How do I avoid confusion between two different id 's mentionned in one code ?

Question

0.00/5 (No votes)

See more:

Captcha does work on all but not on the "delete" page,

While captcha works fine on all the other pages that do not mention the id, like Login page , Adding a user page , Editing a user page , It doesn't work on the delete page because in that page; the id is already mentionned so how do i fix that?

The "delete a user page"; supp.php :

<pre><?php
if($_GET['id'])
{
$id=$_GET['id'];
include 'connect.php';
$sql = "SELECT * FROM etudiant WHERE id='$id'";
$res = mysqli_query($connect, $sql);
$row = mysqli_fetch_assoc($res);
if (mysqli_num_rows($res)>0)
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Supprimer</title>
</head>
<body>
<p><div align="center"><h1>Voulez vous supprimer l'étudiant(e) <?php echo $row['prenom']; ?> ?</h1></p>
<p><a href="supp2.php?id=<?php echo $row['id']; ?>"><button>Oui</button></a>
<a href="accueil.php"><button>Non</button></a></p>
<?php include ("captcha.php") ?>
</div>
<pre><?php include ("captcha.php") ?>
</div>
</body>
</html>
<?php
}

Main menu page which contains the reading of the deletion; accueil.php :

<?php session_start(); ?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Accueil</title> </head> <body> <?php if(isset($_SESSION['email']) AND isset($_SESSION['password'])) { echo "<h3>Bienvenue ".$_SESSION['prenom']." ".$_SESSION['nom']." !"; echo "<div align='right'><a align='right' href='deconnect.php'><button type='button'>Se déconnecter</button></a></div>"; ?> <table border="1" align="center"> <caption><h1>La liste des étudiants</h1></caption> <tr><td align="center">Photo</td> <td align="center">Matricule</td> <td align="center">Nom</td> <td align="center">Prénom</td> <td align="center">Adresse</td> <td align="center">Date de naissance</td> <td align="center">E-mail</td> <td align="center" colspan="2">Action</td> <td align="center">Suppression Multiple</td> <td align="center">Upload</td></tr> <?php include 'connect.php'; $sql = "SELECT * FROM etudiant"; $res = mysqli_query($connect, $sql); if (mysqli_num_rows($res)>0){ while($row = mysqli_fetch_assoc($res)) { echo "<tr><td>"; ?> <?php if(empty($row['photo'])) { ?> <img src='photos/image.jpg' width="100" height="100"> <?php } else { ?> <img src='photos/<?php echo $row['photo'] ?>' width="100" height="100"> <?php } echo "</td>"; echo "<td align='center'>".$row['matricule']."</td>"; echo "<td align='center'>".$row['nom']."</td>"; echo "<td align='center'>".$row['prenom']."</td>"; echo "<td align='center'>".$row['adresse']."</td>"; echo "<td align='center'>".$row['date_naissance']."</td>"; echo "<td align='center'>".$row['email']."</td>"; if($_SESSION['email']==$row['email'] OR $_SESSION['email']=='medsedkicherif@gmail.com') { echo "<td><a href='Modif.php?id=".$row['id']."'><button type='button'>Modifier</button></a>"; echo "<td><a href='Supp.php?id=".$row['id']."'><button type='button'>Supprimer</button></a></td>"; echo "<form method='POST' action='Supp3.php'><td align='center'><input type='checkbox' name='sup[]' value='".$row['id']."'></form></td>"; echo "<td align='center'><form method='POST' enctype='multipart/form-data' action='upload.php'><input type='file' name='fichier'><input type='submit' value='Valider'></td></tr><input type='hidden' name='id' value='".$row['id']."'></td></tr></form>"; } } echo "<tr><td colspan='9'></td><td colspan='1' align='center'><button>Suppression Multiple</button></td></tr></form>"; } else { echo "<tr><td colspan ='10' align='center'>Pas de données disponibles.</td></tr>"; $sql = "TRUNCATE etudiant"; $res = mysqli_query($connect, $sql); } ?> </table> <p align="center"><a href="ajout.php"><button>Ajouter un étudiant</button></a></p> <?php } else { echo "<div align='center'><h1>Vous n'êtes pas autorisé à acceder a cette page."; echo "<br><a href='index.php'><button type='button'>Retour</button></a></div>"; } ?> </body> </html>

What I have tried:

nothing but here's the google recaptcha i used and which is mentionned in the delete page supp.php

captcha.php :

<!DOCTYPE html> <html> <body> <tr> <td colspan=2 align="center"> <div class="g-recaptcha" data-sitekey="" data-callback="verifyCaptcha"></div> <div Id="g-recaptcha-error"></div> <script src="https://www.google.com/recaptcha/api.js"> { }</script> <tr> <script> function submitUserForm() { var response = grecaptcha.getResponse(); console.log(response.length); if(response.length == 0) { document.getElementById('g-recaptcha-error').innerHTML = '<span style="color:red;">Google recaptcha field is required.</span>'; return false; } return true; } function verifyCaptcha() { console.log('verified'); document.getElementById('g-recaptcha-error').innerHTML = ''; } </script> </body> </html>

Posted 2-Dec-20 13:38pm

Jakezer

Updated 3-Dec-20 6:39am

v3

Add a Solution

Comments

Richard Deeming 3-Dec-20 5:15am

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation / interpolation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

W∴ Balboos, *GHB* · Answer 1 · 2020-12-03T06:39:00

Let me put it very simply: you cannot use the same ID twice on the same page. How in the world would any operation on the item with that ID know which one to work with?

Imagine if you used the same name for two different variable on the page -> they'd be treated like the same one . . . because they are.

There's a way around it, which is to use an <iframe>, but that's really a separate page in almost every aspect and it brings up its own requirements if you need to communicate between it and the parent page.