Problem with userid (I think)

[genista]

Hi all,

The following script is a simple one that allows a user to update their details. The problem is that I think I have a problem with the userid. Rather than putting the values in the html form they are left blank, except for the first_name which gets the following error: <br /><b>Notice</b>:  Undefined variable:  first_name in <bsite details</b> on line <b>68</b><br />.

Am I on the right track with the userid causing this problem?

[code=php:0]
<?php
 
include("config.php");

    checkLoggedIn("yes");

   

    //select the entry that matches this userID
    $userID='userid';
    $query="SELECT * FROM users WHERE userID='$userID'";

    //now we pass the query to the database
    $result=mysql_query($query) or die("Could not get data.".mysql_error());

    //get the first (and only) row from the result
    $row = mysql_fetch_array($result, MYSQL_ASSOC);

    //now finally create variables with data we have got which will be used later
    //we will set the value attribute of the appropriate form element to the value from the database
    $username=$row['username'];
    $password=$row['password'];
    $name=$row['first_name'];
    $address_line1=$row['address_line1'];
    $address_line2=$row['address_line2'];
    $town=$row['town'];
?>
<html>
<head>
<title>Edit your details </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript">
function check(){
    var errorString="Could not submit:";
    if(form1.name.value==''){
        errorString+="\nYou must enter your full name";
    }

    if(errorString=="Could not submit:"){
        return true;
    }else{
        window.alert(errorString);
        form1.username.focus();
        return false;
    }
}
</script>
</head>

<body bgcolor="#FFFFFF" text="#000000">
<p>You can change any of your details here</p>
<form name="form1" method="post" action="updateresults.php" onSubmit="return check()">
  <p>Username:
    <?php echo $username; ?>
  </p>
  <p>First name:
    <input type="text" name="first_name" value="<?php echo $first_name; ?>">
  </p>
  <p>Address Line 1:
    <input type="text" name="address_line1" size="25" value="<?php echo $address_line1; ?>">
  </p>
  <p>Address Line 2:
    <input type="text" name="address_line2" size="40" value="<?php echo $address_line2; ?>">
  </p>
  <p>Town:
    <input type="text" name="town" size="40" value="<?php echo $town; ?>">
  </p>
  <p>
    <input type="submit" name="Submit" value="Submit">
  </p>
</form>


</body>
</html>

[/code]

[wildteen88]

Youll want to use $name rather than $first_name as you have setup a variable called $name which holds the value of $_SESSION['first_name'] in this block of code:
[code=php:0]$username=$row['username'];
$password=$row['password'];
$name=$row['first_name']; // this holds the first name.
$address_line1=$row['address_line1'];
$address_line2=$row['address_line2'];
$town=$row['town']; [/code]

[genista]

Doh! My mistake, ok fixed it, but still no displaying of any data in the form...

[wildteen88]

How is the userid passed into the script as at the moment its $userid is set to 'userid' If the user comes in the url you'll want to use $_GET['userid'] which then in the url you do this:
profile.php?userid=1
change 1 to user id you want to get.

[genista]

The userid is not coming in off the url, therefore how can I define this index?

[wildteen88]

I dont know. How does your script work? Is the userid stored in a cookie/session?

[genista]

This is the function that I am checking against to make sure a user cannot go directly to this page, therefore should I be getting based of sessionid?:

[code=php:0]
function checkLoggedIn($status){
    /*
    Function to check whether a user is logged in or not:
    This is a function that checks if a user is already logged
    in or not, depending on the value of $status which is passed
    in as an argument.

    If $status is 'yes', we check if the user is already logged in;
    If $status is 'no', we check if the user is NOT already logged in.
    */
    switch($status){
        // if yes, check user is logged in:
        // ie for actions where, yes, user must be logged in(!)
        case "yes":
            if(!isset($_SESSION["loggedIn"])){
                header("Location: login.php");
                exit;
            }
            break;
           
        // if no, check NOT logged in:
        // ie for actions where user can't already be logged in
        // (ie for joining up or logging in)
        case "no":
            /*
                The '===' operator differs slightly from the '=='
                equality operator.

                $a === $b if and only if $a is equal to $b AND
                $a is the same variable type as $b.

                for example, if:

                $a="2";    <-- $a is a string here
                $b=2;    <-- $b is an integer here

                then this test returns false:
                if($a===$b)
               
                whereas this test returns true:
                if($a==$b)
            */
            if(isset($_SESSION["loggedIn"]) && $_SESSION["loggedIn"] === true ){
                header("Location: members.php?".session_name()."=".session_id());
            }
            break;           
    }   
    // if got here, all ok, return true:
    return true;
} // end func checkLoggedIn($status)
[/code]

[wildteen88]

When the user logs in you should store the users userid, which I presume is stored in the database, in a session. Then when they when they come to the profile page use $_SESSION['userid'] to get their userid which will be uses to get there info from the database.

[HeyRay2]

[code=php:0]
    //select the entry that matches this userID
    $userID=$_SESSION['userid'];
    $query="SELECT * FROM users WHERE userID='$userID'";
[/code]