Jump to content

Recommended Posts

I have a post.php that is suposted to run a mysql query, and it used to, but it won't anymore and I don't have the old file.

Can someone just look see if there is something i'm missing?

<?php //header("Location: ./?p=UCP");
setcookie("Errors", 0, time()-3600);
// Connects to your Database 
mysql_connect("SERVER", "USER", "PASS") or die(mysql_error()); 
mysql_select_db("DB") or die(mysql_error());  


if (isset($_POST['remove'])) {
$id=$_POST['ID'];
if($_POST['initals'] == "NLW") {
	if (is_numeric ($id)) {

	mysql_query("DELETE FROM `users` WHERE `users`.`ID` = $id LIMIT 1");

$error="<span style=";
$error .="color:green";
$error .=">";
$error .=  "User Removed.";
$error .="</span>";
setcookie(Errors, $error, time()+20);
	} else {
		$error="<span style=";
		$error .="color:red";
		$error .=">";
		$error .= "Please enter a valid ID";
		$error .="</span>";
		setcookie(Errors, $error, time()+20);
		header('Location ./?p=UPC');
	}
}
else { 
	$error="<span style=";
$error .="color:red";
$error .=">";
$error .="Initials are not correct";
$error .="<span/>";
setcookie(Errors, $error, time()+20);
header('Location ./?p=UPC');
} 
}
elseif (isset($_POST['submit'])) { 

//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
		$error="<span style=";
	$error .="color:red";
	$error .=">";
		$error .= "You did not complete all of the required fields";
		$error .="</span>";
		setcookie(Errors, $error, time()+20);
	header('Location ./?p=UPC');
	}

// checks if the username is in use
	if (!get_magic_quotes_gpc()) {
		$_POST['username'] = addslashes($_POST['username']);
	}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") 
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
		$error="<span style=";
	$error .="color:red";
	$error .=">";
		$error .= "Sorry, the username is already in use.";
		$error .="</span>";
		setcookie(Errors, $error, time()+20);
	header('Location ./?p=UPC');
				}
// this makes sure both passwords entered match
	if ($_POST['pass'] != $_POST['pass2']) {
		$error="<span style=";
	$error .="color:red";
	$error .=">";
		$error .= 'Your passwords did not match.';
		$error .="</span>";
		setcookie(Errors, $error, time()+20);
	echo $error;
	}

	// here we encrypt the password and add slashes if needed
	$_POST['pass'] = md5($_POST['pass']);
	if (!get_magic_quotes_gpc()) {
		$_POST['pass'] = addslashes($_POST['pass']);
		$_POST['username'] = addslashes($_POST['username']);
		$_POST['pass2'] = $_POST['pass2'];
			}

// now we insert it into the database
	$insert = "INSERT INTO users (username, password, Human-Readable)
			VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['pass2']."')";
	mysql_query("INSERT INTO users (username, password, Human-Readable)
			VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['pass2']."')");
$error="<span style=";
$error .="color:green";
$error .=">";
$error .= "<h1>User Registered</h1>
<p><h2>Thank you, the user has been registered - he/she may now login</a>.</h2></p>";
$error .="</span>";
setcookie(Errors, $error, time()+20);
header('Location: ./?p=UCP');
  } 
else {
	header('Location: ./?p=UCP');
	echo $error;
  } 

?>

 

The remove function works but its the submit.

 

Thanks in advanced :)

Are there any errors? Make the below changes, and see what happens, then post any errors produced.

 

// now we insert it into the database
$insert = "INSERT INTO `users` (`username`, `password`, `Human-Readable`) VALUES ('{$_POST['username']}', '{$_POST['pass']}', '{$_POST['pass2']}')";
mysql_query($insert) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' );

Thanks yall. Made the changes recommended and worked perfectly.

<?php //header("Location: ./?p=UCP");
setcookie("Errors", 0, time()-3600);
// Connects to your Database 
mysql_connect("SERVER", "USER", "PASS") or die(mysql_error()); 
mysql_select_db("DB") or die(mysql_error());  


if (isset($_POST['remove'])) {
$id=$_POST['ID'];
if($_POST['initals'] == "NLW") {
	if (is_numeric ($id)) {

	mysql_query("DELETE FROM `users` WHERE `users`.`ID` = $id LIMIT 1");

$error="<span style=";
$error .="color:green";
$error .=">";
$error .=  "User Removed.";
$error .="</span>";
setcookie(Errors, $error, time()+20);
header('Location: ./?p=UCP');
	} else {
		$error="<span style=";
		$error .="color:red";
		$error .=">";
		$error .= "Please enter a valid ID";
		$error .="</span>";
		setcookie(Errors, $error, time()+20);
		header('Location ./?p=UPC');
	}
}
else { 
	$error="<span style=";
$error .="color:red";
$error .=">";
$error .="Initials are not correct";
$error .="<span/>";
setcookie(Errors, $error, time()+20);
header('Location ./?p=UPC');
} 
}
elseif (isset($_POST['submit'])) { 

//This makes sure they did not leave any fields blank
if (!$_POST['username'] || !$_POST['pass'] || !$_POST['pass2'] ) {
		$error="<span style=";
	$error .="color:red";
	$error .=">";
		$error .= "You did not complete all of the required fields";
		$error .="</span>";
		setcookie(Errors, $error, time()+20);
	header('Location ./?p=UPC');
	}

// checks if the username is in use
	if (!get_magic_quotes_gpc()) {
		$_POST['username'] = addslashes($_POST['username']);
	}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") 
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
		$error="<span style=";
	$error .="color:red";
	$error .=">";
		$error .= "Sorry, the username is already in use.";
		$error .="</span>";
		setcookie(Errors, $error, time()+20);
	header('Location ./?p=UPC');
				}
// this makes sure both passwords entered match
	if ($_POST['pass'] != $_POST['pass2']) {
		$error="<span style=";
	$error .="color:red";
	$error .=">";
		$error .= 'Your passwords did not match.';
		$error .="</span>";
		setcookie(Errors, $error, time()+20);
	echo $error;
	header('Location: ./?p=UCP');
	}

	// here we encrypt the password and add slashes if needed
	$_POST['pass'] = md5($_POST['pass']);
	if (!get_magic_quotes_gpc()) {
		$_POST['pass'] = addslashes($_POST['pass']);
		$_POST['username'] = addslashes($_POST['username']);
		$_POST['pass2'] = $_POST['pass2'];
			}

// now we insert it into the database
$insert = "INSERT INTO `users` (`username`, `password`, `Human-Readable`) VALUES ('{$_POST['username']}', '{$_POST['pass']}', '{$_POST['pass2']}')";
mysql_query($insert) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' );
 $error="<span style=";
 $error .="color:green";
 $error .=">";
 $error .= "<h1>User Registered</h1>
 <p><h2>Thank you, the user has been registered - he/she may now login</a>.</h2></p>";
 $error .="</span>";
 setcookie(Errors, $error, time()+20);
 header('Location: ./?p=UCP');
 echo $error;
  } 
else {
	header('Location: ./?p=UCP');
	echo $error;
  } 

?>

 

Back again  :confused:

I'm adding a update field and not sure exactly how. I've read the manual and searched google.

 

UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` =$_POST['ID']"

 

and I'm getting

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/content/n/a/t/nathanwatson/html/admin/post.php on line 123

Line 123 is

$insert = "UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` =$_POST['ID']";

 

I'm sure its something I'm just skipping over but php + mysql is something I'm still trying to learn.

change

$insert = "UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` =$_POST['ID']"; 

to

$insert = "UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` =$_POST['ID']"; 

Changed but still getting the same error:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/content/n/a/t/nathanwatson/html/admin/post.php on line 123

heres all of this section:

 elseif (isset($_POST['YB-Info'])); { 

//This makes sure they did not leave any fields blank
if (!$_POST['UID'] || !$_POST['PWD'] || !$_POST['ID'] ) {
		$error="<span style=";
	$error .="color:red";
	$error .=">";
		$error .= "You did not complete all of the required fields";
		$error .="</span>";
		setcookie(Errors, $error, time()+20);
	header('Location ./?p=UPC');
	}


// now we insert it into the database
$insert = "UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` =$_POST['ID']"; 
mysql_query($insert) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' );
 $error="<span style=";
 $error .="color:green";
 $error .=">";
 $error .= "<h1>User Updated</h1>
 <p><h2>Thank you, the user has successfully updated yearbook login information.</a>.</h2></p>";
 $error .="</span>";
 setcookie(Errors, $error, time()+20);
 header('Location: ./?p=UCP');
 echo $error;
  } 


I fixed the quote issue and now i have another error:

Parse error: syntax error, unexpected '{' in /home/content/n/a/t/nathanwatson/html/admin/post.php on line 123

but i pulled out the brackets and it went back to the first error.

 

I'm sorry if this is a simple issue, I'm still Learning this stuff.

Thanks, I changed it now I get

Parse error: syntax error, unexpected '`' in /home/content/n/a/t/nathanwatson/html/admin/post.php on line 125

elseif (isset($_POST['YB-Info'])) { 

//This makes sure they did not leave any fields blank
if (!$_POST['UID'] || !$_POST['PWD'] || !$_POST['ID'] ) {
		$error="<span style=";
	$error .="color:red";
	$error .=">";
		$error .= "You did not complete all of the required fields";
		$error .="</span>";
		setcookie(Errors, $error, time()+20);
	header('Location ./?p=UPC');
	}


// now we insert it into the database
else{
//$insert = "UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` = "{$_POST['ID']}"; 
@mysql_query(UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` = "{$_POST['ID']}) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' );
 $error="<span style=";
 $error .="color:green";
 $error .=">";
 $error .= "<h1>User Updated</h1>
 <p><h2>Thank you, the user has successfully updated yearbook login information.</a>.</h2></p>";
 $error .="</span>";
 setcookie(Errors, $error, time()+20);
 header('Location: ./?p=UCP');
 echo $error;
}
  } 


125 is

	@mysql_query(UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` = "{$_POST['ID']}) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' );

 

I changed them all to ' but that didn't work either.

change

@mysql_query(UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` = "{$_POST['ID']}) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' );

 

to

 

mysql_query("UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` = '{$_POST['ID']}'") or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' );

I changed it to that and got an error so I changed it to

	mysql_query("UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` = "{$_POST['ID']}'") or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' );

With the " at the beginning of "{$_POST['ID']}'"

Parse error: syntax error, unexpected '{' in /home/content/n/a/t/nathanwatson/html/admin/post.php on line 125

Could it be the one at the beginning of $_POST['ID'] ?

I did that and I'm sure at this point i'm just confusing myself but i get the error:

Query string:

Produced an error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(`UID`, `PWD`) VALUES ('TestName', 'TestPass') WHERE `ID` = '24'' at line 1

That's not the syntax for an UPDATE query -

UPDATE [LOW_PRIORITY] [iGNORE] table_reference

    SET col_name1={expr1|DEFAULT} [, col_name2={expr2|DEFAULT}] ...

    [WHERE where_condition]

    [ORDER BY ...]

    [LIMIT row_count]

 

That syntax is for an INSERT query, not an UPDATE query. The values in the query string may or may not need single quotes added to them. If they are expected to be string type data, they do need the quotes added. Also, you should be sanitizing all form data before using it in a query, by using mysql_real_escape_string(), typecasting, etc. Anyhow, try this and see what happens.

 

$query = "UPDATE `users` SET `UID` = {$_POST['UID']}, `PWD` = '{$_POST['PWD']}' WHERE `ID` = {$_POST['ID']}";
$result = mysql_query( $query ) or die( 'Query string: ' . $query . '<br />Produced error: ' . mysql_error() . '<br />')

Pikachu2000,

Thanks, but i'm not worried about sanitizing it as I am the only one that will use this, but I will keep that in mind.

 

So I used your code and it came back with:

Query string: UPDATE `users` SET `UID` = TestName, `PWD` = 'TestPass' WHERE `ID` = 24

Produced error: Unknown column 'TestName' in 'field list'

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.