peranha

Are you getting any error messages, or anything on the screen?

This will select the information from the SQL database and put it in a table for editing. <HTML> <HEAD> <TITLE>Users Personal Information</TITLE> </HEAD> <BODY> <?PHP // open connection $connection = mysql_connect($server, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); // create query $query = "SELECT username, password, firstname, lastname, address, city, state, ZIP, phone, date, userlevel FROM table where username = 'username"; // execute query $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); // see if any rows were returned if (mysql_num_rows($result) > 0) { // yes // print them one after another echo "<table aling=left cellpadding=1 border=1 bgcolor=lightblue>"; while($row = mysql_fetch_row($result)) { ?> <form action="useredit1.php" method="post"> <TR><TD>Password:</TD><TD> <input type="password" name="password" value="<?PHP echo $row[1]; ?>"></TD></TR> <TR><TD>First Name:</TD><TD> <input type="text" name="firstname" value="<?PHP echo $row[2]; ?>"></TD></TR> <TR><TD>Last Name:</TD><TD> <input type="text" name="lastname" value="<?PHP echo $row[3]; ?>"></TD></TR> <TR><TD>Address:</TD><TD> <input type="text" name="address" value="<?PHP echo $row[4]; ?>"></TD></TR> <TR><TD>City:</TD><TD> <input type="text" name="city" value="<?PHP echo $row[5]; ?>"></TD></TR> <TR><TD>State:</TD><TD> <input type="text" name="state" value="<?PHP echo $row[6]; ?>"></TD></TR> <TR><TD>Zip Code:</TD><TD> <input type="text" name="zip" value="<?PHP echo $row[7]; ?>"></TD></TR> <TR><TD>Phone:</TD><TD> <input type="text" name="phone" value="<?PHP echo $row[8]; ?>"></TD></TR> <TR><TD size=6><input type="submit" name="submit" value="submit"></TD></TR> <?PHP } echo "</table>"; } else { // no // print status message echo "No rows found!"; } // close connection mysql_close($connection); ?> </BODY> </HTML> This will make sure all required fields are filled in, and process if they are. <HTML> <HEAD> <TITLE>Users Personal Information</TITLE> </HEAD> <BODY> <?php // open connection $connection = mysql_connect($server, $user, $pass) or die ("Unable to connect!"); // escape input values for greater safety $password = empty($_POST['password']) ? die ("ERROR: Enter User Password") : mysql_escape_string($_POST['password']); $firstname = empty($_POST['firstname']) ? die ("ERROR: Enter User First Name") : mysql_escape_string($_POST['firstname']); $lastname = empty($_POST['lastname']) ? die ("ERROR: Enter User Last Name") : mysql_escape_string($_POST['lastname']); $address = empty($_POST['address']) ? die ("ERROR: Enter User Address") : mysql_escape_string($_POST['address']); $city = empty($_POST['city']) ? die ("ERROR: Enter User City") : mysql_escape_string($_POST['city']); $state = empty($_POST['state']) ? die ("ERROR: Enter Users State") : mysql_escape_string($_POST['state']); $zip = empty($_POST['zip']) ? die ("ERROR: Enter Users Zip Code") : mysql_escape_string($_POST['zip']); $phone = empty($_POST['phone']) ? die ("ERROR: Enter Users phone number") : mysql_escape_string($_POST['phone']); // select database mysql_select_db($db) or die ("Unable to select database!"); // create query $query = "UPDATE rel_users SET password='$password', firstname='$firstname', lastname='$lastname', address='$address', city='$city', state='$state', zip='$zip', phone='$phone' WHERE username = 'username'"; // execute query $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); // close connection mysql_close($connection); ?> You will need to change the username to what every function you use to store the user name. This is also if you are using a MYSQL database.

Go to the Apache error log, and is there any errors in there?

This is to set the cookie setcookie("name", $_POST['name'], time()+(3600 * 2)); This is at the top of every page you are looking for the cookie if (!isset($_COOKIE['name'])) die ("you cannot access this page"); This is what I use, and it works fine.

Notepad++ is what I use. So far it is the best I have found.

I am new to PHP, and am learning as I go, so that is why I am doing it this way, if you could give me an example of it different, and with shorter code, that would be great. Thanks for the advice as well, I will look into that.

Got this figured out, had to add // open connection $connection = mysql_connect($server, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); $sql_pass_get = "SELECT * FROM rel_users WHERE username = '$_REQUEST[username]'"; $user_info = mysql_fetch_array(mysql_query($sql_pass_get)); $_SESSION['userlevel'] = $user_info['userlevel']; if ($_SESSION['userlevel'] == 10) { echo "<font color=RED>You are an administrator and have access to this page.</font><br />"; }else { echo die ("<font color=RED>You do not have access to this page, Return to the <a href=home.php>Home</a> Page.</font>"); } To the top of the page.

That is what I want to do is check to see if the user is level 10 or higher on this page, if level 10, continue, if less level, give error message, but not sure as to how to do this. I am woundering if there is a session, or cookie that i need to add with the value of 10 or something, and how to check for that.

I have an administrator page to see users logged in, block users, change passwords, that sort of thing, and want only administrators with level 10 access to access the page, all other users get an error message. They have their own information page to update info, and dont need to access everyone else's info. I am wounder if there is a way to put something into a session, or cookie such as 10, or admin, and have the page look for that when someone looks at the page, and if that isnt there, to give them an error, or redirect them to another page. As in my database, I have a user level field that admins are level 10, and users are level 1. I did this so I can set different user levels later if needed.

I am woundering if anyone can help me. I am trying to secure a page to only admins, no all registered users. I have a login script in place, and all other pages. I am using PHP 5, Apache 2.2.3, MySQL 5. Here is the table CREATE TABLE `rel_users` ( `userid` int(15) NOT NULL auto_increment COMMENT 'Unique id for user', `username` varchar(50) NOT NULL COMMENT 'Unique Username for user', `password` varchar(50) NOT NULL COMMENT 'Password for user', `firstname` varchar(50) NOT NULL COMMENT 'User First Name', `lastname` varchar(50) NOT NULL COMMENT 'User Last Name', `address` varchar(150) NOT NULL COMMENT 'User Address', `city` varchar(50) NOT NULL COMMENT 'User City', `state` varchar(2) NOT NULL COMMENT 'User State Abbreviation', `zip` varchar(10) NOT NULL COMMENT 'User Zip Code', `phone` varchar(10) NOT NULL COMMENT 'User Phone Number', `date` date NOT NULL COMMENT 'Date User was added', `userlevel` int(10) NOT NULL default '1' COMMENT 'User Level Access', PRIMARY KEY (`userid`) ) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1; I want a user at userlevel 10 to access all pages, and user at userlevel below 10 to not have access to this page. If anyone is willing to help, that would be appreciated. Not sure how to do this in anyway, tried many things, but to no avail. Thanks in advance

If I cant use the POST statement in the insert statement, why does it work in the Print_r statement.  ???

I am trying to figure this out, but cannot.  If you could give an example, that would be great.  Thanks for the help so far.

Changed the code to look like this, and tried all that I can think of at no luck of it working. <?PHP // set server access variables $host = "localhost"; $user = "user"; $pass = "passwork"; $db = "equipment"; // open connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); //this code is bringing in the values for the dropdown. $query="SELECT * FROM facilities"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ $result = mysql_query ($query); echo "<select name=\"facilities\" value=''>Facilities Name</option>"; // printing the list box select command while($nt=mysql_fetch_array($result)){//Array or records stored in $nt echo "<option value=\"$nt[facilityid]\">$nt[facilityname]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box //this code is bringing in the values for the dropdown. $query1="SELECT * FROM cameras"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ $result1 = mysql_query ($query1); echo "<select name=\"cameras\" value=''>Cameras model</option>"; // printing the list box select command while($nt1=mysql_fetch_array($result1)){//Array or records stored in $nt1 echo "<option value=$nt1[cameraid]>$nt1[model]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box //this code is bringing in the values for the dropdown. $query2="SELECT * FROM misc"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ $result2 = mysql_query ($query2); echo "<select name=\"misc\" value=''>misc building</option>"; // printing the list box select command while($nt2=mysql_fetch_array($result2)){//Array or records stored in $nt2 echo "<option value=$nt2[miscid]>$nt2[building]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box // create query //$query = "INSERT INTO facility_cameras (facilityid, cameraid, miscid) VALUES ('".$_POST['nt']."', '".$_POST['nt1']."', '".$_POST['nt2']."')"; // execute query //$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); $query4 = print_r($_POST); // close connection mysql_close($connection); ?> Every time I uncomment the $query Insert line, the page doesnt load, and this is what shows up in my Apache error log.  Undefined index:  nt, nt1, nt2.

OK, I did the print, and here is what I get when I select different dropdown items in the web page.  It changes to correspond with the item selected.  Array ( [submit] => Submit Query [facilities] => 8 [cameras] => 4 [misc] => 9 )  This is with the following. // create query //$query = "INSERT INTO facility_cameras (facilityid, cameraid, miscid) VALUES ("$_POST['$nt']", "$_POST['$nt1']", "$_POST['$nt2']")"; // execute query //$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); Thanks for the help and the patients.

This is all new to me, I just started with PHP, MYSQL about 2 weeks ago, and am still getting the hang of it.  When I put in the print_r($_POST) at the beginning of the PHP code, I just get a blank white screen.  Is there any thing else I need to put in front of it or behind. 

I tried this, at no luck.  Here is the error I am getting if it helps any.  This is all new to me, but it looks as though it is not getting the ID for some reason. Error in query: INSERT INTO facility_cameras (facilityid, cameraid, miscid) VALUES ('', '', ''). Out of range value adjusted for column 'facilityid' at row 1

Did this, and still no luck.  This is the error I get when loading the web page. Error in query: INSERT INTO facility_cameras (facilityid, cameraid, miscid) VALUES ("$_POST["nt"]", "$_POST["nt1"]", "$_POST["nt2"]"). You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'nt"]", "$_POST["nt1"]", "$_POST["nt2"]")' at line 1

I tried this, but had no luck working.  I added a $ in the first NT field, and no luck, so I tried it without the $ signs in it at all, and no luck.  I will try to split the pages up when I get this working on one page though.  I never thought that it would make an empty insert request.  When I try to load it, it just comes up with a blank white page, no errors.  If I comment out the $query line, it loads the page fine.  Here are the last lines of the code.  The rest stayed the same. echo "</select>";// Closing of list box // create query $query = "INSERT INTO facility_cameras (facilityid, cameraid, miscid) VALUES ("$_POST['$nt']", "$_POST['$nt1']", "$_POST['$nt2']")"; // execute query $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); // close connection mysql_close($connection); Thanks again.

Here is the code. <HTML> <HEAD><TITLE>Test Page</TITLE> </HEAD> <BODY> <form action="dropdownupload.php" method="post"> <input type="submit" name="submit"> <?PHP // set server access variables $host = "localhost"; $user = "user"; $pass = "password"; $db = "equipment"; // open connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); //this code is bringing in the values for the dropdown. $query="SELECT * FROM facilities"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ $result = mysql_query ($query); echo "<select name=\"facilities\" value=''>Facilities Name</option>"; // printing the list box select command while($nt=mysql_fetch_array($result)){//Array or records stored in $nt echo "<option value=\"$nt[facilityid]\">$nt[facilityname]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box //this code is bringing in the values for the dropdown. $query="SELECT * FROM cameras"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ $result = mysql_query ($query); echo "<select name=\"cameras\" value=''>Cameras model</option>"; // printing the list box select command while($nt1=mysql_fetch_array($result)){//Array or records stored in $nt1 echo "<option value=$nt1[cameraid]>$nt1[model]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box //this code is bringing in the values for the dropdown. $query="SELECT * FROM misc"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ $result = mysql_query ($query); echo "<select name=\"misc\" value=''>misc building</option>"; // printing the list box select command while($nt2=mysql_fetch_array($result)){//Array or records stored in $nt2 echo "<option value=$nt2[miscid]>$nt2[building]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box // create query $query = "INSERT INTO facility_cameras (facilityid, cameraid, miscid) VALUES ('$nt', '$nt1', '$nt2')"; // execute query $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); // close connection mysql_close($connection); ?> </form> </BODY> </HTML>

I am trying to get a site up and running.  I have 4 tables.  A camera table, a facility table, a misc table,and a table that has foreign keys to each of these 3 tables.  I have a dropdown list and need to input the id from each of the tables into the corresponding columns of the last table.  I can put the page online if needed.  Like I said the drop downs work, but the insert doesnt insert the id of what the user selects.  If anyone can help that would be great.  I can give as much info as needed, and even export the sql statements if needed, and the PHP script I have so far. Thanks in advance for the help.