-1

I'm currently using HTML, PHP and MySQL to learn how to make a working web interface. But after doing a var_dump(); I get an error message saying "NULL SELECT devices, description, room, status, id FROM devices WHERE id=8"

My original idea is to check if my checkbox is checked or not, but currently I can only change it from checked to unchecked and through the submit button update the database. But not the other way around. Which is how I found this issue.

What I have read is that NULL SELECT is that nothing is being selected from the database at all. But when checking the syntax of my query I can't find what is wrong with it.

First part of my code is the following. Please keep in mind that any var_dump(); and any stray echo(); is me trying to debug my code.

   var_dump($_POST);
   if (isset($_POST['id']) and isset($_SESSION['username'])) {
      $temp_id = $_POST['id'];
      $query = <<<END
    UPDATE devices
    SET devices = '{$_POST['devices']}',
    description = '{$_POST['description']}',
    room = '{$_POST['room']}',
    status = '{$_POST['status']}',
    WHERE id = '{$_POST['id']}'
END;

$db->query($query);
header('Location:controlpage.php');
}
var_dump($query);


if (isset($_GET['id']))
$temp_id = $_GET['id'];

second part where I submit to database is this:

// submit to database
$content = "";
$query = "SELECT devices, description, room, status, id FROM devices WHERE id={$temp_id}";
echo($query);
$res = $db->query($query);
if ($res->num_rows > 0) {
    $row = $res->fetch_object();
    $status = "";
    if ($row->status)
    $status = "checked";
    $content = <<<END
    <div>
        <form method="post" action="edit-device.php">
            <div class="form-group">
                <label for="exampleInputUsername">Device name</label>
                <input type="text" value="$row->devices" name="devices" class="form-control" id="exampleInputUsername" aria-describedby="usernameHelp">
            </div>
            <div class="form-group">
                <label for="exampleInputPassword1">Description</label>
                <input type="text" value="$row->description" name="description" class="form-control" id="exampleInputPassword1">
            </div>
            <div class="form-group">
                <label for="exampleInputUsertype">Room</label>
                <input type="text" value="$row->room" name="room" class="form-control" id="exampleInputUsertype">
            </div>
            <div class ="form-group">
                <label for="status">Status</label>
                <input type="checkbox" id="status" $status name="status">
            </div>
            <button type="submit" value="submit" class="btn btn-primary">Submit</button>
            <button type="Reset" value="reset" class="btn btn-info">Reset</button>
            <input type="hidden" name="id" value="$temp_id"> 
        </form>
    </div>
END;
};
echo $content;
Dharman
  • 21,838
  • 18
  • 57
  • 107
Turbokitten
  • 1
  • 1
    remove the comma after `status = '{$_POST['status']},` And in future add error reporting to you code and it will tell you whats wrong – RiggsFolly May 04 '21 at 13:19
  • 1
    Your script is open to [SQL Injection Attack](http://stackoverflow.com/questions/60174). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187) You should alway use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's instead of concatenating user provided values into the query. Never trust ANY user input! – RiggsFolly May 04 '21 at 13:20

0 Answers0