkbox button not updating a selected row?

My selector when selected all is updating only 1 row? however if i select a row, it cannot be updated? please see my code if something's wrong, needed help.
This is the form:
<form action="read_message.php" method="post">
<div class="pull-right">
<button class="btn btn-info" name="read"><i class="icon-check"></i> Read</button>
Check All <input type="checkbox" name="selectAll" id="checkAll" />
<script>
$("#checkAll").click(function () {
$('input:checkbox').not(this).prop('checked', this.checked);
});
</script>
</div>
<ul class="nav nav-pills">
<li class="active"><i class="icon-envelope-alt"></i>inbox</li>
<li class=""><i class="icon-envelope-alt"></i>Send messages</li>
</ul>
<?php
$query_announcement = mysql_query("select * from message_received
LEFT JOIN user ON user.user_id = message_received.user_id
where message_received.receiver_id = '$session_id' order by date_sent DESC
")or die(mysql_error());
$count_my_message = mysql_num_rows($query_announcement);
if ($count_my_message != '0'){
while($row = mysql_fetch_array($query_announcement)){
$id = $row['message_id'];
$id_2 = $row['message_id'];
$fn = $row['firstname'];
$ln = $row['lastname'];
$status = $row['message_status'];
$sender = $row['user_id'];
$sender_name = $fn.' '.$ln;
$receiver = $row['receiver_id'];
?><div class="alert alert-info">
<div class="post" id="del<?php echo $id; ?>">
<div class="message_content">
<?php echo $row['content']; ?>
</div>
<div class="pull-right">
<?php if ($status == 'read'){
}else{ ?>
<input id="" class="" name="selector[]" type="checkbox" value="<?php echo $id; ?>">
<?php } ?>
</div>
<hr>
Send by: <strong><?php echo $fn.' '.$ln; ?></strong>
<i class="icon-calendar"></i> <?php echo $row['date_sent']; ?>
<div class="pull-right">
<a class="btn btn-link" href="#reply<?php echo $id; ?>" data-toggle="modal" ><i class="icon-reply"></i> Reply </a>
</div>
<div class="pull-right">
<a class="btn btn-link" href="#<?php echo $id; ?>" data-toggle="modal" ><i class="icon-remove"></i> Remove </a>
<?php include("remove_inbox_message_modal.php"); ?>
<?php include("reply_inbox_message_modal_user.php"); ?>
</div>
</div>
</div>
<?php }}else{ ?>
<div class="alert alert-info"><i class="icon-info-sign"></i> No Message Inbox</div>
<?php } ?>
</form>
However, nevermind the isset for reply, the problem is the first function for isset read, what's wrong with the query? this is the function for the selector, read_message.php,
<?php include('connect.php'); ?>
<?php
include('session.php');
if (isset($_POST['read'])){
$id=$_POST['selector'];
$N = count($id);
for($i=0; $i < $N; $i++)
{
$result = mysql_query("update message_received set message_status = 'read' where message_id='$id[$i]'");
}
echo "<script> alert('Successfully Updated') </script>";
echo " <script>location.replace('messages.php')</script>";
}
?>
<?php
if (isset($_POST['reply'])){
$sender = $_POST['sender'];
$receiver = $_POST['receiver'];
$id2=$_POST['id2'];
$qwe = $_POST['qwe'];
mysql_query("update message_received set message_status = 'read' where message_id='$id2'");
mysql_query("insert into message_received (user_id,receiver_id,content,date_sent) values('$receiver','$sender','$qwe',NOW())")or die(mysql_error());
mysql_query("insert into message_sent (receiver_id,user_id,content,date_sent) values('$sender','$receiver','$qwe',NOW())")or die(mysql_error());
echo "<script> alert('Your message has been sent') </script>";
echo " <script>location.replace('messages.php')</script>";
?>
<script>
alert('Message Sent');
window.location ="messages.php";
</script>
<?php
}
?>

Update Query in PHP - undefined ID error in code

I have a problem with my code in php.
Error: Undefined Variable 'id'.
<?php
include_once '../includes/connection.php';
include_once '../includes/functions.php';
session_start();
$posts = $pdo->query("SELECT * FROM posty ORDER BY post_id DESC");
$j=0;
?>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="../sources/css/style.css">
<script type="text/javascript" src="../sources/scripts/time.js"></script>
<script type="text/javascript" src="../sources/scripts/scroll.js"></script>
</head>
<body onload="timeLine(); setInterval('timeLine()', 1000 )" >
<header>
<div class = "menu">
<ul>
<li> Blog </li>
<li> Archives </li>
<li> Contact </li>
<li id="addPost"> Add Post </li>
<li id="editPost"> Edit Post </li>
<li id="deletePost"> Delete Post </li>
<li id="showBlogContent"> Hide Blog </li>
<li id="menuRightLogin"> Logout </li>
<li id="menuRightDate"><?php echo date('jS F Y').' '; ?><span id="clock"> </span> </li>
</ul>
</div>
</header>
<div id="showBlog" style="display: block;">
<div class="container">
<div class="postsContainer">
<?php foreach($posts as $post) {
if ($j <= 5) { ?>
<div class="postBox">
<div class="postTitle">
<br />
<?php echo $post['post_title']; ?>
</div>
<div class="postContent">
<br />
<?php if(($wordCount = str_word_count($post['post_content']) <=50)) {
echo $post['post_content'];?>
Edit Post
<br />
<?php } else {
echo excerpts($post['post_content'], 50).'... <br/> <br/>
Edit Post
<br /> <br />';
} ?>
</div>
<div class="postDate">
<?php echo '<b id="author">Author:</b> '.$post['post_author'].' <b id="posted">posted:</b> '.date('jS F Y', $post['add_date']); ?>
</div>
</div>
<?php $j++; } }?>
</div>
</div>
<footer>
<small> © Copyright 2015, n3stis </small>
</footer>
</div>
</body>
</html>
So from here I'm sending a 'id' to edit form:
<?php
include_once '../includes/connection.php';
include_once '../includes/functions.php';
session_start();
$id = $_GET['id'];
if (isset ($id)) {
if (isset($_SESSION['logged_in'])) {
$query = $pdo->prepare("SELECT * FROM posty WHERE post_id='" . $id . "' LIMIT 1");
$query->execute();
$post = $query->fetch();
if (isset($_POST['post_title'], $_POST['post_content'], $_POST['post_author'])) {
$postTitle = $_POST['post_title'];
$postAuthor = $_POST['post_author'];
$postContent = nl2br($_POST['post_content']);
$postTime = time();
if (empty($post_title) or empty($post_content) or empty($post_author)) {
$error = 'All fields required.';
} else {
$sql = ("UPDATE `posty` SET `post_title` = :title, `post_author` = :author, `post_content` = :content, `edit_date` = :editDate WHERE `post_id` = :postID ");
$query = $pdo->prepare($sql);
$query->bindValue(':title', $postTitle);
$query->bindValue(':author', $postAuthor);
$query->bindValue(':content', $postContent);
$query->bindValue(':editDate', $postTime);
$query->bindValue(':postID', $id);
$query->execute();
header('Location: adminPanel.php');
}
}
?>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="../sources/css/style.css">
<script type="text/javascript" src="../sources/scripts/time.js"></script>
<script type="text/javascript" src="../sources/scripts/scroll.js"></script>
</head>
<body onload="timeLine(); setInterval('timeLine()', 1000 )">
<header>
<div class="menu">
<ul>
<li> Blog </li>
<li> Archives </li>
<li> Contact </li>
<li id="#addPost"> Add Post </li>
<li id="#editPost"> Edit Post </li>
<li id="#deletePost"> Delete Post </li>
<li id="showBlogContent"> Hide Blog </li>
<li id="menuRightLogin"> Logout </li>
<li id="menuRightDate"><?php echo date('jS F Y') . ' '; ?><span id="clock"> </span></li>
</ul>
</div>
</header>
<div id="showBlog" style="display: block;">
<div class="container">
<div class="postsContainer">
<?php if (isset($error)) { ?>
<p id="error"><?php echo $error ?> </p>
<?php } ?>
<form action="editPostPanel.php" method="post">
<input type="text" name="post_title" value="<?php echo $post['post_title'];?>"/>
<input type="text" name="post_author" value="<?php echo $post['post_author'];?>"/>
<br/>
<br/>
<textarea name="post_content" rows="15" cols="90"><?php echo $post['post_content'];?></textarea>
<br/>
<br/>
<input type="submit" value="Wyślij post"/>
</form>
</div>
</div>
<footer>
<small> © Copyright 2015, n3stis </small>
</footer>
</div>
</body>
</html>
<?php
} else {
echo 'Error';
} }
else {
echo 'Error';
}
When I send a form I get this:
Notice: Undefined index: id on line 7
I will be very greatfull for yours help :)

change
$id = $_GET['id'];
if (isset ($id))
to
if (isset ($_GET['id'])) {
$id = $_GET['id'];

Your form doesn't have the id parameter in it. You need to change
<form action="editPostPanel.php" method="post">
to:
<form action="editPostPanel.php?id=<?php echo $id; ?>" method="post">
This is in addition to correcting the isset check that the other answers noted:
if (isset($_GET['id'])) {
$id = $_GET['id'];

While I don't have your line numbers, I'd guess that line 7 is $id = $_GET['id'];. This indicates that you don't have a GET (query) param called id set. To fix that Notice, you probably want to swap the two lines as follows:
if (isset($_GET['id'])){
$id = $_GET['id']
But all that will do is start echoing 'Error' back to you. You'll also want to figure out why your line editPostPanel.php?id='.$post['post_id'] is not apparently setting the id as desired.

php form submitting info twice

I have a form that's supposed to enter a reply to a forum topic into the database and redirect the user back to the same topic. After much trial and error I have finally got the form to work, only it is putting two identical entries into the db every time. I cannot figure out why. I have looked up this same problem and most of the other people were not redirecting after the form submission or they were using AJAX or jquery or something. Here is my page info:
<?php
session_start();
include_once('includes/config.php');
include_once('classes/topic.php');
include_once('classes/post.php');
include('includes/header.php');
?>
<link rel="stylesheet" href="css/dd.css">
<?php
$topic = new Topic;
if (isset($_GET['id']))
{
$topic_id = $_GET['id'];
$data = $topic->fetch_data($topic_id);
if (isset($_POST['content']))
{
// someone posted a reply
$date = date('Y-m-d H:i:s');
$by = $_SESSION['user_id'];
$query = $pdo->prepare("INSERT INTO dd_posts (post_content, post_date, post_by, post_topic) VALUES (? ,? ,?, ?)");
$query->bindParam(1, $_POST['content']);
$query->bindParam(2, $date);
$query->bindParam(3, $by);
$query->bindParam(4, $_GET['id']);
$query->execute();
$result = $query->execute();
header("location:topic.php?id=".$_GET['id']);
exit;
}
?>
<div id ="wrapper">
<div class="drop-section">
<div id="menu">
<a class="item" href="drop_index.php">Dead Drop</a>
<a class="item" href="add_topic.php">New Post</a>
<a class="item" href="admin/add_cat.php">New Category</a>
<div id="userbar">
<?php
if( $user->is_logged_in() ) {
echo 'Hello ' . $_SESSION['user_name'] . '. How are you?';
} else {
echo '<a class="item" href="login.php">Sign in</a> or <a class="item" href="index.php">Create an account</a>';
}
?>
</div>
</div>
<table>
<tr class = "header-row">
<div id = "sans">
<?php echo $data['topic_subject']; ?>
- <small>started by <?php echo $data['user_name']; ?> </small><br />
<?php echo $data['topic_content']; ?>
</div>
</tr>
<?php
// retrieve all the replies to the original topic
$post = new Post;
$topic_id = $_GET['id'];
$posts = $post->fetch_all_posts_by_topic($topic_id);
?>
<tr>
<td class="first-column">
<?php foreach ($posts as $post) { ?>
<div class="drop-content-box">
<li><?php echo $post['post_content']; ?><br />
<div class = "forum-user-info">
<a href="player.php?id=<?php echo $post['user_id']; ?>">
<?php echo $post['user_name']; ?></a> - level:
<?php echo $post['user_level']; ?>
</div>
</li>
</div>
<?php } ?>
</td>
</tr>
</table>
<?php
if( $user->is_logged_in() )
{
?>
<div id = "header-section">Reply</div>
<?php if (isset($error)) { ?>
<small><?php echo $error; ?></small>
<?php } ?>
<form action="<?php echo "topic.php?id=".$_GET['id']?>" method="post" autocomplete="off">
<small><i>Do not post the actual answer to any level.</i></small><br />
<textarea rows="15" cols="50" name="content" placeholder="Give us your thoughts..."></textarea><br />
<input type="submit" value="Post" />
</form>
</div>
</div>
<?php
} else {
echo '<div id = "errors"><small>You must be signed in to reply.</div></small>';
}
}
include_once('includes/footer.php');
?>

You're executing the query twice.
$query->execute();
$result = $query->execute();

Why does my form get replaced with echo "0"?

I got an error on my page that I can't identify, and when I view the site online it replaces all my site content with the value "0".
How come I can't see the forms, and is it communicating with the SQL server properly?
PS: Login works and session is created, so the connect.php does work properly.
Here is the code for members.php:
<?php
// starting session
session_start();
// check if user is logged in
if (!isset($_SESSION['username']))
{
header('Location: http://wwww.gjertgjersund.com/');
exit();
}
else
{
// database connection
require ('connect.php');
//post record count
$post_count = mysql_query("SELECT * FROM posts");
$post_count_result = mysql_num_rows($post_count);
//comment count
$comment_count = mysql_query("SELECT * FROM comments");
$comment_count_result = mysql_num_rows($comment_count);
if(isset($_POST['submit']))
{
$newcategory = $_POST['newcategory'];
if(!empty($newcategory))
{
$query = mysql_query("INSERT * INTO categories (category) VALUES ('$newcategory')";
if($query)
{
echo 'New category added';
}
}
else
{
echo 'Error';
}
}
else
{
echo 'Missing newcategory';
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title> Folder </title>
<body>
<div class="wrap">
<div id="menu">
<ul>
<li><a href='#'>Home</a></li>
<li><a href='#'>Create New Post</a></li>
<li><a href='#'>Delete Post</a></li>
<li><a href='logout.php'>Log Out</a></li>
<li><a href='#'>Blog Home Page</a></li>
</ul>
</div>
<div id="maincontent">
<table>
<tr>
<td>Total Blog Post</td>
<td><?php echo $post_count_result ?></td>
</tr>
<tr>
<td>Total Comments</td>
<td><?php echo $comment_count_result ?></td>
</tr>
</table>
<div id="categoryform">
<form action="members.php" method="post">
<label for="category">Add New Category</label>
<input type="text" name="newcategory"/>
<input type="submit" name="submit" value="Create"/>
</form>
</div>
</div>
</div>
</body>
</html>

$query = mysql_query("INSERT * INTO categories (category) VALUES ('$newcategory')";
should be
$query = mysql_query("INSERT INTO categories (category) VALUES ('$newcategory')";

Categories