Database Problem

RaythMistwalker · January 3, 2010

Ok the deal is i have a private section on a website and the whole private section is run with PHP.

Currently successfully working i have:

Users:

Home, Profile, Login, Logout, Shoutbox

Admin: Make new User & List users

Its the admin one i need.

When i click list users it comes up a table with all my users (from MySQL database) with userid, first name, last name, login, passwd, email and phone. Then it has 2 links. The first is Edit which should be done by page edituser.php?id=id for example edituser.php?id=1

Edituser.php currently has the following code:

<?
$id=$_GET['id'];

include("../config.php");

mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);

@mysql_select_db(DB_DATABASE) or die( "Unable to select database");

$query="SELECT * FROM members WHERE id='$id'";

$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

$i=0;

while ($i < $num) {

$first=mysql_result($result,$i,"firstname");

$last=mysql_result($result,$i,"lastname");

$login=mysql_result($result,$i,"login");

$passwd=mysql_result($result,$i,"passwd");

$rank=mysql_result($result,$i,"rank");

$email=mysql_result($result,$i,"email");

$phone=mysql_result($result,$i,"phone");

?>

<form action="updated.php">

<input type="hidden" name="ud_id" value="<? echo "$id"; ?>">

First Name: <input type="text" name="ud_first" value="<? echo "$first" ?>"><br>

Last Name: <input type="text" name="ud_last" value="<? echo "$last" ?>"><br>

Login: <input type="text" name="ud_phone" value="<? echo "$login" ?>"><br>

Password: <input type="text" name="ud_mobile" value="<? echo "$passwd" ?>"><br>

Rank: <input type="text" name="ud_fax" value="<? echo "$rank" ?>"><br>

E-mail Address: <input type="text" name="ud_email" value="<? echo "$email"?>"><br>

Phone: <input type="text" name="ud_web" value="<? echo "$phone" ?>"><br>

<input type="Submit" value="Update">

</form>

<?

++$i;

}

?>

As you see it should come up with a form with current details ot be edited and when i click submit it should update with this:

<?

include("../config.php");

mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);

$query="UPDATE members SET first='$ud_first', last='$ud_last', phone='$ud_phone', mobile='$ud_mobile', fax='$ud_fax', email='$ud_email', web='$ud_web' WHERE id='$ud_id'";

@mysql_select_db(DB_DATABASE) or die( "Unable to select database");

mysql_query($query);

echo "Record Updated";

mysql_close();

?>

However the first code doesn't actually display anything for me, no error or form. Can anyone fix this for me? (the ../config.php file contains database connection and database.

After i have edit i also need one exactly the same for deleteuser.php?id=id which will delete a user (with a comfirm form)

Any help will be greatly appreciated and i thank you in advance,

~RaythMistwalker

wildteen88 · January 3, 2010

However the first code doesn't actually display anything for me, no error or form. Can anyone fix this for me?

I see you're using short tags (<? ?> and <?= ?>). These types of tags normally disabled by default on some configurations. You should always use full PHP syntax, eg <?php ?> or <?php echo ?> (instead of <?= ?>).

Are you getting a completely blank page? If you are then it most probably means there is an error in your code. Add these two lines before $id=$_GET['id'];

ini_set('display_errors', 'on');
error_reporting(E_ALL);

Are any errors displayed?

RussellReal · January 3, 2010

could also be your connection fails and you set your warning level really low so you're not getting warnings from failed query and result grabbing

RaythMistwalker · January 3, 2010

Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in /path/to/file/edituser.php on line 10

This is what it returned for me but the mysql_numrows() is used on the list user page that i use.

wildteen88 · January 3, 2010

That error usually means your query has failed due to an error. This line

$result=mysql_query($query);

Should read

$result=mysql_query($query) or trigger_error('Query error! Query: <pre>'.$query.'</pre>Reason: ' . mysql_error());

What is the error message?

RaythMistwalker · January 3, 2010

ok the page is now displaying but now this won't work:

<?php
include("../config.php");
mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);

$query="UPDATE members SET firstname='$ud_first', lastname='$ud_last', login='$ud_login', passwd='$ud_passwd', rank='$ud_rank', email='$ud_email', phone='$ud_phone', invoice='$ud_invoice' WHERE id='$ud_id'";
@mysql_select_db(DB_DATABASE) or die( "Unable to select database");
mysql_query($query);
echo "Record Updated";
mysql_close();
?>

I get the Record Updated result but nothing has changed in the information

EDIT: I have modified the first code to match the ud_var part

wildteen88 · January 3, 2010

You're not retrieving your _POST data properly. For example you cannot use the variable $ud_first to get the value of the form field named ud_first. You have to use the $_POST superglobal variable to get values from your form fields eg:

$ud_first = $_POST['ud_first']

You should also be sanitising/validate your user input to protect your self from SQL Injection attacks. At minimum you should use mysql_real_escape_string

$ud_first = mysql_real_escape_string($_POST['ud_first']);

RaythMistwalker · January 3, 2010

ok new code:

<?php
include("../config.php");
mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);
$ud_first = $_POST['ud_first']
$ud_last = $_POST['ud_last']
$ud_login = $_POST['ud_login']
$ud_passwd = $_POST['ud_passwd']
$ud_rank = $_POST['ud_rank']
$ud_email = $_POST['ud_email']
$ud_phone = $_POST['ud_phone']
$ud_invoice = $_POST['ud_invoice']

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

//Sanitize the POST values
$ud_first = clean($_POST['ud_first']);
$ud_last = clean($_POST['ud_last']);
$ud_login = clean($_POST['ud_login']);
$ud_passwd = clean($_POST['ud_passwd']);
$ud_rank = clean($_POST['ud_rank']);
$ud_email = clean($_POST['ud_email']);
$ud_phone = clean($_POST['ud_phone']);
$ud_invoice = clean($_POST['ud_invoice']);

$query="UPDATE members SET firstname='$ud_first', lastname='$ud_last', login='$ud_login', passwd='$ud_passwd', rank='$ud_rank', email='$ud_email', phone='$ud_phone', invoice='$ud_invoice' WHERE id='$ud_id'";
@mysql_select_db(DB_DATABASE) or die( "Unable to select database");
mysql_query($query);
echo "Record Updated";
mysql_close();
?>

I'm not sure if i have that set right but now submitting is pulling up the blank screen again.

Adding the 2 lines

ini_set('display_errors', 'on');
error_reporting(E_ALL);

Is still returning no error either and there is still no edit to the database

wildteen88 · January 3, 2010

Remove these lines

$ud_first = $_POST['ud_first']
$ud_last = $_POST['ud_last']
$ud_login = $_POST['ud_login']
$ud_passwd = $_POST['ud_passwd']
$ud_rank = $_POST['ud_rank']
$ud_email = $_POST['ud_email']
$ud_phone = $_POST['ud_phone']
$ud_invoice = $_POST['ud_invoice']

Your redefining those variables again a couple of lines down.

RaythMistwalker · January 3, 2010

Notice: Undefined index: ud_first in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 18

Notice: Undefined index: ud_last in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 19

Notice: Undefined index: ud_login in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 20

Notice: Undefined index: ud_passwd in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 21

Notice: Undefined index: ud_rank in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 22

Notice: Undefined index: ud_email in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 23

Notice: Undefined index: ud_phone in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 24

Notice: Undefined index: ud_invoice in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 25

Notice: Undefined variable: ud_id in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 27

Notice: Query error! Query:

UPDATE members SET firstname='', lastname='', login='', passwd='', rank='', email='', phone='', invoice='' WHERE id=''

Reason: Unknown column 'id' in 'where clause' in /home/vol5/byethost6.com/b6_3883123/pureclassacting.co.uk/htdocs/data/PHP-Login/admin/updated.php on line 30

Record Updated

it doesnt seem to be setting the variables now after removing those lines

wildteen88 · January 3, 2010

You cannot go to that page directly. You need to go to edituser.php?id=some_user_id_here make any changes and then click the submit button. _POST data is only sent when the form is submitted.

RaythMistwalker · January 3, 2010

ok i got this working thanks

Sign In

Database Problem

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived

Important Information