I am outputting all of my user's into a table on a page I have called admincustomers.php. I am then attempting to select EDIT on a specific users record. I then route that to a page called editusers.php. I then want all of that specific users information to be outputted on that page. I am not displaying all of the user information I have in my table on admincustomers.php. So when the edit page loads I want to get all of that users information so I have the ability to edit it.
The issue I am having is I am not quite sure how I can carry over the customers ID and get the information to the next page.
admincustomers.php page
$con = mysqli_connect("localhost","root","","bfb");
$q = mysqli_query($con,"SELECT * FROM users");
?>
<table class="tableproduct">
<tr>
<th class="thproduct">ID</th>
<th class="thproduct">First Name</th>
<th class="thproduct">Last Name</th>
<th class="thproduct">Email</th>
<th class="thproduct">Username</th>
<th class="thproduct">Group</th>
<th class="thproduct"></th>
<th class="thproduct"></th>
</tr>
<?php
if(isset($_POST['id']) && is_numeric($_POST['id'])) {
mysqli_query($con, "DELETE FROM users WHERE id = ". $_POST['id'] ."")
or die("Could not DELETE: " . mysqli_error($con));
"Your product was successfully deleted.";
} else {Session::flash('adminusers', 'User was successfully deleted.');
}
while($row = mysqli_fetch_assoc($q)) :
?>
<form method="POST" action="admincustomers.php">
<tr>
<td class="tdproduct"><?php echo $row['id']; ?> </td>
<td class="tdproduct"><?php echo $row['firstname']; ?> </td>
<td class="tdproduct"><?php echo $row['lastname']; ?> </td>
<td class="tdproduct"><?php echo $row['email']; ?> </td>
<td class="tdproduct"><?php echo $row['username']; ?> </td>
<td class="tdproduct"><?php echo $row['group']; ?> </td>
<td class="tdproduct"><a href='edituser.php?id=<?php echo $row['id']; ?>'>EDIT</a></td>
<input type="hidden" name="id" value="<? echo $row['id']; ?>"/>
<td class="tdproduct"><input name="delete" type="submit" value="DELETE "/></td>
</tr>
</form>
<?php
endwhile;
//Delete message
if(Session::exists('adminusers')) {
echo '<p>' . Session::flash('adminusers') . '</p>';
}
?>
</table>
editusers.php page
I'm trying to escape the users data, but I only get my user information escaped onto the page.
<?php
$_GET['id'];
?>
<form action="" method="post">
<div class="field">
<label for="firstname">First name</label>
<input type="text" name="firstname" class="inputbar" value="<?php echo escape($user->data()->firstname); ?>" required>
</div>
<div class="field">
<label for="lastname">Last name</label>
<input type="text" class="inputbar" name="lastname" value="<?php echo escape($user->data()->lastname); ?>" required>
</div>
<div class="field">
<label for="email">Email</label>
<input type="email" class="inputbaremail" name="email" value="<?php echo escape($user->data()->email); ?>" required>
</div>
<div class="field">
<label for="username">Username</label>
<input type="text" class="inputbar" name="username" value="<?php echo escape($user->data()->username); ?>" required>
</div>
<input type="hidden" name="token" value="<?php echo Token::generate(); ?>">
<label for="signinButton">
<input type="submit" id="signinButton" value="Update">
</label>
</form>
What am I doing wrong and how can I go about fixing this issue?
UPDATE:
$user variable
public function __construct($user = null) {
$this->_db = DB::getInstance();
$this->_sessionName = Config::get('session/session_name');
$this->_cookieName = Config::get('remember/cookie_name');
if(!$user) {
if(Session::exists($this->_sessionName)) {
$user = Session::get($this->_sessionName);
if($this->find($user)) {
$this->_isLoggedIn = true;
} else {
// process Logout
}
}
} else {
$this->find($user);
}
}
