PHP Deleting Records

[gfX]

I have an image hosting script here - and this is in the admin.php file. It will list all the registered users and then I click "Edit Details" and here is the script for that:

[code]
<fieldset class="fi">
    <legend>Basic Details</legend>
        <?php
            if($_POST['basic']) {
                if($_POST['password'] !== "")
                    $pass = md5($_POST['password']);
                }else{
                    $pass = $_POST['password'];
                @mysql_query("UPDATE users SET nickname='$_POST[nickname]', password='$pass', email='$_POST[email]' WHERE nickname='$_GET[user]'");
                echo "<h2>Updated</h2>";
            }
        ?>
        <form name="basic" action="admin.php?request=users&user=<?=$var['nickname']; ?>&act=do" method="post">
        <b>Username</b>: <input class="text" name="nickname" size="40" value="<?=$var['nickname']; ?>"><br />
        <b>Edit Password</b>: <input class="text" name="password" size="40" value=""><br />
        <b>Email</b>: <input class="text" name="email" size="40" value="<?=$var['email']; ?>">
        <input type="submit" name="basic">
        </form>
</fieldset>    
[/code]

But that script keeps messing up. When I click Edit details - It goes to that page but it already has the heading "Updated" and the values are there - and then when I click submit it updates the record in the database to nothing. Blank.
So when I go to edit the user, it wont let me because all the values and username are ""
and I have to keep restoring in the database.

So I don't get to edit anything, whenever I click Edit Details for the user - it updates just when I go to the page and it won't let me update.

Anyone see anything wrong with teh code?

Thanks

[.josh]

look at your if statement. "if the posted password does not equal "" encrypt it. Otherwise, update the database." Does that make sense to you? Your if statement should be something like this: "if the posted password does not equal "", encrypt it and update the database. Otherwise, spit out a "no password given error".

But what would be even better, would be to check to make sure that a) password is also set, not just not equal to "", and also check to make sure nickname and email is also set.

[code]
      <?php
            if($_POST['basic']) {
                if($_POST['password'] !== "")
                    $pass = md5($_POST['password']);
                }else{
                    $pass = $_POST['password'];
                @mysql_query("UPDATE users SET nickname='$_POST[nickname]', password='$pass', email='$_POST[email]' WHERE nickname='$_GET[user]'");
                echo "<h2>Updated</h2>";
            }
        ?>
[/code]

[gfX]

Well if they didn't put a password - it would still be the old one. Because this is for admins, and what if they just want to update the users e-mail address.

And even if I edit that stuff, The page still messes up. It says "UPDATED" just when I go to that page and clears that record in the database with blanks.

[.josh]

you aren't listening. look at your if statements. verbally say them. the only way your query is going to run is if $_POST['password'] equals "" in other words, nothing. The only thing your if statemend DOES do is if someone enters something in the password field, it encrypts it. Nothing else. No query update, no nothing.

[gfX]

Alright, I understand. So can you give me the correct code for this script to work? I tryed and it still did the same thing for me. Weird


Thankss.

[.josh]

i told you how to write it in my previous post.
[code]
$password = $_POST['password'];
//if the user entered in a password...
if (isset($password) && trim($password) != '') {
  $password = md5($password);
  //update query here
} else {
  //if they did not enter in a password, do this...
  //or don't have an else, if you don't want it
  //to do anything if they did not enter a pw in
}
[/code]