PHP editing value doesn't fully shows the original value

PHP
1

Hi everyone,
The following is a PHP code to edit a line in a MySQL table.
Lots of things do not work in this code. To start with is the following warning message I get when start running it:
“Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\magar\xxx.php on line 16”.
Second is: I do not manage to delete the table when start running. Why is that ?! Evrey time I run it an additional line emerges!
Third: Clicking “Edit”, the existing value of: “Name” shows up at the input editing box. Trouble is: instead of showing: “aaa aaa aaa”
only “aaa” shows up. The rest of the string, apart from the the segment which ends at first space, is not shown ! Why?!
I wish someone could help me with that complication!
Thanks in advance!

<?php 
	$errors = "";
	$name=''; 
	$db = mysqli_connect('localhost', 'root', 'root4qpines', 'magar');
	IF(!$db)
		DIE('' .MYSQLI_CONNECT_ERROR());
	
	mysqli_query($db, "DROP TABLE IF EXISTS 'xxx';");
	mysqli_query($db, "CREATE TABLE xxx(name VARCHAR(128))");
	mysqli_query($db, "INSERT INTO xxx(name) VALUES('aaa aaa aaa')");

	if (isset($_GET['edit_task']))
	{
		$name = $_GET['edit_task'];
		$edid=mysqli_query($db, "SELECT * FROM xxx WHERE name = $name");
		$row=mysqli_fetch_array($edid);
		$errors = $name;
		echo $errors;
	}
	$stations = mysqli_query($db, "SELECT * FROM xxx");
?>
<!DOCTYPE html>
<html>
<head>
	<link href="https://fonts.googleapis.com/css?family=Amatic+SC|Assistant|David+Libre|Heebo|Jua|Varela+Round" rel="stylesheet">
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<style>
	.add_btn
{
	/*height: 39px;*/
	background: #FFF8DC;
	color: #6B8E23;
	border: 2px solid #6B8E23;
	border-radius: 5px;
	/*padding: 5px 20px;*/
}
.btn_td
{
	/*border-left: 1px solid #cbcbcb;	*/
	border-bottom: 1px solid #FFFFFF;
}
	</style>
	
</head>
<body>
	<table>
		<thead>
			<tr>
				
				<th class="name_th" maxlength="50">Name</th>
				<th class="add_th"></th>
				<th class="edit_th"></th>
			</tr>
			<tr>
				<form method="POST" action="xxx.php">
					<td><input type="text" name="name" class="name_input" value=<?php echo htmlspecialchars($name);?>></td>
					<td class="btn_td"><button type="submit" class="add_btn" name="submit">Edit</button></td>
				</form>
			</tr>
			
		</thead>
		<tbody>
			<?php
				while ($row = mysqli_fetch_array($stations))
				{
					echo "<tr>";
					echo "<td class='name_td'>".$row['name']."</td>";
					
					echo "<td class='edit'>
							<a href='xxx.php?edit_task=".$row['name']."'>
								<img src='edit.gif' alt='Smiley face' height='20px' width='20px'>
							</a>
							<span class='tooltiptext'>Edit</span>
						</td>
						</tr>";
				}
			?>								
		</tbody>
	</table>
</body>
</html>
2

You generally see that when the query fails. On failure it returns false, a boolean. So $edid = false`.
Looking at the query:-

SELECT * FROM xxx WHERE name = $name

You earlier set $name to an empty string, so the query looks for an empty sting in the name field, and fails to find one.

3

You’re also vulnerable to SQL Injection attack with that code

1 Like
4

There also looks to be lines of code that won’t run after the die. Unless you are running PHP with zombie mode enabled :man_zombie: you will need to do any cleanup / rollbacks before you stop execution of the script.

5

Thank you all,
The problem as presented here couldn’t be solved so I refined it in another post and fortunately received an helpful solution.
Sorry for the delay in my response, sorry for the confusion.

6

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.