andrew_biggart Posted March 1, 2009 Share Posted March 1, 2009 Ok im trying to make a simple update your profile information page and the problem i have is that when i try and update any of the information it completly wipes all of the users from my database. this is my form code. <table class="myprofile_change"> <tr><td class="myprofile_changesh">Edit Profile</td></tr> <tr><td class="myprofile_subtext2">Scroll down, complete the fields, then click Save Changes to update your profile. All of the following questions are optional, but you must answer a minimum of 5 to appear in our search results.</td></tr> <tr><td></td></tr> </table> <br /> <table> <tr><td class="myprofile_changesh">General Info ...</td></tr> </table> <form method="post" action="profile_edit_submit.php"> <?php include("config_members.php"); // Retrieve data from database $sql="SELECT * FROM User_infoT WHERE Username='".$_SESSION["myusername"]. "'"; $result=mysql_query($sql); // Start looping rows in mysql database. while($rows=mysql_fetch_array($result)){ ?> <table class="myprofile_change"> <tr><td class="myprofile_subtext">Location :</td><td><input name="Location" id="Location" type="text" value="<? echo $rows['Location']; ?>" /></td></tr> <tr><td class="myprofile_subtext">Favourite smoking method :</td> <td><select name="Fav" id="Fav"style="width: 126px"> <option>Choose</option> <option>Joint</option> <option>Blunt</option> <option>Tulip</option> <option>Bong</option> <option>Lung</option> <option>Bucket</option></select></td></tr> <tr><td class="myprofile_subtext">Favourite quote :</td><td><input name="Quote" id="Quote"type="text" style="width: 246px" maxlength="50 "value="<? echo $rows['Quote']; ?>" /></td><td class="myprofile_max">Max 50 characters</td></tr> <tr><td></td></tr> </table> <br /> <table> <tr><td class="myprofile_changesh">About me ...</td></tr> </table> <br /> <table> <tr><td class="myprofile_subtext">About Yourself :</td><td rowspan="2"><textarea name="Aboutme" id="Aboutme" style="width: 415px; height: 135px"><? echo $rows['Aboutme']; ?></textarea></td></tr> <tr><td class="myprofile_max2">Use <br /> to separate paragraphs instead of using the return button</td></tr> </table> <br /> <table class="myprofile_change"> <tr><td class="myprofile_subtext">Why do you love weed? :</td> <td rowspan="2"><textarea name="Whywe" id="Whywe" style="width: 415px; height: 135px" ><? echo $rows['Whywe']; ?></textarea></td></tr> <tr><td class="myprofile_max2">Use <br /> to separate paragraphs instead of using the return button</td></tr> <tr><td></td></tr> </table> <br /> <table> <tr><td class="myprofile_changesh">Personal info ...</td></tr> </table> <br /> <table class="myprofile_change"> <tr><td class="myprofile_subtext">Interests :</td><td><input name="Interests" id="Interests" type="text" style="width: 246px" value="<? echo $rows['Interests']; ?>" /></td><td class="myprofile_max">Max 50 characters</td></tr> <tr><td class="myprofile_subtext">Makes me happy :</td><td><input name="Happy" id="Happy"type="text" style="width: 246px" value="<? echo $rows['Happy']; ?>"/></td><td class="myprofile_max">Max 70 characters</td></tr> <tr><td class="myprofile_subtext">Makes me sad :</td><td><input name="Sad" id="Sad"type="text" style="width: 246px" value="<? echo $rows['Sad']; ?>" /></td><td class="myprofile_max">Max 70 characters</td></tr> <tr><td class="myprofile_subtext">Bad habits :</td><td><input name="Habits" id="Habits"type="text" style="width: 246px" value="<? echo $rows['Habits']; ?>" /></td><td class="myprofile_max">Max 60 characters</td></tr> <tr><td></td></tr> </table> <br /> <table> <tr><td class="myprofile_changesh">Favourite things ...</td></tr> </table> <br /> <table class="myprofile_change"> <tr><td class="myprofile_subtext">Music :</td><td><select id="Music"name="Music" style="width: 126px"> <option>Choose</option> <option>Dance</option> <option>RnB</option> <option>Funky House</option> <option>Indie</option> <option>Rock</option> <option>Electro</option> <option>Chillout</option> </select></td></tr> <tr><td class="myprofile_subtext">Movies :</td><td><input name="Movie" id="Movie"type="text" style="width: 246px" value="<? echo $rows['Movie']; ?>" /></td><td class="myprofile_max">Max 100 characters</td></tr> <tr><td class="myprofile_subtext">Website :</td><td><input name="Website" id="Website"type="text" style="width: 246px" value="<? echo $rows['Website']; ?>"/></td><td class="myprofile_max">No spamming</td></tr> <tr><td></td></tr> </table> <? // close while loop } // close connection mysql_close(); ?> <br /> <table> <tr><td class="myprofile_changesh">Save the changes to your profile ...</td></tr> <tr><td></td></tr> <tr><td></td></tr> </table> <br /> <table class="myprofile_change"> <tr><td><input name="Submit1" type="submit" value="Change that shit !" /></td></tr> </table> <br /> <br /> <br /> <br /> <br /> <br /> </form> and then this is the php i have used to change the information <?php include("config_members.php"); $Username = ($_POST['Username']); $Password = ($_POST['Password']); $Email = ($_POST['Email']); $Location = ($_POST['Location']); $Fav = ($_POST['Fav']); $Quote = ($_POST['Quote']); $Interests = ($_POST['Interests']); $Happy = ($_POST['Happy']); $Sad = ($_POST['Sad']); $Habits = ($_POST['Habits']); $Music = ($_POST['Music']); $Movie = ($_POST['Movie']); $Website = ($_POST['Website']); $Aboutme = ($_POST['Aboutme']); $Whywe = ($_POST['Whywe']); $sql = "UPDATE User_infoT SET Username='$Username', Password='$Password', Email='$Email', Location='$Location', Fav='$Fav', Quote='$Quote', Interests='$Interests', Happy='$Happy', Sad='$Sad', Habits='$Habits', Music='$Music', Movie='$Movie', Website='$Website', Aboutme='$Aboutme', Whywe='$Whywe'"; $result=mysql_query($sql) or die(mysql_error().": $sql"); if($result){ header("my_profile.php"); } else { echo"Error, Please try again insuring you have filled in all the required fields"; header("profile_edit.php"); } // close connection mysql_close(); ?> would i be best rewriting the code or can anyone spot any obvious errors? Thanks Quote Link to comment Share on other sites More sharing options...
jackpf Posted March 1, 2009 Share Posted March 1, 2009 It actually removes all users from the database, or just deletes their info? But it seems you haven't set the- WHERE username='$username' You need to specify which user you want to update. Quote Link to comment Share on other sites More sharing options...
andrew_biggart Posted March 1, 2009 Author Share Posted March 1, 2009 it just clears all records from the database is this better do u think? i have added a WHERE statment in there but im scared to try it incase it deletes all users again <?php include("config_members.php"); $Username = ($_POST['Username']); $Password = ($_POST['Password']); $Email = ($_POST['Email']); $Location = ($_POST['Location']); $Fav = ($_POST['Fav']); $Quote = ($_POST['Quote']); $Interests = ($_POST['Interests']); $Happy = ($_POST['Happy']); $Sad = ($_POST['Sad']); $Habits = ($_POST['Habits']); $Music = ($_POST['Music']); $Movie = ($_POST['Movie']); $Website = ($_POST['Website']); $Aboutme = ($_POST['Aboutme']); $Whywe = ($_POST['Whywe']); $sql = "UPDATE User_infoT WHERE Username='".$_SESSION["myusername"]. "' SET Username='$Username', Password='$Password', Email='$Email', Location='$Location', Fav='$Fav', Quote='$Quote', Interests='$Interests', Happy='$Happy', Sad='$Sad', Habits='$Habits', Music='$Music', Movie='$Movie', Website='$Website', Aboutme='$Aboutme', Whywe='$Whywe'"; $result=mysql_query($sql) or die(mysql_error().": $sql"); if($result){ header("my_profile.php"); } else { echo"Error, Please try again insuring you have filled in all the required fields"; header("profile_edit.php"); } // close connection mysql_close(); ?> Quote Link to comment Share on other sites More sharing options...
corbin Posted March 1, 2009 Share Posted March 1, 2009 The syntax of the query is wrong. It goes UPDATE TABLE SET col1 = val1, col2 = val2, ..... WHERE colx = valx; Quote Link to comment Share on other sites More sharing options...
jackpf Posted March 1, 2009 Share Posted March 1, 2009 Yes, what corbin said, where statements go after the set statements. And copy your table to another db first, then try it. But it should work tbh. Good luck. Quote Link to comment Share on other sites More sharing options...
andrew_biggart Posted March 1, 2009 Author Share Posted March 1, 2009 ok ive changed the form so it has 2 hidden inputs with username and password in it, because i dont want the user to able to change them on this page and i have changed the php to this but now im getting a server error.... which is "Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, root@server.microlite20.com and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log." the changed php code is............ <?php include("config_members.php"); $Username = ($_POST['Username']); $Password = ($_POST['Password']); $Email = ($_POST['Email']); $Location = ($_POST['Location']); $Fav = ($_POST['Fav']); $Quote = ($_POST['Quote']); $Interests = ($_POST['Interests']); $Happy = ($_POST['Happy']); $Sad = ($_POST['Sad']); $Habits = ($_POST['Habits']); $Music = ($_POST['Music']); $Movie = ($_POST['Movie']); $Website = ($_POST['Website']); $Aboutme = ($_POST['Aboutme']); $Whywe = ($_POST['Whywe']); $sql = "UPDATE User_infoT SET Username='$Username', Password='$Password', Email='$Email', Location='$Location', Fav='$Fav', Quote='$Quote', Interests='$Interests', Happy='$Happy', Sad='$Sad', Habits='$Habits', Music='$Music', Movie='$Movie', Website='$Website', Aboutme='$Aboutme', Whywe='$Whywe' WHERE Username='".$_SESSION["myusername"]. "' "; $result=mysql_query($sql) or die(mysql_error().": $sql"); if($result){ header("my_profile.php"); } else { echo"Error, Please try again insuring you have filled in all the required fields"; header("profile_edit.php"); } // close connection mysql_close(); ?> Quote Link to comment Share on other sites More sharing options...
jackpf Posted March 1, 2009 Share Posted March 1, 2009 Hmm...Idk why that is. But why are you posting their username/password if you don't want them to be able to change it? Anyone could easily hack your hidden inputs to anything they wanted. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.