[SOLVED] problems with update sql and php code

[DEVILofDARKNESS]

This code just always create a new row instead of update the user table :S

 

<?php
session_start();
require_once 'config.php';
/* DATABASE SETTINGS */
$username = mysql_real_escape_string($_SESSION['username']);
$query = "SELECT user_id FROM users WHERE user_name = '$username'";
$result = mysql_query($query);
list($userID) = mysql_fetch_row($result);
if(!$userID) {
        // not logged in!
        header('Location: ../../login.php');
}

print "<form action='' method='POST'>
		Gedicht Naam: <input type='text' maxlength='35' Name='PName'><br>
		Auteur Naam: <input type='text' maxlength='35' Name='Auteur'><br>
		bundel: <input type='text' maxlength='35' Name='bundel'><br>
		Jaartal: <input type='text' maxlength='35' Name='jaartal'><br>
		Poem Text: <textarea COLS='60' ROWS='5' Name='PText'></textarea>
		<input type='submit' Value='Add!' name='submit'> <input type='reset'>
	</form>";
$query = sprintf("SELECT COUNT(DISTINCT poem_id) FROM poems");
$result = mysql_query($query);
list($id) = mysql_fetch_row($result);

$query = sprintf("SELECT COUNT(DISTINCT book_id) FROM books");
$result = mysql_query($query);
list($bookid) = mysql_fetch_row($result);

$query = sprintf("SELECT COUNT(DISTINCT author_id) FROM authors");
$result = mysql_query($query);
list($authorid) = mysql_fetch_row($result);

$query = "SELECT ammount FROM users WHERE user_id = '$userID'";
$result = mysql_query($query);
list($ammountU) = mysql_fetch_row($result);

$query = "SELECT ammount FROM categories WHERE category_id = '5'";
$result = mysql_query($query);
list($ammountC) = mysql_fetch_row($result);

if(isset($_POST['submit'])) {
$id = $id + 1;
$ammountU = $ammountU + 1;
$ammountC = $ammountC + 1;
$userid = $userid + 1;
$bookid = $bookid + 1;
$authorid = $authorid + 1;
$pname = $_POST['PName'];
$ptext = $_POST['PText'];
$auteur = $_POST['Auteur'];
$bundel = $_POST['bundel'];
$jaartal = $_POST['jaartal'];
$ip = $_SERVER['REMOTE_ADDR'];
	if(empty($_POST['PName'])) {
		print "<script type='text/javascript'>alert('Je hebt geen gedichten naam geschreven!');</script>";
	} elseif(empty($_POST['PText'])) {
		print "<script type='text/javascript'>alert('je hebt geen gedicht geschreven!');</script>";
	} elseif(empty($_POST['Auteur'])) {
		print "<script type='text/javascript'>alert('Je hebt geen Auteur ingevuld, als je het niet weet, schrijf dan Onbekend of UnKnown!');</script>";
	} else {
		$query = sprintf("INSERT INTO poems(poem_id,poem_name,user_id,poem_text,category_id,book_id,poem_added) VALUES ('$id','$pname','$userid','$ptext','5','$bookid','now()')");
		$result = mysql_query($query);
		$query = sprintf("INSERT INTO users(user_id,user_name) VALUES ('$userID','$username')");
		$result = mysql_query($query);
		$query = sprintf("INSERT INTO books(book_id,book_name,author_id) VALUES ('$bookid','$bundel','$authorid')");
		$result = mysql_query($query);
		$query = sprintf("INSERT INTO authors(author_id,author_name) VALUES ('$authorid','$auteur')");
		$result = mysql_query($query);
		$query = "UPDATE users SET ammount = '$ammountU' WHERE user_name = '$username'";
		$result = mysql_query($query);
		$query = "UPDATE categories SET ammount = '$ammountC' WHERE category_id = '5'";
		$result = mysql_query($query);
		print "<script type='text/javascript'>alert('Je gedicht is toegevoegd aan de 'Liefde' categorie);</script><a href='liefde.php'>Zie alle gedichten</a>";
	}
}
?>

 

With the registration also something goes wrong :s

It just add a user when there is no password filled in and it doesn't fill in a password...

 

 

<?php

if($_POST) {
	$username = $_POST['username'];
        $password = $_POST['password'];
        $confirm = $_POST['confirm'];
        if($password != $confirm) {
			$color = 'red';
                $echo = 'Passwords do not match!';
        } else {
		if($password == '') {
		$color = 'red';
			$echo = 'You haven\'t fill in a password';
			}
		if($username == '') {
			$color = 'red';
			$echo = 'You haven\'t fill in a username';
			}
		else {
/*DATABASE SETTINGS */
                $query = sprintf("SELECT COUNT(user_id) FROM users WHERE UPPER(user_name) = UPPER('%s')",
                        mysql_real_escape_string($_POST['username']));
                $result = mysql_query($query);
                list($count) = mysql_fetch_row($result);
                if($count >= 1) { 
					$color = 'red';
                        $echo = 'that username is taken.';
                } else {
					$query = sprintf("SELECT COUNT(user_id) FROM users");
					$result = mysql_query($query);
					list($id) = mysql_fetch_row($result);
					$password = md5('ssdùµDSFQ£Fµ^µùµùùù%%*¨£+£%£¨45ss68ee46"é435§(§è)' . $password . 'wadzaa');
                        $query = sprintf("INSERT INTO users(user_id,user_name,user_pass) VALUES ('$id','$username','$password')",
                                mysql_real_escape_string($_POST['username']),
                        mysql_query($query);                        
                        $userID = mysql_insert_id($conn);
					$color = 'green';
                        $echo = 'Congratulations, you registered successfully!, <a href=\'login.php\'>click here to login</a>';
                }
		}
        }        
}

?>
<html dir="ltr">
    <head>
        <title>Register</title>
        <link href="../../standard.css" type="text/css" rel="stylesheet" />
<link href='natuur.css' type='text/css' rel="stylesheet" />
    </head>
    <body>
        <table class="look" height="100%" width="100%" border="1">
            <tbody>
                <tr>
                    <td width="10%" height="100%"><iframe class="frames" src="../../functieknoppen/functieknoppennatuur.htm" frameborder="0" width="100%" height="100%" scrolling="no"></iframe>
                    </td>
                    <td><center>
				<font color="<?php echo $color; ?>"><?php echo $echo; ?></font><br>
				You can register an account by fill in this form.<p>
				<form method="post" action="">
					Username: <input type = "text" name ="username" id="username"><br>
					Password: <input type="password" name="password"><br>
					Confirm:  <input type="password" name="confirm"><br>
					<input type="submit" value="Register!"> -- <input type="reset" value="reset">
				</form>
				<script type="text/Javascript">
				document.getElementById('username').focus();
				</script>
				</center>
				</td>
			</tr>
		</tbody>
	</table>
</body>
</html>

[phant0m]

This code just always create a new row instead of update the user table :S

 

well, that's because of this code:

<?php
$query = sprintf("INSERT INTO users(user_id,user_name) VALUES ('$userID','$username')");
$result = mysql_query($query);
?>

 

With the registration also something goes wrong :s

It just add a user when there is no password filled in and it doesn't fill in a password...

that's because the else only refers to the preceding "if", which would be if($userbane=='')

In other words: A new user is always created when $username != '' - no matter what $password is set to.

 

You could do it like this:

<?php
$input_is_valid = true;	
    if($password == '') {
        $input_is_valid = false;
        $color = 'red';
        
			$echo = 'You haven\'t fill in a password';
	}
	if($username == '') {
			$input_is_valid = false;
        $color = 'red';
			$echo = 'You haven\'t fill in a username';
	}
	if($input_is_valid){
/*DATABASE SETTINGS */
                ?>

 

sidenote: why are you using sprintf when it's not needed?? If you put in any conversion specifications(%x) it's pretty useless.