Admin Control Panel

neex1233 · May 31, 2009

Hi, I would like to fix this admin control panel script. Here it is:

<?php

$con = mysql_connect("localhost","username","password");

if (!$con)

{

die('Could not connect: ' . mysql_error());

}

mysql_select_db("DB_Name", $con);

$sql = "UPDATE users (username, password, userlevel);

VALUES

'$_POST[username]','$_POST[password]','$_POST[userlevel]'";

if (!mysql_query($sql,$con))

{

die('Error: ' . mysql_error());

}

echo "User Updated!";

mysql_close($con)

?>

Whenever I use it I get this error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(username, password, userlevel); VALUES '','',''' at line 1

(The quotes would be filled in when I use it, I just didn't enter anything for this example)

How would I fix this?

Also, how would I select what user I am editing? Thanks!

BK87 · May 31, 2009

make sure your form is named properly.

neex1233 · May 31, 2009

They are spelled right. Didn't you see the error?

lonewolf217 · May 31, 2009

check your syntax. what is the semicolon doing here

$sql = "UPDATE users (username, password, userlevel);

neex1233 · June 1, 2009

That didn't help, it's a MySQL error, I did fix the stuff, though.

lonewolf217 · June 1, 2009

okay, i actually read the whole thing this time and your syntax is completely wrong. read how to use the UPDATE command

http://www.w3schools.com/Sql/sql_update.asp

bas_vdl · June 1, 2009

<?php
$sql = "UPDATE users (username, password, userlevel);
VALUES
'{$_POST['username']}','{$_POST['password']}','{$_POST['userlevel']}'";
?>

neex1233 · June 1, 2009

That code doesn't work, I think it's because it doesn't know what username to select.

BobcatM · June 1, 2009

Post your updated code, so I can see what you have done.

cunoodle2 · June 1, 2009

You need to add a "WHERE" clause to your statement. Like "Where userid =" or "Where username =" I can't write that code for you as only you know exactly what record it is that you are updating. It is going to be SOMETHING like this...

<?php

$sql = "UPDATE users SET username = '$_POST[username]',
password = '$_POST[password]',
userlevel = '$_POST[userlevel]' 
WHERE userid = 23 
LIMIT 1;"

?>

To me it looked more so you were doing something like an "INSERT" statement as apposed to an "UPDATE" statement. Please try looking into the manual or doing a google search so you can learn more about them.

neex1233 · June 1, 2009

I put together this code:

<?php

$con = mysql_connect("localhost","My_Username","Password");

mysql_select_db("My_Database", $con);

$sql = "UPDATE users SET username = '$_POST[username]',

password = '$_POST[password]',

userlevel = '$_POST[userlevel]'

WHERE id = 23

LIMIT 1;"

mysql_query($sql)

mysql_close($con)

?>

But, of course (I'm not very good at PHP), I get a PHP syntax error. What should I do!?

lonewolf217 · June 1, 2009

you can start by using the CODE tags

<?php
<?php
$con = mysql_connect("localhost","My_Username","Password");
mysql_select_db("My_Database", $con);
$sql = "UPDATE users SET username = '{$_POST[username]}',
password = '{$_POST[password]}',
userlevel = '{$_POST[userlevel]}'
WHERE id = 23
LIMIT 1";
$query = mysql_query($sql) or die (mysql_error());
mysql_close($con);
?>

if that doesn't work, post what the output is

neex1233 · June 1, 2009

It didn't work, when and it just took me to a blank page.

Dark-Hawk · June 1, 2009

I'm assuming this is to update a user record in the admin control panel. I have something similar I do, here's the update part of the script:

// edit 
$edit = $_GET['edit'];
$edit_first = $_POST['edit_first'];
$edit_last = $_POST['edit_last'];
$edit_addr = $_POST['edit_addr'];
$edit_city = $_POST['edit_city'];
$edit_zip = $_POST['edit_zip'];
$edit_phone = $_POST['edit_phone'];
$edit_answer = $_POST['answer'];
$edit_pw = md5($_POST['edit_pw']);
$edit_level = $_POST['edit_level'];
$edit_email = $_POST['edit_email'];

if ($post == "edit") {
	$query = "UPDATE $tbl_name SET first_name='$edit_first', last_name='$edit_last', password='$edit_pw', address='$edit_addr', city='$edit_city', zip='$edit_zip', phone='$edit_phone', answer='$edit_answer', email='$edit_email', level='$edit_level' WHERE id='$edit_id'";
	mysql_query($query);
	echo "<div align=center><b>Editied $edit_first $edit_last</b></div><br><br>";
}

	$query = "SELECT * FROM $tbl_name WHERE id='$edit'";
	$result = mysql_query($query);
	if (mysql_num_rows($result) == 1) {
		$row = mysql_fetch_array($result);
		?>
<form method="post" action="<? echo $PHP_SELF; ?>">
<table cellpadding=3 cellspacing=0 border=0 width="100%">
<tr><td colspan=4><b>Edit User</b></td></tr>
<tr><td class="dots" colspan=4></td></tr>
<tr>
<td><b>First Name:</b></td>
<td><b>Last Name:</b></td>
<td><b>Password:</b></td>
<td><b>Admin:</b></td>
<td><b>E-Mail:</b></td>
</tr>
<tr>
<td><input type="text" name="edit_first" value="<? echo $row['first_name']; ?>" size=25></td>
<td><input type="text" name="edit_last" value="<? echo $row['last_name']; ?>" size=25></td>
<td><input type="text" name="edit_pw" value="<? echo $row['password']; ?>" size=25></td>
<td><input checked="<? if ($row['level'] == 1) { echo "checked"; } else { echo ""; } ?>" name="level" type="checkbox" value="1" /></td>
<td><input type="text" name="edit_email" value="<? echo $row['email']; ?>" size=25></td>
</tr>
<tr>
<td colspan=4 align=right>
<input type="hidden" value="<? echo $row['id']; ?>" name="edit_id">
<input type="hidden" value="edit" name="post">
<input type="submit" value="Edit User">
</td>
</tr>
</table>
</form>
		<?
	}

Connection is handled in the cfg file as:

<?
$server      = "server";
$sqluser     = "user";
$sqlpass     = "pass"; 
$db          = "db name";
$tbl_name    = "table";

// Standard SQL connection
$mysql_link = mysql_connect("$server", "$sqluser", "$sqlpass")
				or die("Unable to connect to MySQL server");
	mysql_select_db("$db") 
		or die( "It's connecting to the MySQL server, but unable to select database");

lonewolf217 · June 1, 2009

It didn't work, when and it just took me to a blank page.

then turn on error reporting so you can see what error is generated

neex1233 · June 1, 2009

It is on.

lonewolf217 · June 1, 2009

i didn't notice before, i had duplicate <?php tags, did you remove one before trying it ?

Also, put this at the top of your script right after the <?php tag

error_reporting(E_ALL);

ini_set("display_errors", "on");

post the full script again along with any output

neex1233 · June 1, 2009

Yeah, I removed the double.

Here's the errors:

Notice: Use of undefined constant username - assumed 'username' in /home/myusername/public_html/m/admin/adm.php on line 6

Notice: Use of undefined constant password - assumed 'password' in /home/myusername/public_html/m/admin/adm.php on line 7

Notice: Use of undefined constant userlevel - assumed 'userlevel' in /home/myusername/public_html/m/admin/adm.php on line 8

lonewolf217 · June 1, 2009

ah, another error with your original string that I didn't catch. you need single quotes inside $_POST to provide the index. See if this works

<?php
$con = mysql_connect("localhost","My_Username","Password");
mysql_select_db("My_Database", $con);
$sql = "UPDATE users SET username = '{$_POST['username']}',
password = '{$_POST['password']}',
userlevel = '{$_POST['userleve'l]}'
WHERE id = 23
LIMIT 1";
$query = mysql_query($sql) or die (mysql_error());
mysql_close($con);
?>

neex1233 · June 1, 2009

Got this error:

Parse error: syntax error, unexpected T_STRING, expecting ']' in /home/thenicow/public_html/m/admin/adm.php on line 8

Also, it said userleve'l, which I fixed.

lonewolf217 · June 1, 2009

if you fixed that can you post again what code you are using ? I dont see any more syntax errors

neex1233 · June 1, 2009

Still doesn't work, and I have the error thing and it shows no error...

neex1233 · June 1, 2009

<?php

error_reporting(E_ALL);

ini_set("display_errors", "on");

$con = mysql_connect("localhost","Username","Password");

mysql_select_db("DB_Name", $con);

$sql = "UPDATE users SET username = '{$_POST['username']}',

password = '{$_POST['password']}',

userlevel = '{$_POST['userlevel']}'

WHERE id = 23

LIMIT 1";

$query = mysql_query($sql) or die (mysql_error());

mysql_close($con);

?>

neex1233 · June 1, 2009

Now I'm getting this error...

Notice: Undefined index: username in /home/My_Username/public_html/m/admin/adm.php on line 6

lonewolf217 · June 1, 2009

okay, this is most likely because $_POST is not set.

are you trying to run this snippet of code by itself, or is it being called from another page ?

somewhere you need to be sending username, password and userlevel as part of a form, which would then be processed by this page

Sign In

Admin Control Panel

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information