searls03 Posted March 17, 2011 Share Posted March 17, 2011 ok, so I have found this code to edit profiles online, only problem is that the data is not being posted to the database, there are no errors, just basically refreshes the page. could you take a look and see if you can help me? <?php } //action: edit user ----------------------------------------------------------------------------- if (isset($_GET['edit']) && isset($_GET['id'])) { $userid = (int) $_GET['id']; if ($userid == 0) { die("Invalid ID provided."); } //execution when completed the edit user form and pressed submit button --------------------- if (isset($_POST['editUser'])) { //validate data ------------------------------------------------------------------------ //check empty fields //passwords won't be checked, as they are not required foreach ($_POST as $k=>$v) { if ($v == "" && !in_array($k,$notRequired)) { $error[$k] = "<strong>This field is empty</strong>"; } } //escape string $name = mysql_real_escape_string($_POST['name']); $phone = mysql_real_escape_string($_POST['phone']); $address = mysql_real_escape_string($_POST['address']); $city = mysql_real_escape_string($_POST['city']); $state = mysql_real_escape_string($_POST['state']); $zip = mysql_real_escape_string($_POST['zip']); $cell = mysql_real_escape_string($_POST['cell']); $email = mysql_real_escape_string($_POST['email']); $username = mysql_real_escape_string($_POST['username']); $badges = mysql_real_escape_string($_POST['badges']); $rank = mysql_real_escape_string($_POST['rank']); $accounttype = mysql_real_escape_string($_POST['accounttype']); //check email validation, the function is available at config.php if (!check_email($_POST['email'])) { $error['email'] .= " <strong>Email is not valid!</strong>"; } //check email exists in database $res = mysql_query("SELECT email FROM members WHERE email='".$email."' AND userid != '".$userid."'"); if (mysql_num_rows($res) == 1) { $error['email'] .= " <strong>Email already existst in database!</strong>"; } //check username exists in database $res = mysql_query("SELECT username FROM members WHERE username='".$username."' AND username != '".$username."'"); if (mysql_num_rows($res) == 1) { $error['username'] .= " <strong>Username already existst in database!</strong>"; } //check both passwords are the same when password fields are not empty //end validate data --------------------------------------------------------------------- //save to database when no errors are detected ------------------------------------------ if (count($error) == 0) { $query = "UPDATE members SET username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."' "; $query .= "username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."' WHERE userid='".$userid."'"; //update username session if you edit yourself if ($userid == $_SESSION['auth_admin_userid']) { $_SESSION['auth_admin_username'] = $username; } if (mysql_query($query)) { echo "<p><strong>User has been edited and saved to the database.</strong></p>"; } else { echo "<strong>User has NOT been edited and saved into the database. ".mysql_error()."</strong>"; } } } //get user from the database and put data into $_POST variables. $rs = mysql_query("SELECT name, username, phone, address, city, state, zip, cell, email, badges, rank, accounttype FROM members WHERE userid = ".$userid.""); if (mysql_num_rows($rs) == 0) { die("User does not exists!"); } $row = mysql_fetch_assoc($rs); $_POST['name'] = $row['name']; $_POST['username'] = $row['username']; $_POST['phone'] = $row['phone']; $_POST['address'] = $row['address']; $_POST['city'] = $row['city']; $_POST['state'] = $row['state']; $_POST['zip'] = $row['zip']; $_POST['cell'] = $row['cell']; $_POST['email'] = $row['email']; $_POST['badges'] = $row['badges']; $_POST['rank'] = $row['rank']; $_POST['accounttype'] = $row['accounttype']; //if is admin, then $_POST['admin'] exists ?> <div id="TabbedPanels1" class="TabbedPanels"> <ul class="TabbedPanelsTabGroup"> <li class="TabbedPanelsTab" tabindex="0">My Info</li> <li class="TabbedPanelsTab" tabindex="0">Merit Badges</li> <li class="TabbedPanelsTab" tabindex="0">Scout Rank</li> </ul> <div class="TabbedPanelsContentGroup"> <div class="TabbedPanelsContent"> <form action="admin.php?edit&id=<?php echo $userid;?>" method="post"> <table align="center" cellpadding="8" cellspacing="8"> <tr> <td><div align="right">Name:</div></td> <td> <p><input type="text" name="name" value='<?php echo $_POST['name'];?>' /> <?php echo(isset($error['name']))?$error['name']:"";?></p></td> </tr> <tr> <td>Phone Number:</td> <td><input type="text" name="phone" value='<?php echo $_POST['phone'];?>' /> <?php echo(isset($error['phone']))?$error['phone']:"";?></td> </tr> <tr> <td><div align="right">Address:</div></td> <td><input type="text" name="address" value='<?php echo $_POST['address'];?>' /> <?php echo(isset($error['address']))?$error['address']:"";?></td> </tr> <tr> <td><div align="right">City:</div></td> <td><input type="text" name="city" value='<?php echo $_POST['city'];?>' /> <?php echo(isset($error['city']))?$error['city']:"";?></td> </tr> <tr> <td><div align="right">State:</div></td> <td><input type="text" name="state" value='<?php echo $_POST['state'];?>' /> <?php echo(isset($error['state']))?$error['state']:"";?></td> </tr> <tr> <td><div align="right">Zip Code:</div></td> <td><input type="text" name="zip" value='<?php echo $_POST['zip'];?>' /> <?php echo(isset($error['zip']))?$error['zip']:"";?></td> </tr> <tr> <td><div align="right">Email:</div></td> <td> <p> <input type="text" name="email" value='<?php echo $_POST['email'];?>' /> <?php echo(isset($error['email']))?$error['email']:"";?></p></td> </tr> <tr> <td><div align="right">Cell Phone:</div></td> <td><input type="text" name="cell" value='<?php echo $_POST['cell'];?>' /> <?php echo(isset($error['cell']))?$error['cell']:"";?></td> </tr> <tr> <td class="aaaaaaa" align="right">Username:</td> <td><label for="username"></label> <input type="text" name="username" value='<?php echo $_POST['username'];?>' /> <?php echo(isset($error['username']))?$error['username']:"";?></p> </td> </tr> </table> <p> </p> <input name="submit" type="submit" value="Save" /> </form> </div> <div class="TabbedPanelsContent"> <label for="badges"></label> <input name="badges" type="text" id="badges" value="<?php echo "$badges"; ?>" /> </div> <div class="TabbedPanelsContent"> <input name="badges2" type="text" id="badges2" value="<?php echo $rank; ?>" /> </div> </div> </div> <script type="text/javascript"> var TabbedPanels1 = new Spry.Widget.TabbedPanels("TabbedPanels1"); </script> <?php } ?> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 17, 2011 Share Posted March 17, 2011 Why do you have all of the fields listed twice in the UPDATE query string, and why all the unnecessary string concatenation? That often just leads to typo errors. This should be all you need to use for the UPDATE: $query = "UPDATE members SET username='$username', email='$email',name='$name', phone='$phone', address='$address', city='$city', state='$state', zip='$zip', cell='$cell', accounttype='$accounttype', badges='$badges', rank='$rank' WHERE userid = '$userid'"; And comment out (or remove) the next line, starting with $query .= Quote Link to comment Share on other sites More sharing options...
aabid Posted March 17, 2011 Share Posted March 17, 2011 $query .= "username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."' WHERE userid='".$userid."'"; As per my readings to SQL, the above query doesn't exist i guess Quote Link to comment Share on other sites More sharing options...
searls03 Posted March 17, 2011 Author Share Posted March 17, 2011 I will try this.....but I was following what the code had yher previously and changed to my own fields. Quote Link to comment Share on other sites More sharing options...
searls03 Posted March 17, 2011 Author Share Posted March 17, 2011 I tried and its still not working.....same issue, no errors, php code just doesn't have what you wanted me to take out: <?php } //action: edit user ----------------------------------------------------------------------------- if (isset($_GET['edit']) && isset($_GET['id'])) { $userid = (int) $_GET['id']; if ($userid == 0) { die("Invalid ID provided."); } //execution when completed the edit user form and pressed submit button --------------------- if (isset($_POST['editUser'])) { //validate data ------------------------------------------------------------------------ //check empty fields //passwords won't be checked, as they are not required foreach ($_POST as $k=>$v) { if ($v == "" && !in_array($k,$notRequired)) { $error[$k] = "<strong>This field is empty</strong>"; } } //escape string $name = mysql_real_escape_string($_POST['name']); $phone = mysql_real_escape_string($_POST['phone']); $address = mysql_real_escape_string($_POST['address']); $city = mysql_real_escape_string($_POST['city']); $state = mysql_real_escape_string($_POST['state']); $zip = mysql_real_escape_string($_POST['zip']); $cell = mysql_real_escape_string($_POST['cell']); $email = mysql_real_escape_string($_POST['email']); $username = mysql_real_escape_string($_POST['username']); $badges = mysql_real_escape_string($_POST['badges']); $rank = mysql_real_escape_string($_POST['rank']); $accounttype = mysql_real_escape_string($_POST['accounttype']); //check email validation, the function is available at config.php if (!check_email($_POST['email'])) { $error['email'] .= " <strong>Email is not valid!</strong>"; } //check email exists in database $res = mysql_query("SELECT email FROM members WHERE email='".$email."' AND userid != '".$userid."'"); if (mysql_num_rows($res) == 1) { $error['email'] .= " <strong>Email already existst in database!</strong>"; } //check username exists in database $res = mysql_query("SELECT username FROM members WHERE username='".$username."' AND username != '".$username."'"); if (mysql_num_rows($res) == 1) { $error['username'] .= " <strong>Username already existst in database!</strong>"; } //check both passwords are the same when password fields are not empty //end validate data --------------------------------------------------------------------- //save to database when no errors are detected ------------------------------------------ if (count($error) == 0) { $query .= "username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."' WHERE userid='".$userid."'"; //update username session if you edit yourself if ($userid == $_SESSION['auth_admin_userid']) { $_SESSION['auth_admin_username'] = $username; } if (mysql_query($query)) { echo "<p><strong>User has been edited and saved to the database.</strong></p>"; } else { echo "<strong>User has NOT been edited and saved into the database. ".mysql_error()."</strong>"; } } } //get user from the database and put data into $_POST variables. $rs = mysql_query("SELECT name, username, phone, address, city, state, zip, cell, email, badges, rank, accounttype FROM members WHERE userid = ".$userid.""); if (mysql_num_rows($rs) == 0) { die("User does not exists!"); } $row = mysql_fetch_assoc($rs); $_POST['name'] = $row['name']; $_POST['username'] = $row['username']; $_POST['phone'] = $row['phone']; $_POST['address'] = $row['address']; $_POST['city'] = $row['city']; $_POST['state'] = $row['state']; $_POST['zip'] = $row['zip']; $_POST['cell'] = $row['cell']; $_POST['email'] = $row['email']; $_POST['badges'] = $row['badges']; $_POST['rank'] = $row['rank']; $_POST['accounttype'] = $row['accounttype']; //if is admin, then $_POST['admin'] exists ?> Again, this is a template i used..... Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 17, 2011 Share Posted March 17, 2011 You removed the wrong line. You needed to remove the line beginning with '$query .= "username" . . . ' but you removed the line before that. Quote Link to comment Share on other sites More sharing options...
searls03 Posted March 17, 2011 Author Share Posted March 17, 2011 I fixed it, same result........ Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 17, 2011 Share Posted March 17, 2011 Post the code as it currently stands, along with the table structure for the table into which you're trying to insert the data. Quote Link to comment Share on other sites More sharing options...
searls03 Posted March 17, 2011 Author Share Posted March 17, 2011 <?php } //action: edit user ----------------------------------------------------------------------------- if (isset($_GET['edit']) && isset($_GET['id'])) { $userid = (int) $_GET['id']; if ($userid == 0) { die("Invalid ID provided."); } //execution when completed the edit user form and pressed submit button --------------------- if (isset($_POST['editUser'])) { //validate data ------------------------------------------------------------------------ //check empty fields //passwords won't be checked, as they are not required foreach ($_POST as $k=>$v) { if ($v == "" && !in_array($k,$notRequired)) { $error[$k] = "<strong>This field is empty</strong>"; } } //escape string $name = mysql_real_escape_string($_POST['name']); $phone = mysql_real_escape_string($_POST['phone']); $address = mysql_real_escape_string($_POST['address']); $city = mysql_real_escape_string($_POST['city']); $state = mysql_real_escape_string($_POST['state']); $zip = mysql_real_escape_string($_POST['zip']); $cell = mysql_real_escape_string($_POST['cell']); $email = mysql_real_escape_string($_POST['email']); $username = mysql_real_escape_string($_POST['username']); $badges = mysql_real_escape_string($_POST['badges']); $rank = mysql_real_escape_string($_POST['rank']); $accounttype = mysql_real_escape_string($_POST['accounttype']); //check email validation, the function is available at config.php if (!check_email($_POST['email'])) { $error['email'] .= " <strong>Email is not valid!</strong>"; } //check email exists in database $res = mysql_query("SELECT email FROM members WHERE email='".$email."' AND userid != '".$userid."'"); if (mysql_num_rows($res) == 1) { $error['email'] .= " <strong>Email already existst in database!</strong>"; } //check username exists in database $res = mysql_query("SELECT username FROM members WHERE username='".$username."' AND username != '".$username."'"); if (mysql_num_rows($res) == 1) { $error['username'] .= " <strong>Username already existst in database!</strong>"; } //check both passwords are the same when password fields are not empty //end validate data --------------------------------------------------------------------- //save to database when no errors are detected ------------------------------------------ if (count($error) == 0) { $query = "UPDATE members SET username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."' WHERE userid='".$userid."' "; //update username session if you edit yourself if ($userid == $_SESSION['auth_admin_userid']) { $_SESSION['auth_admin_username'] = $username; } if (mysql_query($query)) { echo "<p><strong>User has been edited and saved to the database.</strong></p>"; } else { echo "<strong>User has NOT been edited and saved into the database. ".mysql_error()."</strong>"; } } } //get user from the database and put data into $_POST variables. $rs = mysql_query("SELECT name, username, phone, address, city, state, zip, cell, email, badges, rank, accounttype FROM members WHERE userid = ".$userid.""); if (mysql_num_rows($rs) == 0) { die("User does not exists!"); } $row = mysql_fetch_assoc($rs); $_POST['name'] = $row['name']; $_POST['username'] = $row['username']; $_POST['phone'] = $row['phone']; $_POST['address'] = $row['address']; $_POST['city'] = $row['city']; $_POST['state'] = $row['state']; $_POST['zip'] = $row['zip']; $_POST['cell'] = $row['cell']; $_POST['email'] = $row['email']; $_POST['badges'] = $row['badges']; $_POST['rank'] = $row['rank']; $_POST['accounttype'] = $row['accounttype']; //if is admin, then $_POST['admin'] exists ?> I did add WHERE userid=$userid, I also tried without, neither worked table structure....... `eventid` int(11) NOT NULL auto_increment, `event` varchar(255) collate latin1_general_ci NOT NULL, `startdate` date NOT NULL, `enddate` varchar(255) collate latin1_general_ci NOT NULL, `description` longtext collate latin1_general_ci NOT NULL, `location` varchar(255) collate latin1_general_ci NOT NULL, `subevent1` longtext collate latin1_general_ci NOT NULL, `subevent2` longtext collate latin1_general_ci, `subevent3` longtext collate latin1_general_ci, `subevent4` longtext collate latin1_general_ci, `subevent5` longtext collate latin1_general_ci, `subevent6` longtext collate latin1_general_ci, `subevent7` longtext collate latin1_general_ci, `subevent8` longtext collate latin1_general_ci, `price1` varchar(255) collate latin1_general_ci NOT NULL, `price2` varchar(255) collate latin1_general_ci default NULL, `price3` varchar(255) collate latin1_general_ci default NULL, `price4` varchar(255) collate latin1_general_ci default NULL, `price5` varchar(255) collate latin1_general_ci default NULL, `price6` varchar(255) collate latin1_general_ci default NULL, `price7` varchar(255) collate latin1_general_ci default NULL, `price8` varchar(255) collate latin1_general_ci default NULL, `title1` varchar(255) collate latin1_general_ci NOT NULL, `title2` varchar(255) collate latin1_general_ci NOT NULL, `title3` varchar(255) collate latin1_general_ci NOT NULL, `title4` varchar(255) collate latin1_general_ci NOT NULL, `title5` varchar(255) collate latin1_general_ci NOT NULL, `title6` varchar(255) collate latin1_general_ci NOT NULL, `title7` varchar(255) collate latin1_general_ci NOT NULL, `title8` varchar(255) collate latin1_general_ci NOT NULL, `date1` varchar(255) collate latin1_general_ci NOT NULL, `date2` varchar(255) collate latin1_general_ci NOT NULL, `date3` varchar(255) collate latin1_general_ci NOT NULL, `date4` varchar(255) collate latin1_general_ci NOT NULL, `date5` varchar(255) collate latin1_general_ci NOT NULL, `date6` varchar(255) collate latin1_general_ci NOT NULL, `date7` varchar(255) collate latin1_general_ci NOT NULL, `date8` varchar(255) collate latin1_general_ci NOT NULL, PRIMARY KEY (`eventid`), FULLTEXT KEY `event_3` (`event`), FULLTEXT KEY `description` (`description`), FULLTEXT KEY `location` (`location`), FULLTEXT KEY `subevent1` (`subevent1`,`subevent2`,`subevent3`,`subevent4`,`subevent5`,`subevent6`,`subevent7`,`subevent8`), FULLTEXT KEY `price1` (`price1`,`price2`,`price3`,`price4`,`price5`,`price6`,`price7`,`price8`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=5 ; Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 17, 2011 Share Posted March 17, 2011 Is it returning either the 'User has been edited . . . ' or the 'User has NOT been edited . . . ' messages? Quote Link to comment Share on other sites More sharing options...
searls03 Posted March 17, 2011 Author Share Posted March 17, 2011 nope, just refreshing the page............... Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 17, 2011 Share Posted March 17, 2011 I see in your code, you're checking if( isset($_POST['editUser']) ) { but there's no form field by that name. If you're using it to see if the submit button has been clicked, either rename the submit button, or change the conditional check. Quote Link to comment Share on other sites More sharing options...
searls03 Posted March 17, 2011 Author Share Posted March 17, 2011 yep thanks!!!!!! Quote Link to comment Share on other sites More sharing options...
searls03 Posted March 18, 2011 Author Share Posted March 18, 2011 on this same profile page, it is only for admins to edit other users..........can you tell me how I would use a session or something to block a scout user from acessing this page? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 18, 2011 Share Posted March 18, 2011 That's really a different topic that you should start a new thread for. Quote Link to comment Share on other sites More sharing options...
searls03 Posted March 18, 2011 Author Share Posted March 18, 2011 ok, that fine........ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.