searls03 Posted March 17, 2011 Share Posted March 17, 2011 ok, so I have found this code to edit profiles online, only problem is that the data is not being posted to the database, there are no errors, just basically refreshes the page. could you take a look and see if you can help me? <?php } //action: edit user ----------------------------------------------------------------------------- if (isset($_GET['edit']) && isset($_GET['id'])) { $userid = (int) $_GET['id']; if ($userid == 0) { die("Invalid ID provided."); } //execution when completed the edit user form and pressed submit button --------------------- if (isset($_POST['editUser'])) { //validate data ------------------------------------------------------------------------ //check empty fields //passwords won't be checked, as they are not required foreach ($_POST as $k=>$v) { if ($v == "" && !in_array($k,$notRequired)) { $error[$k] = "<strong>This field is empty</strong>"; } } //escape string $name = mysql_real_escape_string($_POST['name']); $phone = mysql_real_escape_string($_POST['phone']); $address = mysql_real_escape_string($_POST['address']); $city = mysql_real_escape_string($_POST['city']); $state = mysql_real_escape_string($_POST['state']); $zip = mysql_real_escape_string($_POST['zip']); $cell = mysql_real_escape_string($_POST['cell']); $email = mysql_real_escape_string($_POST['email']); $username = mysql_real_escape_string($_POST['username']); $badges = mysql_real_escape_string($_POST['badges']); $rank = mysql_real_escape_string($_POST['rank']); $accounttype = mysql_real_escape_string($_POST['accounttype']); //check email validation, the function is available at config.php if (!check_email($_POST['email'])) { $error['email'] .= " <strong>Email is not valid!</strong>"; } //check email exists in database $res = mysql_query("SELECT email FROM members WHERE email='".$email."' AND userid != '".$userid."'"); if (mysql_num_rows($res) == 1) { $error['email'] .= " <strong>Email already existst in database!</strong>"; } //check username exists in database $res = mysql_query("SELECT username FROM members WHERE username='".$username."' AND username != '".$username."'"); if (mysql_num_rows($res) == 1) { $error['username'] .= " <strong>Username already existst in database!</strong>"; } //check both passwords are the same when password fields are not empty //end validate data --------------------------------------------------------------------- //save to database when no errors are detected ------------------------------------------ if (count($error) == 0) { $query = "UPDATE members SET username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."' "; $query .= "username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."' WHERE userid='".$userid."'"; //update username session if you edit yourself if ($userid == $_SESSION['auth_admin_userid']) { $_SESSION['auth_admin_username'] = $username; } if (mysql_query($query)) { echo "<p><strong>User has been edited and saved to the database.</strong></p>"; } else { echo "<strong>User has NOT been edited and saved into the database. ".mysql_error()."</strong>"; } } } //get user from the database and put data into $_POST variables. $rs = mysql_query("SELECT name, username, phone, address, city, state, zip, cell, email, badges, rank, accounttype FROM members WHERE userid = ".$userid.""); if (mysql_num_rows($rs) == 0) { die("User does not exists!"); } $row = mysql_fetch_assoc($rs); $_POST['name'] = $row['name']; $_POST['username'] = $row['username']; $_POST['phone'] = $row['phone']; $_POST['address'] = $row['address']; $_POST['city'] = $row['city']; $_POST['state'] = $row['state']; $_POST['zip'] = $row['zip']; $_POST['cell'] = $row['cell']; $_POST['email'] = $row['email']; $_POST['badges'] = $row['badges']; $_POST['rank'] = $row['rank']; $_POST['accounttype'] = $row['accounttype']; //if is admin, then $_POST['admin'] exists ?> <div id="TabbedPanels1" class="TabbedPanels"> <ul class="TabbedPanelsTabGroup"> <li class="TabbedPanelsTab" tabindex="0">My Info</li> <li class="TabbedPanelsTab" tabindex="0">Merit Badges</li> <li class="TabbedPanelsTab" tabindex="0">Scout Rank</li> </ul> <div class="TabbedPanelsContentGroup"> <div class="TabbedPanelsContent"> <form action="admin.php?edit&id=<?php echo $userid;?>" method="post"> <table align="center" cellpadding="8" cellspacing="8"> <tr> <td><div align="right">Name:</div></td> <td> <p><input type="text" name="name" value='<?php echo $_POST['name'];?>' /> <?php echo(isset($error['name']))?$error['name']:"";?></p></td> </tr> <tr> <td>Phone Number:</td> <td><input type="text" name="phone" value='<?php echo $_POST['phone'];?>' /> <?php echo(isset($error['phone']))?$error['phone']:"";?></td> </tr> <tr> <td><div align="right">Address:</div></td> <td><input type="text" name="address" value='<?php echo $_POST['address'];?>' /> <?php echo(isset($error['address']))?$error['address']:"";?></td> </tr> <tr> <td><div align="right">City:</div></td> <td><input type="text" name="city" value='<?php echo $_POST['city'];?>' /> <?php echo(isset($error['city']))?$error['city']:"";?></td> </tr> <tr> <td><div align="right">State:</div></td> <td><input type="text" name="state" value='<?php echo $_POST['state'];?>' /> <?php echo(isset($error['state']))?$error['state']:"";?></td> </tr> <tr> <td><div align="right">Zip Code:</div></td> <td><input type="text" name="zip" value='<?php echo $_POST['zip'];?>' /> <?php echo(isset($error['zip']))?$error['zip']:"";?></td> </tr> <tr> <td><div align="right">Email:</div></td> <td> <p> <input type="text" name="email" value='<?php echo $_POST['email'];?>' /> <?php echo(isset($error['email']))?$error['email']:"";?></p></td> </tr> <tr> <td><div align="right">Cell Phone:</div></td> <td><input type="text" name="cell" value='<?php echo $_POST['cell'];?>' /> <?php echo(isset($error['cell']))?$error['cell']:"";?></td> </tr> <tr> <td class="aaaaaaa" align="right">Username:</td> <td><label for="username"></label> <input type="text" name="username" value='<?php echo $_POST['username'];?>' /> <?php echo(isset($error['username']))?$error['username']:"";?></p> </td> </tr> </table> <p> </p> <input name="submit" type="submit" value="Save" /> </form> </div> <div class="TabbedPanelsContent"> <label for="badges"></label> <input name="badges" type="text" id="badges" value="<?php echo "$badges"; ?>" /> </div> <div class="TabbedPanelsContent"> <input name="badges2" type="text" id="badges2" value="<?php echo $rank; ?>" /> </div> </div> </div> <script type="text/javascript"> var TabbedPanels1 = new Spry.Widget.TabbedPanels("TabbedPanels1"); </script> <?php } ?> Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/ Share on other sites More sharing options...
Pikachu2000 Posted March 17, 2011 Share Posted March 17, 2011 Why do you have all of the fields listed twice in the UPDATE query string, and why all the unnecessary string concatenation? That often just leads to typo errors. This should be all you need to use for the UPDATE: $query = "UPDATE members SET username='$username', email='$email',name='$name', phone='$phone', address='$address', city='$city', state='$state', zip='$zip', cell='$cell', accounttype='$accounttype', badges='$badges', rank='$rank' WHERE userid = '$userid'"; And comment out (or remove) the next line, starting with $query .= Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188541 Share on other sites More sharing options...
aabid Posted March 17, 2011 Share Posted March 17, 2011 $query .= "username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."' WHERE userid='".$userid."'"; As per my readings to SQL, the above query doesn't exist i guess Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188554 Share on other sites More sharing options...
searls03 Posted March 17, 2011 Author Share Posted March 17, 2011 I will try this.....but I was following what the code had yher previously and changed to my own fields. Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188626 Share on other sites More sharing options...
searls03 Posted March 17, 2011 Author Share Posted March 17, 2011 I tried and its still not working.....same issue, no errors, php code just doesn't have what you wanted me to take out: <?php } //action: edit user ----------------------------------------------------------------------------- if (isset($_GET['edit']) && isset($_GET['id'])) { $userid = (int) $_GET['id']; if ($userid == 0) { die("Invalid ID provided."); } //execution when completed the edit user form and pressed submit button --------------------- if (isset($_POST['editUser'])) { //validate data ------------------------------------------------------------------------ //check empty fields //passwords won't be checked, as they are not required foreach ($_POST as $k=>$v) { if ($v == "" && !in_array($k,$notRequired)) { $error[$k] = "<strong>This field is empty</strong>"; } } //escape string $name = mysql_real_escape_string($_POST['name']); $phone = mysql_real_escape_string($_POST['phone']); $address = mysql_real_escape_string($_POST['address']); $city = mysql_real_escape_string($_POST['city']); $state = mysql_real_escape_string($_POST['state']); $zip = mysql_real_escape_string($_POST['zip']); $cell = mysql_real_escape_string($_POST['cell']); $email = mysql_real_escape_string($_POST['email']); $username = mysql_real_escape_string($_POST['username']); $badges = mysql_real_escape_string($_POST['badges']); $rank = mysql_real_escape_string($_POST['rank']); $accounttype = mysql_real_escape_string($_POST['accounttype']); //check email validation, the function is available at config.php if (!check_email($_POST['email'])) { $error['email'] .= " <strong>Email is not valid!</strong>"; } //check email exists in database $res = mysql_query("SELECT email FROM members WHERE email='".$email."' AND userid != '".$userid."'"); if (mysql_num_rows($res) == 1) { $error['email'] .= " <strong>Email already existst in database!</strong>"; } //check username exists in database $res = mysql_query("SELECT username FROM members WHERE username='".$username."' AND username != '".$username."'"); if (mysql_num_rows($res) == 1) { $error['username'] .= " <strong>Username already existst in database!</strong>"; } //check both passwords are the same when password fields are not empty //end validate data --------------------------------------------------------------------- //save to database when no errors are detected ------------------------------------------ if (count($error) == 0) { $query .= "username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."' WHERE userid='".$userid."'"; //update username session if you edit yourself if ($userid == $_SESSION['auth_admin_userid']) { $_SESSION['auth_admin_username'] = $username; } if (mysql_query($query)) { echo "<p><strong>User has been edited and saved to the database.</strong></p>"; } else { echo "<strong>User has NOT been edited and saved into the database. ".mysql_error()."</strong>"; } } } //get user from the database and put data into $_POST variables. $rs = mysql_query("SELECT name, username, phone, address, city, state, zip, cell, email, badges, rank, accounttype FROM members WHERE userid = ".$userid.""); if (mysql_num_rows($rs) == 0) { die("User does not exists!"); } $row = mysql_fetch_assoc($rs); $_POST['name'] = $row['name']; $_POST['username'] = $row['username']; $_POST['phone'] = $row['phone']; $_POST['address'] = $row['address']; $_POST['city'] = $row['city']; $_POST['state'] = $row['state']; $_POST['zip'] = $row['zip']; $_POST['cell'] = $row['cell']; $_POST['email'] = $row['email']; $_POST['badges'] = $row['badges']; $_POST['rank'] = $row['rank']; $_POST['accounttype'] = $row['accounttype']; //if is admin, then $_POST['admin'] exists ?> Again, this is a template i used..... Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188846 Share on other sites More sharing options...
Pikachu2000 Posted March 17, 2011 Share Posted March 17, 2011 You removed the wrong line. You needed to remove the line beginning with '$query .= "username" . . . ' but you removed the line before that. Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188880 Share on other sites More sharing options...
searls03 Posted March 17, 2011 Author Share Posted March 17, 2011 I fixed it, same result........ Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188884 Share on other sites More sharing options...
Pikachu2000 Posted March 17, 2011 Share Posted March 17, 2011 Post the code as it currently stands, along with the table structure for the table into which you're trying to insert the data. Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188895 Share on other sites More sharing options...
searls03 Posted March 17, 2011 Author Share Posted March 17, 2011 <?php } //action: edit user ----------------------------------------------------------------------------- if (isset($_GET['edit']) && isset($_GET['id'])) { $userid = (int) $_GET['id']; if ($userid == 0) { die("Invalid ID provided."); } //execution when completed the edit user form and pressed submit button --------------------- if (isset($_POST['editUser'])) { //validate data ------------------------------------------------------------------------ //check empty fields //passwords won't be checked, as they are not required foreach ($_POST as $k=>$v) { if ($v == "" && !in_array($k,$notRequired)) { $error[$k] = "<strong>This field is empty</strong>"; } } //escape string $name = mysql_real_escape_string($_POST['name']); $phone = mysql_real_escape_string($_POST['phone']); $address = mysql_real_escape_string($_POST['address']); $city = mysql_real_escape_string($_POST['city']); $state = mysql_real_escape_string($_POST['state']); $zip = mysql_real_escape_string($_POST['zip']); $cell = mysql_real_escape_string($_POST['cell']); $email = mysql_real_escape_string($_POST['email']); $username = mysql_real_escape_string($_POST['username']); $badges = mysql_real_escape_string($_POST['badges']); $rank = mysql_real_escape_string($_POST['rank']); $accounttype = mysql_real_escape_string($_POST['accounttype']); //check email validation, the function is available at config.php if (!check_email($_POST['email'])) { $error['email'] .= " <strong>Email is not valid!</strong>"; } //check email exists in database $res = mysql_query("SELECT email FROM members WHERE email='".$email."' AND userid != '".$userid."'"); if (mysql_num_rows($res) == 1) { $error['email'] .= " <strong>Email already existst in database!</strong>"; } //check username exists in database $res = mysql_query("SELECT username FROM members WHERE username='".$username."' AND username != '".$username."'"); if (mysql_num_rows($res) == 1) { $error['username'] .= " <strong>Username already existst in database!</strong>"; } //check both passwords are the same when password fields are not empty //end validate data --------------------------------------------------------------------- //save to database when no errors are detected ------------------------------------------ if (count($error) == 0) { $query = "UPDATE members SET username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."' WHERE userid='".$userid."' "; //update username session if you edit yourself if ($userid == $_SESSION['auth_admin_userid']) { $_SESSION['auth_admin_username'] = $username; } if (mysql_query($query)) { echo "<p><strong>User has been edited and saved to the database.</strong></p>"; } else { echo "<strong>User has NOT been edited and saved into the database. ".mysql_error()."</strong>"; } } } //get user from the database and put data into $_POST variables. $rs = mysql_query("SELECT name, username, phone, address, city, state, zip, cell, email, badges, rank, accounttype FROM members WHERE userid = ".$userid.""); if (mysql_num_rows($rs) == 0) { die("User does not exists!"); } $row = mysql_fetch_assoc($rs); $_POST['name'] = $row['name']; $_POST['username'] = $row['username']; $_POST['phone'] = $row['phone']; $_POST['address'] = $row['address']; $_POST['city'] = $row['city']; $_POST['state'] = $row['state']; $_POST['zip'] = $row['zip']; $_POST['cell'] = $row['cell']; $_POST['email'] = $row['email']; $_POST['badges'] = $row['badges']; $_POST['rank'] = $row['rank']; $_POST['accounttype'] = $row['accounttype']; //if is admin, then $_POST['admin'] exists ?> I did add WHERE userid=$userid, I also tried without, neither worked table structure....... `eventid` int(11) NOT NULL auto_increment, `event` varchar(255) collate latin1_general_ci NOT NULL, `startdate` date NOT NULL, `enddate` varchar(255) collate latin1_general_ci NOT NULL, `description` longtext collate latin1_general_ci NOT NULL, `location` varchar(255) collate latin1_general_ci NOT NULL, `subevent1` longtext collate latin1_general_ci NOT NULL, `subevent2` longtext collate latin1_general_ci, `subevent3` longtext collate latin1_general_ci, `subevent4` longtext collate latin1_general_ci, `subevent5` longtext collate latin1_general_ci, `subevent6` longtext collate latin1_general_ci, `subevent7` longtext collate latin1_general_ci, `subevent8` longtext collate latin1_general_ci, `price1` varchar(255) collate latin1_general_ci NOT NULL, `price2` varchar(255) collate latin1_general_ci default NULL, `price3` varchar(255) collate latin1_general_ci default NULL, `price4` varchar(255) collate latin1_general_ci default NULL, `price5` varchar(255) collate latin1_general_ci default NULL, `price6` varchar(255) collate latin1_general_ci default NULL, `price7` varchar(255) collate latin1_general_ci default NULL, `price8` varchar(255) collate latin1_general_ci default NULL, `title1` varchar(255) collate latin1_general_ci NOT NULL, `title2` varchar(255) collate latin1_general_ci NOT NULL, `title3` varchar(255) collate latin1_general_ci NOT NULL, `title4` varchar(255) collate latin1_general_ci NOT NULL, `title5` varchar(255) collate latin1_general_ci NOT NULL, `title6` varchar(255) collate latin1_general_ci NOT NULL, `title7` varchar(255) collate latin1_general_ci NOT NULL, `title8` varchar(255) collate latin1_general_ci NOT NULL, `date1` varchar(255) collate latin1_general_ci NOT NULL, `date2` varchar(255) collate latin1_general_ci NOT NULL, `date3` varchar(255) collate latin1_general_ci NOT NULL, `date4` varchar(255) collate latin1_general_ci NOT NULL, `date5` varchar(255) collate latin1_general_ci NOT NULL, `date6` varchar(255) collate latin1_general_ci NOT NULL, `date7` varchar(255) collate latin1_general_ci NOT NULL, `date8` varchar(255) collate latin1_general_ci NOT NULL, PRIMARY KEY (`eventid`), FULLTEXT KEY `event_3` (`event`), FULLTEXT KEY `description` (`description`), FULLTEXT KEY `location` (`location`), FULLTEXT KEY `subevent1` (`subevent1`,`subevent2`,`subevent3`,`subevent4`,`subevent5`,`subevent6`,`subevent7`,`subevent8`), FULLTEXT KEY `price1` (`price1`,`price2`,`price3`,`price4`,`price5`,`price6`,`price7`,`price8`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=5 ; Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188896 Share on other sites More sharing options...
Pikachu2000 Posted March 17, 2011 Share Posted March 17, 2011 Is it returning either the 'User has been edited . . . ' or the 'User has NOT been edited . . . ' messages? Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188905 Share on other sites More sharing options...
searls03 Posted March 17, 2011 Author Share Posted March 17, 2011 nope, just refreshing the page............... Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188906 Share on other sites More sharing options...
Pikachu2000 Posted March 17, 2011 Share Posted March 17, 2011 I see in your code, you're checking if( isset($_POST['editUser']) ) { but there's no form field by that name. If you're using it to see if the submit button has been clicked, either rename the submit button, or change the conditional check. Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188909 Share on other sites More sharing options...
searls03 Posted March 17, 2011 Author Share Posted March 17, 2011 yep thanks!!!!!! Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188913 Share on other sites More sharing options...
searls03 Posted March 18, 2011 Author Share Posted March 18, 2011 on this same profile page, it is only for admins to edit other users..........can you tell me how I would use a session or something to block a scout user from acessing this page? Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188976 Share on other sites More sharing options...
Pikachu2000 Posted March 18, 2011 Share Posted March 18, 2011 That's really a different topic that you should start a new thread for. Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1188997 Share on other sites More sharing options...
searls03 Posted March 18, 2011 Author Share Posted March 18, 2011 ok, that fine........ Link to comment https://forums.phpfreaks.com/topic/230884-update-a-profile-not-working/#findComment-1189007 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.