[SOLVED] sql wont update (very frustrating)

[jamesxg1]

<?php session_start();

error_reporting(E_ALL | E_NOTICE); 
error_reporting(E_ALL | E_STRICT);
error_reporting(E_ALL ^ E_NOTICE);

include 'Database/Connection.php';

$userid = mysql_real_escape_string(intval($_POST['userid']));

$username = mysql_real_escape_string($_POST['username']);

$pass_word = mysql_real_escape_string($_POST['password']);

$password = md5($pass_word);

if (isset( $_SESSION['loggedin'] )) {

header('Location: Main.php');

}else{

if (isset($_POST['submit'])) {

if($username && $password && $userid) {

       $result = mysql_query($sql);


$check = sprintf("SELECT * FROM `members` WHERE username = '$username' AND userid = '$userid'"); 
$ress = mysql_query($check);
while ($check = mysql_fetch_assoc($ress)) {
$loggedin = mysql_real_escape_string($check['loggedin']);
}
if ($loggedin == 'Y') {
header('Location: Index.php');
} 

$sql = sprintf("SELECT * FROM `members` WHERE username = '$username' AND password = '$password' AND userid = '$userid'"); 
$result = mysql_query($sql);

if (mysql_num_rows($result) > 0) {

$morerow = mysql_fetch_array($result);

if ($morerow['level'] != "S") { 

$setit = Y;

$login = sprintf("UPDATE `loggedin` SET loggedin ='$setit' WHERE username = '$username' AND password = '$password' AND userid = '$userid'");
$run = mysql_query($login);

         	 $_SESSION['loggedin']= TRUE; 
         	 $_SESSION['id'] = $morerow['id'];
                $_SESSION['userid'] = $morerow['userid'];
         	 $_SESSION['username'] = $username;
         	 $_SESSION['groupid'] = $morerow['level'];
         	 $_SESSION['lastname'] = $morerow['lastname'];
         	 $_SESSION['firstname'] = $morerow['firstname'];
         	 $_SESSION['email'] = $morerow['email'];
                $_SESSION['expire_time'] = time();


header('Location: Main.php');

         } else
           echo "<div align=\"center\"><font color=red> 
 		        <img src=\"images/exclam.PNG\"/><i>Your account has been suspended or banned by admin.</i></font></div>";
      }else{

         echo "<div align=\"center\"><font color=red> 
 		        <img src=\"images/exclam.PNG\"/><i>Invalid login<br>If you are a new user please register</i></font></div>";
      }

   }else{ 

     echo "<div align=\"center\"><font color=red> 
          <img src=\"images/exclam.PNG\"/><i> You must enter a username and password!</i></font></div>";
   }

 }


}

?>




 <form method="POST" action="<?php echo "$PHP_SELF"; ?>"> 
<p align="center">
<b>User ID:</b> <input type="text" name="userid" size="20" maxlength="255" />
</p>

    <p align="center">
<b>Username</b> <input type="text" name="username" size="20" maxlength="255" />
</p>
<p align="center">
<b>Password</b> <input type="password" name="password" size="20" maxlength="255" />
</p>

   <p align="center">
  <input type="submit" name="submit" value="Submit">
  </p>
<br />

 </form>

 

the part that isnt working is

 

$login = sprintf("UPDATE `loggedin` SET loggedin ='Y' WHERE username = '$username' AND password = '$password' AND userid = '$userid'");
$run = mysql_query($login);

 

:S

[jonsjava]

you don't need sprintf.  I'm not sure why you are using it in the first place, but if "userId" is numerical, it strips it.

[jamesxg1]

you don't need sprintf.  I'm not sure why you are using it in the first place, but if "userId" is numerical, it strips it.

 

its logging me in but not setting the Y in the DB :S

[jamesxg1]

does anyone know why this is not working ?

 

Thanks.

[Maq]

Don't know why you're mixing and matching.  Just use mysql_query.  And why are you matching on password, username, and ID?  Isn't id unique?  If it is, then just do this:

 

$login = mysql_query("UPDATE `loggedin` SET loggedin ='Y' WHERE userid = '$userid'") or die(msyql_error());