0

I hope someone can help,
I have written the following function - insert_address($address) to write address records to a mysql database. and it writes all the fields except custid.

custid is is the primary index of another table and is stored in the session variable $_SESSION

the function insert_address($address) is called from the form below the function

I have included other bits of code to show session id etc for extra background.

<?php

  function insert_address($address) {
        global $db;


      $sql = "INSERT INTO address ";
      $sql .= "(custid, houseno, street_1, street_2, town, county, postcode, country) ";
      $sql .= "VALUES (";
      $sql .= "'" . db_escape($db, $address['custid']) . "',";
     $sql .= "'" . db_escape($db, $address['houseno']) . "',";
     $sql .= "'" . db_escape($db, $address['street_1']) . "',";
     $sql .= "'" . db_escape($db, $address['street_2']) . "',";
     $sql .= "'" . db_escape($db, $address['town']) . "',";
     $sql .= "'" . db_escape($db, $address['county']) . "',";
     $sql .= "'" . db_escape($db, $address['postcode']) . "',";
     $sql .= "'" . db_escape($db, $address['country']) . "'";
     $sql .= ")";
     $result = mysqli_query($db, $sql);


     // For INSERT statements, $result is true/false

     if($result) {
       return true;
     } else {
       // INSERT failed
       echo mysqli_error($db);
       db_disconnect($db);
       exit;
     }
   }

?>

PHP form

<?php

require_once('../../private/initialize.php');

require_user_login();

if(is_post_request()) {
  $address = [];
  $address ['custid'] = $_POST['custid'] ?? '';
  $address['houseno'] = $_POST['houseno'] ?? '';
  $address['street_1'] = $_POST['street_1'] ?? '';
  $address['street_2'] = $_POST['street_2'] ?? '';
  $address['town'] = $_POST['town'] ?? '';
  $address['county'] = $_POST['county'] ?? '';
  $address['postcode'] = $_POST['postcode'] ?? '';
  $address['country'] = $_POST['country'] ?? '';

  $result = insert_address($address);
  if($result === true) {
//    $new_id = mysqli_insert_id($db);
    $_SESSION['message'] = 'Address Created.';
    redirect_to(url_for('/admin/show.php?id=' . $custid));
  } else {
    $errors = $result;
  }

} else {
  // display the blank form
  $address = [];
  $address['custid'] = $_GET['custid'] ?? '1';
  $address['houseno'] = '';
  $address['street_1'] = '';
  $address['street_2'] = '';
  $address['town'] = '';
  $address['county'] = '';
  $address['postcode'] = '';
  $address['country'] = '';
}


?>

<?php $page_title = 'Create Address'; ?>
<?php include(SHARED_PATH . '/public_header.php'); ?>

<div id="content">

  <a class="back-link" href="<?php echo url_for('/admin/show.php'); ?>">&laquo; Back to Account Page</a>

  <div class="admin new">
    <h1>Create Address</h1>

    <?php echo display_errors($errors); ?>

    <form action="<?php echo url_for('/admin/address.php'); ?>" method="post">
      <dl>
        <dt>House Number</dt>
        <dd><input type="text" name="houseno" value="<?php echo h($address['houseno']); ?>" /></dd>
      </dl>

      <dl>
        <dt>Street</dt>
        <dd><input type="text" name="street_1" value="<?php echo h($address['street_1']); ?>" /></dd>
      </dl>

      <dl>
        <dt>Street 2</dt>
        <dd><input type="text" name="street_2" value="<?php echo h($address['street_2']); ?>" /></dd>
      </dl>

      <dl>
        <dt>Town or City</dt>
        <dd><input type="text" name="town" value="<?php echo h($address['town']); ?>" /></dd>
      </dl>

      <dl>
        <dt>County </dt>
        <dd><input type="text" name="county" value="<?php echo h($address['county']); ?>" /><br /></dd>
      </dl>

      <dl>
        <dt>Post Code </dt>
        <dd><input type="text" name="postcode" value="<?php echo h($address['postcode']); ?>" /><br /></dd>
      </dl>

      <dl>
        <dt>Country </dt>
        <dd><input type="text" name="country" value="<?php echo h($address['country']); ?>" /><br /></dd>
      </dl>

      <br />

      <div id="operations">
        <input type="submit" value="Add Address" />
      </div>
    </form>

  </div>

</div>

<?php include(SHARED_PATH . '/public_footer.php'); ?>



<?php

  require_once('db_credentials.php');

  function db_connect() {
    $connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
    confirm_db_connect();
    return $connection;
  }

  function db_disconnect($connection) {
    if(isset($connection)) {
      mysqli_close($connection);
    }
  }

  function db_escape($connection, $string) {
    return mysqli_real_escape_string($connection, $string);
  }

  function confirm_db_connect() {
    if(mysqli_connect_errno()) {
      $msg = "Database connection failed: ";
      $msg .= mysqli_connect_error();
      $msg .= " (" . mysqli_connect_errno() . ")";
      exit($msg);
    }
  }

  function confirm_result_set($result_set) {
    if (!$result_set) {
       exit("Database query failed.");
    }
  }

?>

I have tried using global variables, and just put it in to try and force the value to be passed, have removed them now but still get the same result, I am using session ID to pass the required variables while moving around from page to page.

<?php
// Performs all actions necessary to log in an customer
function log_in_customer($customer) {
// Renerating the ID protects the customer from session fixation.
  session_regenerate_id();
  $_SESSION['custid'] = $customer['custid'];
  $_SESSION['last_login'] = time();
  $_SESSION['username'] = $customer['username'];
  return true;
}

// Performs all actions necessary to log out an customer
function log_out_customer() {
  unset($_SESSION['custid']);
  unset($_SESSION['last_login']);
  unset($_SESSION['username']);
  // session_destroy(); // optional: destroys the whole session
  return true;
}


// is_logged_in() contains all the logic for determining if a
// request should be considered a "logged in" request or not.
// It is the core of require_login() but it can also be called
// on its own in other contexts (e.g. display one link if a customer
// is logged in and display another link if they are not)
function user_is_logged_in() {
  // Having a cust_id in the session serves a dual-purpose:
  // - Its presence indicates the customer is logged in.
  // - Its value tells which customer for looking up their record.
  return isset($_SESSION['custid']);
}

// Call require_login() at the top of any page which needs to
// require a valid login before granting acccess to the page.
function require_user_login() {
  if(!user_is_logged_in()) {
    redirect_to(url_for('/login.php'));
  } else {
    // Do nothing, let the rest of the page proceed
  }
}

?>

<?php 

// Performs all actions necessary to log out an customer
function log_out_customer() {
  unset($_SESSION['custid']);
  unset($_SESSION['last_login']);
  unset($_SESSION['username']);
  // session_destroy(); // optional: destroys the whole session
  return true;
}
?>

I am sure this is just a simple fix which I can not find!

Improve this question
1
  • I see no session_start() anywhere... Commented Jul 13, 2017 at 13:47

1 Answer 1

Reset to default
1

You are never assigning $_POST['custid']. You should use the session variable that you set on sign-in instead.

Try to use $_SESSION['custid'] in your PHP form. So instead of $address ['custid'] = $_POST['custid'] ?? ''; in your PHP form use this $address ['custid'] = $_SESSION['custid'] ?? ''; I think you are just using the wrong variable.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks Billy, that fixed it.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.