I have a php form when I click the only the submit button without selecting any options I don't want the system to display :
Notice: Undefined variable: result in C:\XAMPP\htdocs\statistics\lecturer.php on line 83
Warning: mysql_fetch_assoc() expects parameter 1 to be resource, null given in C:\XAMPP\htdocs\statistics\lecturer.php on line 83
So I get the notice and the warning for this line of code: while($unit=mysql_fetch_assoc($result)), especially for the $result.
lecturer.php
<?php
session_start();
include 'connect.php';
$years = array(
2005,
2006,
2007
);
$lecturers = array(
'lec1',
'lec2',
'lec3',
'lec4'
);
if(isset($_POST['submit'])){
$year = mysql_real_escape_string($_POST['year']);
$lecturer = mysql_real_escape_string($_POST['lecturer']);
/*checks if the user types the url of the page that he is not allowed to use, it leads him to the main page so to login*/
if(!isset($_SESSION['username'])){
header("location:../../statistics/main.htm");
}
$username=$_SESSION['username'];
if(!empty($lecturer) && !empty($year)){
if (in_array($lecturer, $lecturers) && in_array($year, $years)) {
$sql = mysql_query("SELECT unit_name,a1,a2,a3,l1,l2,l3,l4,l5,l6,l7,lavg,r1,r2,u1,u2,u3 FROM $lecturer WHERE year=$year)")or die(mysql_error());
$result = mysql_query($sql);
}
else{
echo "Please select a lecturer and a year.";
}
}
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="../../statistics/style.css">
</head>
<body>
<div id="container">
<table id="table" width="900" border="1" cellspacing="1">
<tr>
<td>Unit Name</td>
<td>A1 </td>
<td>A2 </td>
<td>A3 </td>
<td>L1 </td>
<td>L2 </td>
<td>L3 </td>
<td>L4 </td>
<td>L5 </td>
<td>L6 </td>
<td>L7 </td>
<td>LAVG </td>
<td>R1 </td>
<td>R2 </td>
<td>U1 </td>
<td>U2 </td>
<td>U3 </td>
</tr>
<?php
while($unit=mysql_fetch_assoc($result)){
echo "<tr>";
echo "<td>".$unit['unit_name']."</td>";
echo "<td>".$unit['a1']."</td>";
echo "<td>".$unit['a2']."</td>";
echo "<td>".$unit['a3']."</td>";
echo "<td>".$unit['l1']."</td>";
echo "<td>".$unit['l2']."</td>";
echo "<td>".$unit['l3']."</td>";
echo "<td>".$unit['l4']."</td>";
echo "<td>".$unit['l5']."</td>";
echo "<td>".$unit['l6']."</td>";
echo "<td>".$unit['l7']."</td>";
echo "<td>".$unit['lavg']."</td>";
echo "<td>".$unit['r1']."</td>";
echo "<td>".$unit['r2']."</td>";
echo "<td>".$unit['u1']."</td>";
echo "<td>".$unit['u2']."</td>";
echo "<td>".$unit['u3']."</td>";
echo "</tr>";
}
?>
</table>
</div>
</body>
</html>
So i assume your code are in production phase and hiding all errors from displaying. Add these on top of php block:
ini_set('error_reporting', 0); // type of error for displaying
ini_set('display_errors', 0); // 0 = hide errors; 1 = display errors
For testing phase, these codes below will show fatal error and hiding notice and warning:
ini_set('error_reporting', E_ALL & ~E_NOTICE & ~E_WARNING);
ini_set('display_errors', 1); // 0 = hide errors; 1 = display errors
The error message is telling you that you have tried to push ahead with the conditional section of your code without having all the values.
You are asking if the value is not empty which it is not but it is not empty with the value false because the post value was not set.
This is really helping you to write better code - you simply need to understand that there are missing conditions.
In your case take your line:
if(isset($_POST['submit'])){
and add a few additional constraints
if( (isset($_POST['submit'])) && (isset($_POST['year'])) && (isset($_POST['lecturer'])) ){
Now you have simple error checking and will ignore all input unless it is perfect.
However your end users will now complain that sometimes the form does not work. This is also helpful as it is telling you that you could do more with the conditionals
$noerrors = true;
if( !isset($_POST['year']) ){
echo "Did you forget to choose a year?";
$noerrors = false;
}
if( !isset($_POST['lecturer']) ){
echo "Did you forget to choose a lecturer?";
$noerrors = false;
}
if( isset($_POST['submit']) && $noerrors){
//...
The basic "rule" of development that you need to remember is to assume that users will misuse the form or other UI you made and then code for every possible abuse and misuse. Starting from the assumption that someone aims to break your system is often helpful.
Try the following:
The query:
$sql = mysql_query("SELECT `unit_name`, `a1`, `a2`, `a3`, `l1`, `l2`, `l3`, `l4`, `l5`, `l6`, `l7`, `lavg`, `r1`, `r2`, `u1`, `u2`, `u3` FROM `$lecturer` WHERE `year` = $year)") or die (mysql_error());
The backticks will prevent an error know as mysql reserved words
For the while loop do the following:
if(!empty($result)) {
while($unit = mysql_fetch_assoc($result)){
echo "<tr>";
echo "<td>".$unit['unit_name']."</td>";
echo "<td>".$unit['a1']."</td>";
echo "<td>".$unit['a2']."</td>";
echo "<td>".$unit['a3']."</td>";
echo "<td>".$unit['l1']."</td>";
echo "<td>".$unit['l2']."</td>";
echo "<td>".$unit['l3']."</td>";
echo "<td>".$unit['l4']."</td>";
echo "<td>".$unit['l5']."</td>";
echo "<td>".$unit['l6']."</td>";
echo "<td>".$unit['l7']."</td>";
echo "<td>".$unit['lavg']."</td>";
echo "<td>".$unit['r1']."</td>";
echo "<td>".$unit['r2']."</td>";
echo "<td>".$unit['u1']."</td>";
echo "<td>".$unit['u2']."</td>";
echo "<td>".$unit['u3']."</td>";
echo "</tr>";
}
}
If you still get the error / warning echo the $result just before the if statement. and let me know what you get. While trying this remove the 2 lines from #EngCy.
You should also start using mysqli_* or pdo as mysql_* is depracted and will be removed
Update
I looked at the code again and noticed a other error:
$sql = mysql_query("SELECT unit_name,a1,a2,a3,l1,l2,l3,l4,l5,l6,l7,lavg,r1,r2,u1,u2,u3 FROM $lecturer WHERE year=$year)")or die(mysql_error());
$result = mysql_query($sql);
You are basically doing the same here. You first do a query to and set the result to $sql. And when that is done you query $sql this wont work. So you can use $sql in your while loop or say $result = $sql;
Related
I am having an error in php search. If the record is not found it echo "Record Not Found". But if the record is found it is still giving same message "Record Not Found"
<?php
if(isset($_GET['submit']))
{
$search = $_GET["search"];
$result = mysqli_query($conn, "select * from login where password like
'".$_GET['search']."%' or email like '".$search."%' ");
$rows = 0;
while($rows = mysqli_fetch_array($result))
{
?>
<tr>
<td>
<?php echo $rows['email']; ?>
</td>
<td>
<?php echo $rows['password']; ?>
</td>
<td>
Edit ,Del
</td>
</tr>
<?php
$rows++;
}
if($rows == 0)
{
echo "No Record Found";
}
}
?>
The problem here is that you seem to be using your $rows variable for 2 things: counting the rows and fetching the rows.
Rename it to let's say $count for counting and it will solve your problem.
The thing is, your while loop is assigning the result from mysqli_fetch_array to your $rows variable and then evaluating it to see if it continues looping.
If the while loop stopped looping, it means that the last call to mysqli_fetch_array returned a result that is equivalent to false. Therefore, it will always be equivalent to 0 (because false == 0 will return true) in the if right below otherwise it would not have exited the while loop.
Hi I'm using file_get_contents() to search an off site text file, which returns an array as follows:
$foo_data = file_get_contents('http://foo/data_csv.php?code='.$row->code);
$foo_code = explode(",",$foo_data);
$foo_id = $foo_code[9];
If I place the above lines before the MySQL Select statement then the $foo_data variable is empty as it hasnt been initialised yet.
How do I reference this variable in the MySQL statement eg:
SELECT `field1`, `field2`, COUNT(distinct $foo_id) AS Ref
I've tried:
SELECT `field1`, `field2`, COUNT(distinct {$foo_id}) AS Ref
SELECT `field1`, `field2`, COUNT(distinct '{$foo_id}') AS Ref
Anyone know if it's possable to reference a table row from the array obtained in the above file_get_contents() ?
Complete code as follows:
<?php
include $_SERVER['DOCUMENT_ROOT']. '/class2.php';
Global $currentUser;
$user_name = $currentUser['user_loginname'];
$user_call = strtoupper($user_name);
$user_region = $currentUser['user_region'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
</head>
<body>
<?
include("db_uploadlog.php");
if (!file_exists("db_uploadlog.php")) {
echo "Error - Config file is missing!";
}
else
{
$db_2 = mysql_connect($database_host, $database_username, $database_password);
mysql_select_db("db_name") or die("Cannot select database");
$foo_data = file_get_contents('http://foo.com/data_csv.php?code='.$row->code);
$foo_code = explode("|",$foo_data);
$foo_id - $foo_code[9]
$result = mysql_query("SELECT `column1`, `column1_id`, `code`, `column1_region`, '{$foo_id}' AS score FROM $table GROUP BY `column1` ORDER BY score DESC", $db_2);
$rowpos = mysql_num_rows($result);
$mnum = 1;
$mnum2 = 1;
if(mysql_num_rows($result) > 0)
{
?>
<table width="100%" align="center" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="2%"><b>Pos</b></td>
<td><b>Code</b></td>
<td width="10%"><b>Score</b></td>
</tr>
<?
for($i = 0; $i < mysql_num_rows($result); $i++)
{
$row = mysql_fetch_object($result);
?>
<tr>
<td><? echo $mnum2; ?></td>
<td><? echo $row->column1; ?></td>
<td><? echo $row->score; ?></td>
</tr>
<?
$mnum2 = $mnum2 + 1;
$mnum = $mnum + 1;
}
mysql_free_result($result);
mysql_close($db_2);
?>
</table>
</div>
<?
}
}
?>
</body>
</html>
Edited according to comment:
Then your problem is that file_get_contents don't recover data, you have to activate the property allow_url_fopen, set this property to 1 on your php.ini and your code should work
But i recommend you to use curl instead of file_get_contents you will have more control and curl was designed for this isn't it?
"If I place the above lines before the MySQL Select statement then the $foo_data variable is empty as it hasnt been initialised yet. "
This is probably because you reference the results from the MySQL select in your file_get_contents.
Other than that it should work, you are basically making a string in PHP and sending it to the MySQL server for parsing. So to MySQL it wont matter if you type it in by hand or if you use some pregenerated value.
Though, you need to trust the source if you are assembling the string from external sources, otherwise you should use PDO with bindParam.
edit
I see my initial thought was correct,
$foo_data = file_get_contents('http://foo.com/data_csv.php?code='.$row->code);
Here $row->code hasn't been initialized yet so file_get_contents goes to "http://foo.com/data_csv.php?code=" (if it goes anywhere at all).
You need to have another select above $foo_data which sets $row->code.
PHP normally shows an error message, but you probably are running on production mode. If you are testing you can put this in the top of your document
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
?>
Which should help you debug your script a bit better.
I'm a PHP beginner and lately I've been having a problem with my source code.
Here it is:
<html>
<head>
<title>
Bot
</title>
<link type="text/css" rel="stylesheet" href="main.css" />
</head>
<body>
<form action="bot.php "method="post">
<lable>You:<input type="text" name="intrebare"></lable>
<input type="submit" name="introdu" value="Send">
</form>
</body>
</html>
<?php
//error_reporting(E_ALL & ~E_NOTICE);
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("robo") or die(mysql_error());
$intrebare=$_POST['intrebare'];
$query = "SELECT * FROM dialog where intrebare like '%$intrebare%'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result) or die(mysql_error());
?>
<div id="history">
<?php
foreach($row as $rows){
echo "<b>The robot says: </b><br />";
echo $row['raspuns'];
}
?>
</div>
It returns the result 6x times.
This problem appeared when I've made that foreach because I wanted the results to stuck on the page one by one after every SQL query.
Can you please tell me what seems to be the problem? Thanks!
You are doing it wrong. ;-)
First of all you have to fetch your result with mysql_fetch_array in a loop like this:
while (true == ($row = mysql_fetch_array($result))) {
echo "<b>The robot says: </b><br />";
echo $row['raspuns'];
}
Second I want to tell you that all mysql_* functions are marked as deprecated. If you want to learn PHP you should try to learn how to connect to mysql using PDO.
mysql_fetch_array fetches one row per call. You'll want to do like this:
while ($row = mysql_fetch_array($result)) {
echo "<b>The robot says:</b><br>";
echo htmlentities($row['raspuns']);
}
and get rid of that first mysql_fetch_array.
(Notice that i am HTML-escaping the variable output. Unless you know what you're doing, you should not output raw data into a page.)
By the way, mysql_query is effectively deprecated. It is not at all recommended for new code. Take a look at mysqli (the replacement) or PDO (the new hotness). With the new mysqli (objecty) interface, the PHP part would look a bit like this:
<?php
//error_reporting(E_ALL & ~E_NOTICE);
$db = new mysqli('localhost', 'root', '', 'robo');
# turn into a wildcard
$intrebare='%' . $_POST['intrebare'] . '%';
$stmt = $db->prepare('SELECT * FROM dialog WHERE intrebare LIKE ?');
$stmt->bind_param('s', $intrebare);
$result = $stmt->execute();
echo '<div id="history">';
# 5.4 lets you do it like this;
# older versions, try `while ($row = $result->fetch_assoc())`
foreach ($result as $row) {
echo "<b>The robot says: </b><br />";
echo htmlentities($row['raspuns']);
}
?>
You're only getting one result (only one call to mysql_fetch_array()). There are six columns, I bet, in dialog.
...
$result = mysql_query($query) or die(mysql_error());
?>
<div id="history">
<?php
while($row = mysql_fetch_array($result))
{
echo "<b>The robot says: </b><br />";
echo htmlentities($row['raspuns']);
}
?>
</div>
Also, mysql_* functions are being deprecated. Switch to mysqli_* or PDO.
Use while to fetch all the data and check variable names
while($row = mysql_fetch_array($result)){
echo "<b>The robot says: </b><br />";
echo $row['raspuns']; // Here
}
You are trying it reversed way:
<?php
while($row = mysql_fetch_array($result,MYSQL_ASSOC)){
echo '<strong>The robot says: </strong><br />', $row['raspuns'];
}
?>
Try now :)
I'm currently working my way through "PHP and MySQL Web Development." I've successfully created databases and been able to make tables and use the database. I've also successfully completed all the chapters on PHP and have had no problems with PHP not working up to this point. The goal of this page is return search results from a database. It's a pretty simple thing to do but for some reason nothing is being output from the script to the page. I'm getting no errors or anything. It's just blank with the title at the top. Can anyone please help me out with this? Thank you.
Here is the PHP code:
<html>
<head>
<title>Book-O-Rama Search Results</title>
</head>
<body>
<h1>Book-O-Rama Search Results</h1>
<?php
// create short variable names
$searchtype=$_POST['searchtype'];
$searchterm=trim($_POST['searchterm']);
if (!$searchtype || !$searchterm) {
echo 'You have not entered search details. Please go back and try again.';
exit;
}
if (!get_magic_quotes_gpc()){
$searchtype = addslashes($searchtype);
$searchterm = addslashes($searchterm);
}
# $db = new mysqli('localhost', 'bookorama', 'bookorama123', 'books');
if (mysqli_connect_errno()) {
echo 'Error: Could not connect to database. Please try again later.';
exit;
}
$query = "select * from books where ".$searchtype." like '%".$searchterm."%'";
$result = $db->query($query);
$num_results = $result->num_rows;
echo "<p>Number of books found: ".$num_results."</p>";
for ($i=0; $i <$num_results; $i++) {
$row = $result->fetch_assoc();
echo "<p><strong>".($i+1).". Title: ";
echo htmlspecialchars(stripslashes($row['title']));
echo "</strong><br />Author: ";
echo stripslashes($row['author']);
echo "<br />ISBN: ";
echo stripslashes($row['isbn']);
echo "<br />Price: ";
echo stripslashes($row['price']);
echo "</p>";
}
$result->free();
$db->close();
?>
</body>
</html>
You're supressing the errors from the line:
# $db = new mysqli('localhost', 'bookorama', 'bookorama123', 'books');
Thats what the # sign does, remove the # sign and verify that the connection works properly, it might be that your script fails there.
You shouldn't use that, it's not considered good practice as far as I know.
It worked for me! no white page! If you work with a editor including ftp sometimes saving the file failes. than you get a blank file. in that case safe your code and reopen the file.
as for the sql injection try this:
$searchtypes = array('type1','type2');
if (!in_array($searchtype,$searchtypes) || $searchterm=='') {
echo 'You have not entered search details. Please go back and try again.';
exit;
}
You need to create another php page that sends a post request. Here is a sample one:
Take a look at the fiddle:
<html>
<head>
<title>Book-O-Rama Search </title>
</head>
<body>
<h1>Book-O-Rama Search</h1>
<form id='uploadform' method='post' enctype='multipart/form-data' action='link to your search action php page'>
<legend>Submit form</legend><br/>
<div class='form-inputs'>
SearchType <input name='searchtype' id='searchtype'/><br>
SearchTerm <input name='searchterm' id='searchterm'/><br>
<input type="submit" value= "Search" />
</div>
</form>
</body>
</html>
Sorry, I'm not sure how to really word my question. Here it goes.
If you go to my page http://www.eveo.org/stack/view.php you will notice on the right hand side there are links that read "restore" and "delete". If it says restore, the value for the "deleted" table in the database is "y".
The problem: When I click on a link, all of them change, not just the one. What I need to do is when I click on "delete" or "restore" on any of them, only that row will delete and restore and only will that rows link update, with all the others staying the same. The value in the database has to change from "y" to "n" or vice versa depending on the link.
The code that currently changes my link for all of them is:
echo "<td><a href='view.php?'>";
$y="$row[deleted]";
$x="$row[id]";
if ($y == 'n'){
mysql_query("UPDATE inventory SET deleted = 'y' WHERE id='$row[id]'");
echo "delete";
}
else if ($y == 'y'){
mysql_query("UPDATE inventory SET deleted = 'n' WHERE id='$row[id]'");
echo "restore";
}
echo"</a></td>";
I've been trying to solve this for hours, and it's not working.
Requirements: It has to use URL rewriting, so I can't do this change thing with javascript or something, personally I would have, but these are my professors requirements.
Source code:
VIEW.PHP
<?php { ?>
<table border="0" cellpadding="0" cellspacing="0" id="table">
<thead>
<tr>
<th>ID</th>
<th>NAME</th>
<th>MANUFACTURER</th>
<th>MODEL</th>
<th>DESCRIPTION</th>
<th>ON HAND</th>
<th>REORDER</th>
<th>COST</th>
<th>PRICE</th>
<th>SALE</th>
<th>DISCOUNT</th>
<th>DELETE</th>
</tr>
</thead>
<tbody>
<?php } ?>
<?php
// while($r = mysql_fetch_array($resultDeleted))
// {
// echo $r[0];
// }
?>
<?php while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td>$row[id]</td>";
echo "<td>$row[name]</td>";
echo "<td>$row[manufac]</td>";
echo "<td>$row[model]</td>";
echo "<td>$row[descrip]</td>";
echo "<td>$row[onhand]</td>";
echo "<td>$row[reorder]</td>";
echo "<td>$row[cost]</td>";
echo "<td>$row[price]</td>";
echo "<td>$row[sale]</td>";
echo "<td>$row[discont]</td>";
echo "<td><a href='view.php?'>";
$y=$row[deleted];
$x=$row[id];
if ($y == 'n'){
mysql_query("UPDATE inventory SET deleted = 'y' WHERE id='$row[id]'");
echo "delete";
}
else if ($y == 'y'){
mysql_query("UPDATE inventory SET deleted = 'n' WHERE id='$row[id]'");
echo "restore";
}
echo"</a></td>";
echo "</tr>";
} ?>
<?php { ?>
</tbody>
</table>
<?php } ?>
It looks like you are trying to get a $_GET variable using the code:
$y="$row[deleted]";
$x="$row[id]";
This is never going to work. First of all you don't need to add double quotes around your variables. Second the correct syntax for getting the $_GET variables is:
$delete = $_GET['delete'];
$id = $_GET['id'];
As you can see I have given your variable names better descriptive names.
Second, when you are just adding those variables to a query you will have a huge SQL injection hole in your application:
mysql_query("UPDATE inventory SET deleted = 'y' WHERE id='$id'");
What if I was a hacker I would add an id of: 1' or 1=1, which would result in the following query:
UPDATE inventory SET deleted = 'y' WHERE id='1' OR 1=1
And suddenly I set the deleted status of all records in the table. I could even get into others tables using this attack in do whatever I want.
So you should always use mysql_real_escape_string():
$id = mysql_real_escape_string($_GET['id']);
mysql_query("UPDATE inventory SET deleted = 'y' WHERE id='$id'");
So what you will get is the following:
$delete = mysql_real_escape_string($_GET['delete']);
$id = mysql_real_escape_string($_GET['id']);
mysql_query("UPDATE inventory SET deleted = '$delete' WHERE id='$id'");
Another thing is that you don't need to keep opening and closing the PHP tags. Only if you want to add some HTML.
Next:
instead of echoing all that stuff simply use HEREDOC:
So instead of doing:
echo "<tr>";
echo "<td>$row[id]</td>";
echo "<td>$row[name]</td>";
echo "<td>$row[manufac]</td>";
echo "<td>$row[model]</td>";
echo "<td>$row[descrip]</td>";
echo "<td>$row[onhand]</td>";
echo "<td>$row[reorder]</td>";
echo "<td>$row[cost]</td>";
echo "<td>$row[price]</td>";
echo "<td>$row[sale]</td>";
echo "<td>$row[discont]</td>";
echo "<td><a href='view.php?'>";
You can simply do:
echo <<<HTML
<tr>
<td>{$row['id']}</td>
<td>{$row['name']}</td>
etc
FOOBAR;
As you can see it need quotes to get an array element.
After that you should build your links:
$delete = 'n';
if ($row['deleted'] == 'n') {
$delete = 'y';
}
echo 'delete';
As a general note:
ALWAYS ENABLE FULL ERROR REPORTING ON DEV ENVIRONMENT so you can see what the f*&k is going on / wrong. So place this at the top of your scripts:
error_reporting(E_ALL | E_STRICT);
ini_set('display_errors', 1);
What you want will not work like that. Your code changes your database entries upon each refresh. To illustrate, if you will keep refreshing your page, the links will change from deleted to restored and vice versa indefinitely.
What you need to do is take those two update clausules out of the loop, give each link an id. Something along the lines of
if ($y == 'n'){
echo "<a href='view.php?link_id=$row[id]&case=delete'>delete</a>";
}
else if ($y == 'y'){
echo "<a href='view.php?link_id=$row[id]&case=restore'>restore</a>";
}
Then somewhere above the loop you would to the actual update.
if(!empty($_GET['link_id'])) {
if($_GET['case'] == 'restore') {
// udpate
} else {
// update
}
}
The other way would be to use a form for this. Then you would just catch the post request and do the same thing.
if($_SERVER['REQUEST_METHOD'] == 'POST') {
// do stuff
}
or
if(!empty($_POST)) {
// do stuff
}
You need to pass the id to the query, maybe something like this:
<?php while($row = mysql_fetch_array($result)) {
if($row['deleted']=='y'){$status='restore';}else{$status='delete';}
echo "<tr>";
echo "<td>{$row['id']}</td>";
echo "<td>{$row['name']}</td>";
echo "<td>{$row['manufac']}</td>";
...
echo "<td><a href='view.php?id={$row['id']}&do=$status'>".ucfirst($status)."</a></td>";
echo "</tr>";
?>
Then have the script receive a request to alter the values, something like this would go at the top of your script:
<?php
if(isset($_GET['id']) && is_numeric($_GET['id']) && isset($_GET['do'])){
$set=null;
$id=(int)$_GET['id'];
if($_GET['do']=='delete'){$set='n';}
if($_GET['do']=='restore'){$set='y';}
if($set != null){
mysql_query("UPDATE inventory SET deleted = '$set' WHERE id='$id'");
}
}
?>