Variable scope problem ( i think)

PHP
1

Hi

I am struggling with a need for my variable $id to be available throughout my index.php file so that i can identify with record i am going to alter within my database.

HTML Code:
if (isset ($_POST['action']) and $_POST['action'] == 'Search')
{
	$id = mysqli_real_escape_string ($link, $_POST['propid_text']); //Get id input

	if ($id <> '') //if ID not blank
	{
		$sql = 'SELECT id,jobref,House_name, house_number, addline1, addline2, town, County, postcode, fee, job, surveyor, client from property where id = '.$id.'';
		
		
		$result = mysqli_query ($link, $sql);
		
		if (!$result)
		{
			$error = 'Error - Please enter a valid ID. ' . mysqli_error($link);
			include 'error.html.php';
			exit();
		}
		if ($result<>'')
		{
			while ($row = mysqli_fetch_array ($result))
			{
				$invoices[] = array (
				'id' => $row['id'],
				 'House_name' => $row['House_name'],
				 'house_number' => $row['house_number'],
				 'addline1' => $row['addline1'],
				 'addline2' => $row['addline2'],
				 'town' => $row['town'],
				 'county' => $row['county'],
				 'postcode' => $row['postcode'],
				 'fee' => $row['fee'],
				 'job' => $row['job'],
				 'surveyor' => $row['surveyor'],
				 'client' => $row['client']);
			}
				
				include 'list.html.php';
				exit();
	
			/*echo '<pre>';
			print_r($invoices);
			echo '</pre>';  */
		}

	}
	else
	{
		echo 'Enter an ID';
	}
}
		
// Confirm correct record to invoice

if (isset ($_POST['action']) and $_POST['action']=='Invoice')
{
	include 'confirm.html.php';
	exit();
}
	
if (isset ($_POST['action']) and $_POST['action'] = 'Yes')
{
	$id;
	
	echo 'yes was pressed';
	echo $id. ' id still here';
	$test = 1;
}
else if (isset ($_POST['action']) and $_POST['action'] = 'No')
{
	include 'searchform.html.php';
	exit();
}

$id is set early in the first if statement, However it is not available in the if statsments towards the rear. I am thinking this is likely due to the variables ‘scope’ but I am a newb and at a loss as to how to go about making sure it is available throughout.

Any comments regarding this greatly excepted.

Many thanks

2

Ah i see what you mean - ty scallio.

And dont worry i was going to sanitise the input to $id on the second run through, just had it naked to try and see where i was goign so wrong!.

3

The thing is that $id is only available if $_POST[‘action’] is ‘Search’, as per the first if in your file.
So when $_POST[‘action’] is something else than ‘Search’, $id won’t be available. It has nothing to do with variable scope. You only need to worry about those when using functions and/or methods in classes, and you’re using neither of those.

Furthermore, I would mysqli_real_escape_string $id before you actually use it in a query, to avoid unexpected results.

What I would do is add the following line to the top of the script, and remove your current $id= line.


$id = isset($_POST['id']) && ctype_digit($_POST['id']) ? $_POST['id'] : -1;

That sets the id to $_POST[‘id’] if it exists, and to -1 otherwise. -1 is known as a sentinel value, and it assumes that there is no row in the database with id -1, which there probably isn’t.

Lastly, use mysqli_real_escape_string in your query, and in your query only:


$sql = 'SELECT id,jobref,House_name, house_number, addline1, addline2, town, County, postcode, fee, job, surveyor, client from property where id = '.mysqli_real_escape_string($id);

Or, even better, switch to PDO :slight_smile:

HTH