mikelmao Posted August 6, 2008 Share Posted August 6, 2008 i dono why .. but when i save it wont go update the user :/.. <?php include 'connect.php'; if(isset($_SESSION['admin'])) { if($_SERVER['REQUEST_METHOD'] == 'POST') { mysql_query("UPDATE users SET `order`='". $_POST['ord'] ."' AND `admin`='". $_POST['admin'] ."' WHERE id='". $_POST['idz'] ."'") or die("Mysql Query Error: " . mysql_error()); echo "User: ". $_POST['unamez'] .". Please wait to be redirected."; echo "<meta http-equiv=Refresh content=3;url='info.php'>"; } else { $a = mysql_query("SELECT * FROM users WHERE id=". $_GET['user'] .""); while($r = mysql_fetch_array($a)) { echo "<form action='edit.php' method='post'> <input type='hidden' name='idz' value='". $_GET['user'] ."'> Username: <input type='text' name='unamez' value='". $r['uname'] ."' readonly><br> Order: <select name='ord'> <option value='0'>Pending</option> <option value='1'>Approve</option> <option value='2'>Decline</option> </select><br> Power: <select name='admin'> <option value='0'><font color='orange'>Normal User</font></option> <option value='1'><font color='green'>Admin</font></option> </select><br> <input type='submit' value='Update User'>"; } } } else { echo "You need to be admin to view this page."; } ?> Quote Link to comment Share on other sites More sharing options...
Johntron Posted August 6, 2008 Share Posted August 6, 2008 I bet mysql_error() has something for you to read http://www.php.net/manual/en/function.mysql-error.php Also, don't insert data from the user without sanitizing it first. The way you've written your code makes it pretty easy to view your users table using a very simple SQL injection. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.