RaythMistwalker Posted January 3, 2010 Share Posted January 3, 2010 Ok the deal is i have a private section on a website and the whole private section is run with PHP. Currently successfully working i have: Users: Home, Profile, Login, Logout, Shoutbox Admin: Make new User & List users Its the admin one i need. When i click list users it comes up a table with all my users (from MySQL database) with userid, first name, last name, login, passwd, email and phone. Then it has 2 links. The first is Edit which should be done by page edituser.php?id=id for example edituser.php?id=1 Edituser.php currently has the following code: <? $id=$_GET['id']; include("../config.php"); mysql_connect(DB_HOST,DB_USER,DB_PASSWORD); @mysql_select_db(DB_DATABASE) or die( "Unable to select database"); $query="SELECT * FROM members WHERE id='$id'"; $result=mysql_query($query); $num=mysql_numrows($result); mysql_close(); $i=0; while ($i < $num) { $first=mysql_result($result,$i,"firstname"); $last=mysql_result($result,$i,"lastname"); $login=mysql_result($result,$i,"login"); $passwd=mysql_result($result,$i,"passwd"); $rank=mysql_result($result,$i,"rank"); $email=mysql_result($result,$i,"email"); $phone=mysql_result($result,$i,"phone"); ?> <form action="updated.php"> <input type="hidden" name="ud_id" value="<? echo "$id"; ?>"> First Name: <input type="text" name="ud_first" value="<? echo "$first" ?>"><br> Last Name: <input type="text" name="ud_last" value="<? echo "$last" ?>"><br> Login: <input type="text" name="ud_phone" value="<? echo "$login" ?>"><br> Password: <input type="text" name="ud_mobile" value="<? echo "$passwd" ?>"><br> Rank: <input type="text" name="ud_fax" value="<? echo "$rank" ?>"><br> E-mail Address: <input type="text" name="ud_email" value="<? echo "$email"?>"><br> Phone: <input type="text" name="ud_web" value="<? echo "$phone" ?>"><br> <input type="Submit" value="Update"> </form> <? ++$i; } ?> As you see it should come up with a form with current details ot be edited and when i click submit it should update with this: <? include("../config.php"); mysql_connect(DB_HOST,DB_USER,DB_PASSWORD); $query="UPDATE members SET first='$ud_first', last='$ud_last', phone='$ud_phone', mobile='$ud_mobile', fax='$ud_fax', email='$ud_email', web='$ud_web' WHERE id='$ud_id'"; @mysql_select_db(DB_DATABASE) or die( "Unable to select database"); mysql_query($query); echo "Record Updated"; mysql_close(); ?> However the first code doesn't actually display anything for me, no error or form. Can anyone fix this for me? (the ../config.php file contains database connection and database. After i have edit i also need one exactly the same for deleteuser.php?id=id which will delete a user (with a comfirm form) Any help will be greatly appreciated and i thank you in advance, ~RaythMistwalker Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted January 3, 2010 Share Posted January 3, 2010 However the first code doesn't actually display anything for me, no error or form. Can anyone fix this for me? I see you're using short tags (<? ?> and <?= ?>). These types of tags normally disabled by default on some configurations. You should always use full PHP syntax, eg <?php ?> or <?php echo ?> (instead of <?= ?>). Are you getting a completely blank page? If you are then it most probably means there is an error in your code. Add these two lines before $id=$_GET['id']; ini_set('display_errors', 'on'); error_reporting(E_ALL); Are any errors displayed? Quote Link to comment Share on other sites More sharing options...
RussellReal Posted January 3, 2010 Share Posted January 3, 2010 could also be your connection fails and you set your warning level really low so you're not getting warnings from failed query and result grabbing Quote Link to comment Share on other sites More sharing options...
RaythMistwalker Posted January 3, 2010 Author Share Posted January 3, 2010 Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in /path/to/file/edituser.php on line 10 This is what it returned for me but the mysql_numrows() is used on the list user page that i use. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted January 3, 2010 Share Posted January 3, 2010 That error usually means your query has failed due to an error. This line $result=mysql_query($query); Should read $result=mysql_query($query) or trigger_error('Query error! Query: <pre>'.$query.'</pre>Reason: ' . mysql_error()); What is the error message? Quote Link to comment Share on other sites More sharing options...
RaythMistwalker Posted January 3, 2010 Author Share Posted January 3, 2010 ok the page is now displaying but now this won't work: <?php include("../config.php"); mysql_connect(DB_HOST,DB_USER,DB_PASSWORD); $query="UPDATE members SET firstname='$ud_first', lastname='$ud_last', login='$ud_login', passwd='$ud_passwd', rank='$ud_rank', email='$ud_email', phone='$ud_phone', invoice='$ud_invoice' WHERE id='$ud_id'"; @mysql_select_db(DB_DATABASE) or die( "Unable to select database"); mysql_query($query); echo "Record Updated"; mysql_close(); ?> I get the Record Updated result but nothing has changed in the information EDIT: I have modified the first code to match the ud_var part Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted January 3, 2010 Share Posted January 3, 2010 You're not retrieving your _POST data properly. For example you cannot use the variable $ud_first to get the value of the form field named ud_first. You have to use the $_POST superglobal variable to get values from your form fields eg: $ud_first = $_POST['ud_first'] You should also be sanitising/validate your user input to protect your self from SQL Injection attacks. At minimum you should use mysql_real_escape_string $ud_first = mysql_real_escape_string($_POST['ud_first']); Quote Link to comment Share on other sites More sharing options...
RaythMistwalker Posted January 3, 2010 Author Share Posted January 3, 2010 ok new code: <?php include("../config.php"); mysql_connect(DB_HOST,DB_USER,DB_PASSWORD); $ud_first = $_POST['ud_first'] $ud_last = $_POST['ud_last'] $ud_login = $_POST['ud_login'] $ud_passwd = $_POST['ud_passwd'] $ud_rank = $_POST['ud_rank'] $ud_email = $_POST['ud_email'] $ud_phone = $_POST['ud_phone'] $ud_invoice = $_POST['ud_invoice'] //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $ud_first = clean($_POST['ud_first']); $ud_last = clean($_POST['ud_last']); $ud_login = clean($_POST['ud_login']); $ud_passwd = clean($_POST['ud_passwd']); $ud_rank = clean($_POST['ud_rank']); $ud_email = clean($_POST['ud_email']); $ud_phone = clean($_POST['ud_phone']); $ud_invoice = clean($_POST['ud_invoice']); $query="UPDATE members SET firstname='$ud_first', lastname='$ud_last', login='$ud_login', passwd='$ud_passwd', rank='$ud_rank', email='$ud_email', phone='$ud_phone', invoice='$ud_invoice' WHERE id='$ud_id'"; @mysql_select_db(DB_DATABASE) or die( "Unable to select database"); mysql_query($query); echo "Record Updated"; mysql_close(); ?> I'm not sure if i have that set right but now submitting is pulling up the blank screen again. Adding the 2 lines ini_set('display_errors', 'on'); error_reporting(E_ALL); Is still returning no error either and there is still no edit to the database Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted January 3, 2010 Share Posted January 3, 2010 Remove these lines $ud_first = $_POST['ud_first'] $ud_last = $_POST['ud_last'] $ud_login = $_POST['ud_login'] $ud_passwd = $_POST['ud_passwd'] $ud_rank = $_POST['ud_rank'] $ud_email = $_POST['ud_email'] $ud_phone = $_POST['ud_phone'] $ud_invoice = $_POST['ud_invoice'] Your redefining those variables again a couple of lines down. Quote Link to comment Share on other sites More sharing options...
RaythMistwalker Posted January 3, 2010 Author Share Posted January 3, 2010 Notice: Undefined index: ud_first in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 18 Notice: Undefined index: ud_last in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 19 Notice: Undefined index: ud_login in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 20 Notice: Undefined index: ud_passwd in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 21 Notice: Undefined index: ud_rank in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 22 Notice: Undefined index: ud_email in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 23 Notice: Undefined index: ud_phone in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 24 Notice: Undefined index: ud_invoice in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 25 Notice: Undefined variable: ud_id in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 27 Notice: Query error! Query: UPDATE members SET firstname='', lastname='', login='', passwd='', rank='', email='', phone='', invoice='' WHERE id='' Reason: Unknown column 'id' in 'where clause' in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 30 Record Updated it doesnt seem to be setting the variables now after removing those lines Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted January 3, 2010 Share Posted January 3, 2010 You cannot go to that page directly. You need to go to edituser.php?id=some_user_id_here make any changes and then click the submit button. _POST data is only sent when the form is submitted. Quote Link to comment Share on other sites More sharing options...
RaythMistwalker Posted January 3, 2010 Author Share Posted January 3, 2010 ok i got this working thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.