POST Variables + and loops

[tobyheywood]

Hi folks,

I am creating a form on a web page which contains (initially) a users details. From here the user is able to alter any of the details they wish, such as name, address, etc.

I am using the following code but am experiencing problems. I'm sure it is something simple but...

I sure the problem relates to the potentially lazy way I'm attemping to update the records, is it possible to use variables to specify a $_POST variable?

At the moment the code does not contain validation code but will do once I'm happy that the underly code works.

Would I be better off validating the users input and running a individual update query for each field?

$link = connMyDB($dbh, $dbu, $dbp, $dab);
			
if(!empty($_POST['update'])) {
				
// Ensure all required fields are completed
				
$fields = array('CTitle','CFName','CLName','CAddr1','CCity','CProv','CPCode','CCountry','CTel','CEmail','CURL');

echo '<p class="Txt2Red">';
// initialise err check variable
$errcheck = "0";
foreach ($fields as $fs) {
  if (!empty($_POST[$fs])) {
  switch ($fs) {
	case "CTitle":
	echo 'You must enter your Title.<br>';
	break;
	case "CFName":
	echo 'You must enter your first name(s).<br>';
	break;
	case "CLName":
	echo 'You must enter your last name.<br>';
	break;
	case "CAddr1":
	echo 'You must enter the first line of your address<br>';
	break;
	case "CCity":
	echo 'Please enter the Town or City name<br>';
	break;
	case "CProv":
	echo 'Please enter the county name<br>';
	break;
	case "CPCode":
	echo 'Please enter your postal code<br>';
	break;
	case "CCountry":
	echo 'Please enter your country of residence<br>';
	break;
	case "CTel":
	echo 'Please enter a daytime telephone number<br>';
	break;
	case "CEmail":
	echo 'Please enter your CURRENT WORKING email address';
	break;
	}
  } else {
    $errcheck = '1';
  }
}
echo '</p>';
				
// run update query
				
if ($_POST['update'] == '1' AND $errcheck == '1') {
	foreach($fields as $fs) {
	$upquery = "UPDATE customer SET CTitle='". $_POST[$fs] . "' WHERE AccRef ='" . $_COOKIE['CPV'] . "';";
}
					
$result = mysqli_query($link, $upquery)
 	or die(mysqli_error($link));
}
				
}
$query = "SELECT * FROM customer WHERE AccRef = '" . $_COOKIE['CPV'] . "';";
$result = mysqli_query($link, $query);
$row = mysqli_fetch_row($result);

I recieve the following error

Notice: Undefined index: CTitle in filename...

Thank you in advance.

Toby Heywood

http://www.tobyheywood.co.uk/

 

[kenrbnsn]

If I'm analyzing your code correctly, it looks like your switch statment does the inverse of what you want. i.e. it will issue the error message when the field is filled. Actually, when a form is posted, any text fields that look empty contain a space ( I think).

Here's how I usually have been programing this type of update. The following code assumes that the field names in the form match the fields in the database table.

<?
$err_msg = array('CTitle' => 'You must enter your Title.')
//
// Note: fill in the rest of your error messages as above
//
if (isset($_POST['submit'])) {
   $tmpq = 'update UPDATE customer SET ';
   $tmp = array();
   $errs = array();
   foreach ($_POST as $fld)
      switch ($fld) {
      case 'CTitle':
      case 'CFName':
      case 'CLName':
      case 'CAddr1':
      case 'CCity':
      case 'CProv':
      case 'CPCode':
      case 'CCountry':
      case 'CTel':
      case 'CEmail':
        if (trim($_POST[$fld]) != '')
            $tmp[] = $fld . "='" . urlencode(stripslashes($fld)) . "'";
        else
            $errs[] = $err_msg[$fld];
        break;
      }
   if (!empty($errs))
      echo implode("<br>\n",$errs)."<br>\n";
   else {
      $tmpq .= implode(',',$tmp) . "WHERE AccRef ='" . $_COOKIE['CPV'];
      $result = mysqli_query($link, $tmpq)
     or die(mysqli_error($link));
   }
}

I believe the above code (unchecked for typo's and sytax errors) will do what you're trying to do.

Ken