PHP refuses to read one of my variables in a MySQL query

[djstrictlylegit]

I'm using $_GET to grab an id from the URL and then storing this in a variable called $taskid like so:

$taskid = $_GET['id'];

This works fine, however earlier in my code I have an UPDATE SQL statement that updates the task when the submit button is pressed, which looks like this:

$updatelist = "UPDATE list SET name='".$_POST['name']."' WHERE taskid = '$taskid'";
$result = mysql_query($updatelist);

For some reason the query does nothing as it fails to read the $taskid variable. However the variable is read with no problem further down in the code. I've tried re-declaring the variable above the query with no luck.

I will be HUGELY appreciative to anyone that can provide any help, this problem has been driving me up the wall for a while. Thanks!

[aj_nsc]

Well, if the code is completely procedural with no functions in it like this:

Code:

//query is here

$taskid = $_GET['id'];

//further usage of $taskid works

Then it's fairly obvious that $taskid can't be read by the query because it's not declared yet.

Why it doesn't work when you move declaration of the variable id before the query, I don't know....but I think the bigger issue is why are you assigning a variable to a variable?

Why not just use the $_GET variable without giving it a different name?

PHP Code:

$updatelist = "UPDATE list SET name='".$_POST['name']."' WHERE taskid = '".mysql_real_escape_string($_GET['id'])."'";
$result = mysql_query($updatelist); 


[SrWebDeveloper]

Based solely on your comment, exactly as you posted it...

PHP Code:

however earlier in my code I have an UPDATE SQL statement 


Um, I'm guessin' you need to move the $taskid=$_GET['id'] before the update statement.

You didn't say what $taskid was set to earlier! PHP will default the string to a null value until it's defined otherwise.

If this turns out not to be the case, apologies for over simplifying and please post the relevant code so we can look more closely.

jim

[SrWebDeveloper]

Why not just use the $_GET variable without giving it a different name?

True. I'm not disagreeing with you on your advice to this OP, just sometimes I personally like to do stuff like this:

$taskid=(isset($_GET['id']) && !empty($_GET['id'])) ? intval(trim($_GET['id'])) : 0;

That allows me to preserve the original value of $GET['id'] which might be necessary sometimes for conditions later in the code, plus I'm not simply copying the value -- I'm testing and cleaning it up to ensure it's an integer or it defaults to 0 otherwise. Just a quickie example, not saying this is perfect code and for all situations.

-jim

[djstrictlylegit]

Thanks for all the replies, they've been massively helpful. Just to confirm I've tried declaring the variable directly before the update statement, but it doesn't get the value:

Code:

$taskid = $_GET['id'];
$updatelist = "UPDATE list SET name='".$_POST['name']."' WHERE taskid = '$taskid'";
$result = mysql_query($updatelist);

Ive also tried doing it this way, with no luck:

Code:

$updatelist = "UPDATE list SET name='".$_POST['name']."' WHERE taskid = '".mysql_real_escape_string($_GET['id'])."'";
$result = mysql_query($updatelist);

Furthermore I tried placing the following before the UPDATE statement and it didn't work:

Code:

$taskid=(isset($_GET['id']) && !empty($_GET['id'])) ? intval(trim($_GET['id'])) : 0;

Yet the PHP successfully retrieves the id further down in the code in a SELECT statement and when I put a value in the SQL statement instead of the variable, it works.

If you're still baffled let me know and I'll post larger chunks of the code or something.

Thank you again!

[skywalker2208]

Can you run the command if you fill in the details by hard coding it for testing purposes?

Like

PHP Code:

$updatelist = "UPDATE list SET name='Test_Name' WHERE taskid = '1'"; 


The other thing I wonder if the database user you are using doesn't have the permission to update data. I don't know if you would get a error from this or not.

[djstrictlylegit]

Can you run the command if you fill in the details by hard coding it for testing purposes?

Like

PHP Code:

$updatelist = "UPDATE list SET name='Test_Name' WHERE taskid = '1'"; 


The other thing I wonder if the database user you are using doesn't have the permission to update data. I don't know if you would get a error from this or not.

I can confirm if I hard code the values in the query executes correctly.

For instance if I run the following query:

$updatelist = "UPDATE list SET name='".$_POST['name']."' WHERE taskid = '1'";
$result = mysql_query($updatelist);

It will successfully update the task.

[djstrictlylegit]

Sorry if it's a bit vague currently, to provide a better idea about the problem I am posting the code (ommitting unnecessary and unrelated html and php).

Please let me know if you spot any problems that prevent the variable $taskid from being used in the UPDATE query.

PHP Code:

<?php
include("scripts/dbconnection.php"); //start database connection 

//checks cookies to make sure they are logged in
if(isset($_COOKIE['ID_my_site']))
{
$email = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM user WHERE email = '$email'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{

//if the cookie has the wrong password, they are taken to the login page
if ($pass != $info['password'])
{ header("Location: login.php");
}

//otherwise they are shown the admin area
else
{
}
}
}
else

//if the cookie does not exist, they are taken to the login screen
{
header("Location: login.php");
}
?>
<?php
//This code runs if the form has been submitted
if (isset($_POST['ieproblem'])) {

//Ensure no fields are left blank
if (!$_POST['task'] | !$_POST['name']) {
die('<script type="text/javascript">
alert("Incomplete Form. \n \nPlease fill in all of the required fields. \n")
window.location="javascript:history.go(-1)";
</script>');
}

// Get the current users id
$getuserid = "SELECT userid FROM user WHERE email = '$email'"; 
$uidresult = mysql_query($getuserid);
while($getuserid_row = mysql_fetch_assoc($uidresult))
foreach($getuserid_row as $key => $activeuserid)

$taskid = $_GET['id'];

// Update the record in the database
$updatelist = "UPDATE list SET name='".$_POST['name']."' WHERE taskid = '$taskid'"; // This query does NOT work - It fails to retrieve the variable $taskid
$result = mysql_query($updatelist);

// Redirect browser
header("Location: list.php");
// Ensure code below does not execute on redirect
exit;

}
else
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
</head>
<body>
<?php

$taskid = $_GET['id'];

// Get the task
$tdetails = "SELECT * FROM list WHERE taskid = '$taskid'"; // This query works - It successfully retrieves the variable $taskid
$tresult = mysql_query($tdetails);
?>
</body>
</html>
<?php
}
?>

[aj_nsc]

Add some breakpoints in your code and some echo statements for debugging purposes just to make sure your code is working.

Also, with all those if else statements, it begs the question - is that section of code even getting executed?

[skywalker2208]

I would suggest trying to print your query to the screen to see what the query actually looks like

PHP Code:

echo "UPDATE list SET name='".$_POST['name']."' WHERE taskid = '$taskid'"; 


[myminimonster]

'm not sure if this will help but when i use variables in a update/search command i have had to do it like this...

PHP Code:

$query=("SELECT * FROM `".$table."` WHERE X BETWEEN ".$Xcord." AND ".$newmaxX." "); 


in the above example

".$Xcord." and $newmaxX are variables and X is a database column name


I got so tied up with this type of thing trying to differentiate between

PHP Code:

' ` " 


Adrian

[djstrictlylegit]

Okay, I've manage to identify where the problem is happening. When I echo out the $taskid variable above the

PHP Code:

 if (isset($_POST['submit'])) { 


to check if the form is submitted, the correct ID is outputted. However if I try to declare and get the ID underneith

PHP Code:

 if (isset($_POST['submit'])) { 


the variable is empty.

PHP Code:

$taskid = $_GET['id']; // This successfully gets the id
echo $taskid; // This successfully echo's the id

//This code runs if the form has been submitted
if (isset($_POST['submit'])) {

$taskid = $_GET['id']; // This returns nothing
echo $taskid; // This echo's nothing 


What could possibly be stopping the variable from being read after the statement that checks if the submit button has been pressed?

[djstrictlylegit]

Thank you everyone for your help. Problem has been solved!

I believe the issue was caused by PHP Bug #18251 which causes lost variables from post action. Further down in the code where the variable was being read, I placed a hidden input field with the $taskid variable in, like so:

PHP Code:

<input type="hidden" name="taskid" value="<?php echo"$taskid"  ?>" />

Then I used $_POST to get the value from the form:

PHP Code:


$updatelist = "UPDATE list SET name='".$_POST['name']."' WHERE taskid = '".$_POST['taskid']."'"; 


I hope that this helps anyone else that experiences this problem, to overcome it.

[qforever]

True. I'm not disagreeing with you on your advice to this OP, just sometimes I personally like to do stuff like this:

$taskid=(isset($_GET['id']) && !empty($_GET['id'])) ? intval(trim($_GET['id'])) : 0;

That allows me to preserve the original value of $GET['id'] which might be necessary sometimes for conditions later in the code, plus I'm not simply copying the value -- I'm testing and cleaning it up to ensure it's an integer or it defaults to 0 otherwise. Just a quickie example, not saying this is perfect code and for all situations.

-jim

Why not just

Code:

$taskid=(int)trim($_GET["id"]);

?

[SrWebDeveloper]

My explanation above explains why in detail. Yours doesn't do all of that.

This isn't a contest to minimize code!!!!