Jump to content

update a profile not working


searls03

Recommended Posts

ok, so I have found this code to edit profiles online, only problem is that the data is not being posted to the database, there are no errors, just basically refreshes the page.  could you take a look and see if you can help me?

<?php
}
//action: edit user -----------------------------------------------------------------------------
if (isset($_GET['edit']) && isset($_GET['id'])) {
$userid = (int) $_GET['id'];
if ($userid == 0) {
	die("Invalid ID provided.");
}
//execution when completed the edit user form and pressed submit button ---------------------
if (isset($_POST['editUser'])) {
	//validate data ------------------------------------------------------------------------
	//check empty fields
	 //passwords won't be checked, as they are not required
	foreach ($_POST as $k=>$v) {
		if ($v == "" && !in_array($k,$notRequired)) {
			$error[$k] = "<strong>This field is empty</strong>";
		}
	}
	//escape string
	$name = mysql_real_escape_string($_POST['name']);
	$phone = mysql_real_escape_string($_POST['phone']);
	$address = mysql_real_escape_string($_POST['address']);
	$city = mysql_real_escape_string($_POST['city']);
	$state = mysql_real_escape_string($_POST['state']);
	$zip = mysql_real_escape_string($_POST['zip']);
	$cell = mysql_real_escape_string($_POST['cell']);
	$email = mysql_real_escape_string($_POST['email']);
	$username = mysql_real_escape_string($_POST['username']);
	$badges = mysql_real_escape_string($_POST['badges']);
	$rank = mysql_real_escape_string($_POST['rank']);
	$accounttype = mysql_real_escape_string($_POST['accounttype']);


	//check email validation, the function is available at config.php
	if (!check_email($_POST['email'])) {
		$error['email'] .= " <strong>Email is not valid!</strong>";
	}
	//check email exists in database
	$res = mysql_query("SELECT email FROM members WHERE email='".$email."' AND userid != '".$userid."'");
	if (mysql_num_rows($res) == 1) {
		$error['email'] .= " <strong>Email already existst in database!</strong>";
	}
	//check username exists in database
	$res = mysql_query("SELECT username FROM members WHERE username='".$username."' AND username != '".$username."'");
	if (mysql_num_rows($res) == 1) {
		$error['username'] .= " <strong>Username already existst in database!</strong>";
	}
	//check both passwords are the same when password fields are not empty

	//end validate data ---------------------------------------------------------------------

	//save to database when no errors are detected ------------------------------------------
	if (count($error) == 0) {
		$query = "UPDATE members SET username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."' ";

		$query .= "username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."'  WHERE userid='".$userid."'";

		//update username session if you edit yourself
		if ($userid == $_SESSION['auth_admin_userid']) {
			$_SESSION['auth_admin_username'] = $username;
		}

		if (mysql_query($query)) {
			echo "<p><strong>User has been edited and saved to the database.</strong></p>";
		} else {
			echo "<strong>User has NOT been edited and saved into the database. ".mysql_error()."</strong>";
		}
	}
}
//get user from the database and put data into $_POST variables.
$rs = mysql_query("SELECT name, username, phone, address, city, state, zip, cell, email, badges, rank, accounttype FROM members WHERE userid = ".$userid."");
if (mysql_num_rows($rs) == 0) {
	die("User does not exists!");
}
$row = mysql_fetch_assoc($rs);
$_POST['name'] = $row['name'];
	$_POST['username'] = $row['username'];
$_POST['phone'] = $row['phone'];
	$_POST['address'] = $row['address'];
$_POST['city'] = $row['city'];
$_POST['state'] = $row['state'];
$_POST['zip'] = $row['zip'];
$_POST['cell'] = $row['cell'];
$_POST['email'] = $row['email'];
	$_POST['badges'] = $row['badges'];
$_POST['rank'] = $row['rank'];
	$_POST['accounttype'] = $row['accounttype'];


//if is admin, then $_POST['admin'] exists


?>







<div id="TabbedPanels1" class="TabbedPanels">
  <ul class="TabbedPanelsTabGroup">
    <li class="TabbedPanelsTab" tabindex="0">My Info</li>
    <li class="TabbedPanelsTab" tabindex="0">Merit Badges</li>
    <li class="TabbedPanelsTab" tabindex="0">Scout Rank</li>
    </ul>
  <div class="TabbedPanelsContentGroup">
    <div class="TabbedPanelsContent">
    <form action="admin.php?edit&id=<?php echo $userid;?>" method="post">
      <table align="center" cellpadding="8" cellspacing="8">
        <tr>  
          <td><div align="right">Name:</div></td>
          <td>	<p><input type="text" name="name" value='<?php echo $_POST['name'];?>' />
	<?php echo(isset($error['name']))?$error['name']:"";?></p></td>
          </tr>
        <tr>
          <td>Phone Number:</td>
          <td><input type="text" name="phone" value='<?php echo $_POST['phone'];?>' />
	<?php echo(isset($error['phone']))?$error['phone']:"";?></td>
          </tr>  
        <tr>
          <td><div align="right">Address:</div></td>
          <td><input type="text" name="address" value='<?php echo $_POST['address'];?>' />
	<?php echo(isset($error['address']))?$error['address']:"";?></td>
          </tr>
        <tr>
          <td><div align="right">City:</div></td>
          <td><input type="text" name="city" value='<?php echo $_POST['city'];?>' />
	<?php echo(isset($error['city']))?$error['city']:"";?></td>
          </tr>
        <tr>
          <td><div align="right">State:</div></td>
          <td><input type="text" name="state" value='<?php echo $_POST['state'];?>' />
	<?php echo(isset($error['state']))?$error['state']:"";?></td>
          </tr>  
        <tr>
          <td><div align="right">Zip Code:</div></td>
          <td><input type="text" name="zip" value='<?php echo $_POST['zip'];?>' />
	<?php echo(isset($error['zip']))?$error['zip']:"";?></td>
          </tr>
        <tr>
          <td><div align="right">Email:</div></td>
          <td>	
	<p>
	<input type="text" name="email" value='<?php echo $_POST['email'];?>' />
	<?php echo(isset($error['email']))?$error['email']:"";?></p></td>
          </tr> 
        <tr>
          <td><div align="right">Cell Phone:</div></td>
          <td><input type="text" name="cell" value='<?php echo $_POST['cell'];?>' />
	<?php echo(isset($error['cell']))?$error['cell']:"";?></td>
          </tr>  
        <tr>
          <td class="aaaaaaa" align="right">Username:</td>
          <td><label for="username"></label>
            <input type="text" name="username" value='<?php echo $_POST['username'];?>' />
	<?php echo(isset($error['username']))?$error['username']:"";?></p>
            </td>
          </tr>
      
        </table>
      <p>         </p>
      
        <input name="submit" type="submit" value="Save" />
      
    </form>  
      </div>
    <div class="TabbedPanelsContent">
      <label for="badges"></label>
      <input name="badges" type="text" id="badges" value="<?php echo "$badges"; ?>" />
      </div>
    <div class="TabbedPanelsContent">
      <input name="badges2" type="text" id="badges2" value="<?php echo $rank; ?>" />
      </div>
    </div>
</div> <script type="text/javascript">
var TabbedPanels1 = new Spry.Widget.TabbedPanels("TabbedPanels1");
  </script>
<?php
}
?>

Link to comment
Share on other sites

Why do you have all of the fields listed twice in the UPDATE query string, and why all the unnecessary string concatenation? That often just leads to typo errors.

 

This should be all you need to use for the UPDATE:

$query = "UPDATE members SET username='$username', email='$email',name='$name', phone='$phone', address='$address', city='$city', state='$state', zip='$zip', cell='$cell', accounttype='$accounttype', badges='$badges', rank='$rank' WHERE userid = '$userid'";

 

And comment out (or remove) the next line, starting with $query .=

Link to comment
Share on other sites

$query .= "username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."'  WHERE userid='".$userid."'";

 

As per my readings to SQL, the above query doesn't exist i guess  :confused:

Link to comment
Share on other sites

I tried and its still not working.....same issue, no errors, php code just doesn't have what you wanted me to take out:

<?php
}
//action: edit user -----------------------------------------------------------------------------
if (isset($_GET['edit']) && isset($_GET['id'])) {
$userid = (int) $_GET['id'];
if ($userid == 0) {
	die("Invalid ID provided.");
}
//execution when completed the edit user form and pressed submit button ---------------------
if (isset($_POST['editUser'])) {
	//validate data ------------------------------------------------------------------------
	//check empty fields
	 //passwords won't be checked, as they are not required
	foreach ($_POST as $k=>$v) {
		if ($v == "" && !in_array($k,$notRequired)) {
			$error[$k] = "<strong>This field is empty</strong>";
		}
	}
	//escape string
	$name = mysql_real_escape_string($_POST['name']);
	$phone = mysql_real_escape_string($_POST['phone']);
	$address = mysql_real_escape_string($_POST['address']);
	$city = mysql_real_escape_string($_POST['city']);
	$state = mysql_real_escape_string($_POST['state']);
	$zip = mysql_real_escape_string($_POST['zip']);
	$cell = mysql_real_escape_string($_POST['cell']);
	$email = mysql_real_escape_string($_POST['email']);
	$username = mysql_real_escape_string($_POST['username']);
	$badges = mysql_real_escape_string($_POST['badges']);
	$rank = mysql_real_escape_string($_POST['rank']);
	$accounttype = mysql_real_escape_string($_POST['accounttype']);


	//check email validation, the function is available at config.php
	if (!check_email($_POST['email'])) {
		$error['email'] .= " <strong>Email is not valid!</strong>";
	}
	//check email exists in database
	$res = mysql_query("SELECT email FROM members WHERE email='".$email."' AND userid != '".$userid."'");
	if (mysql_num_rows($res) == 1) {
		$error['email'] .= " <strong>Email already existst in database!</strong>";
	}
	//check username exists in database
	$res = mysql_query("SELECT username FROM members WHERE username='".$username."' AND username != '".$username."'");
	if (mysql_num_rows($res) == 1) {
		$error['username'] .= " <strong>Username already existst in database!</strong>";
	}
	//check both passwords are the same when password fields are not empty

	//end validate data ---------------------------------------------------------------------

	//save to database when no errors are detected ------------------------------------------
	if (count($error) == 0) {


		$query .= "username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."'  WHERE userid='".$userid."'";

		//update username session if you edit yourself
		if ($userid == $_SESSION['auth_admin_userid']) {
			$_SESSION['auth_admin_username'] = $username;
		}

		if (mysql_query($query)) {
			echo "<p><strong>User has been edited and saved to the database.</strong></p>";
		} else {
			echo "<strong>User has NOT been edited and saved into the database. ".mysql_error()."</strong>";
		}
	}
}
//get user from the database and put data into $_POST variables.
$rs = mysql_query("SELECT name, username, phone, address, city, state, zip, cell, email, badges, rank, accounttype FROM members WHERE userid = ".$userid."");
if (mysql_num_rows($rs) == 0) {
	die("User does not exists!");
}
$row = mysql_fetch_assoc($rs);
$_POST['name'] = $row['name'];
	$_POST['username'] = $row['username'];
$_POST['phone'] = $row['phone'];
	$_POST['address'] = $row['address'];
$_POST['city'] = $row['city'];
$_POST['state'] = $row['state'];
$_POST['zip'] = $row['zip'];
$_POST['cell'] = $row['cell'];
$_POST['email'] = $row['email'];
	$_POST['badges'] = $row['badges'];
$_POST['rank'] = $row['rank'];
	$_POST['accounttype'] = $row['accounttype'];


//if is admin, then $_POST['admin'] exists


?>

 

Again, this is a template i used.....

Link to comment
Share on other sites

<?php
}
//action: edit user -----------------------------------------------------------------------------
if (isset($_GET['edit']) && isset($_GET['id'])) {
$userid = (int) $_GET['id'];
if ($userid == 0) {
	die("Invalid ID provided.");
}
//execution when completed the edit user form and pressed submit button ---------------------
if (isset($_POST['editUser'])) {
	//validate data ------------------------------------------------------------------------
	//check empty fields
	 //passwords won't be checked, as they are not required
	foreach ($_POST as $k=>$v) {
		if ($v == "" && !in_array($k,$notRequired)) {
			$error[$k] = "<strong>This field is empty</strong>";
		}
	}
	//escape string
	$name = mysql_real_escape_string($_POST['name']);
	$phone = mysql_real_escape_string($_POST['phone']);
	$address = mysql_real_escape_string($_POST['address']);
	$city = mysql_real_escape_string($_POST['city']);
	$state = mysql_real_escape_string($_POST['state']);
	$zip = mysql_real_escape_string($_POST['zip']);
	$cell = mysql_real_escape_string($_POST['cell']);
	$email = mysql_real_escape_string($_POST['email']);
	$username = mysql_real_escape_string($_POST['username']);
	$badges = mysql_real_escape_string($_POST['badges']);
	$rank = mysql_real_escape_string($_POST['rank']);
	$accounttype = mysql_real_escape_string($_POST['accounttype']);


	//check email validation, the function is available at config.php
	if (!check_email($_POST['email'])) {
		$error['email'] .= " <strong>Email is not valid!</strong>";
	}
	//check email exists in database
	$res = mysql_query("SELECT email FROM members WHERE email='".$email."' AND userid != '".$userid."'");
	if (mysql_num_rows($res) == 1) {
		$error['email'] .= " <strong>Email already existst in database!</strong>";
	}
	//check username exists in database
	$res = mysql_query("SELECT username FROM members WHERE username='".$username."' AND username != '".$username."'");
	if (mysql_num_rows($res) == 1) {
		$error['username'] .= " <strong>Username already existst in database!</strong>";
	}
	//check both passwords are the same when password fields are not empty

	//end validate data ---------------------------------------------------------------------

	//save to database when no errors are detected ------------------------------------------
	if (count($error) == 0) {
		$query = "UPDATE members SET username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."', accounttype='".$accounttype."',badges='".$badges."', rank='".$rank."' WHERE userid='".$userid."' ";



		//update username session if you edit yourself
		if ($userid == $_SESSION['auth_admin_userid']) {
			$_SESSION['auth_admin_username'] = $username;
		}

		if (mysql_query($query)) {
			echo "<p><strong>User has been edited and saved to the database.</strong></p>";
		} else {
			echo "<strong>User has NOT been edited and saved into the database. ".mysql_error()."</strong>";
		}
	}
}
//get user from the database and put data into $_POST variables.
$rs = mysql_query("SELECT name, username, phone, address, city, state, zip, cell, email, badges, rank, accounttype FROM members WHERE userid = ".$userid."");
if (mysql_num_rows($rs) == 0) {
	die("User does not exists!");
}
$row = mysql_fetch_assoc($rs);
$_POST['name'] = $row['name'];
	$_POST['username'] = $row['username'];
$_POST['phone'] = $row['phone'];
	$_POST['address'] = $row['address'];
$_POST['city'] = $row['city'];
$_POST['state'] = $row['state'];
$_POST['zip'] = $row['zip'];
$_POST['cell'] = $row['cell'];
$_POST['email'] = $row['email'];
	$_POST['badges'] = $row['badges'];
$_POST['rank'] = $row['rank'];
	$_POST['accounttype'] = $row['accounttype'];


//if is admin, then $_POST['admin'] exists


?>

 

I did add WHERE userid=$userid, I also tried without, neither worked

 

 

 

table structure.......

`eventid` int(11) NOT NULL auto_increment,

  `event` varchar(255) collate latin1_general_ci NOT NULL,

  `startdate` date NOT NULL,

  `enddate` varchar(255) collate latin1_general_ci NOT NULL,

  `description` longtext collate latin1_general_ci NOT NULL,

  `location` varchar(255) collate latin1_general_ci NOT NULL,

  `subevent1` longtext collate latin1_general_ci NOT NULL,

  `subevent2` longtext collate latin1_general_ci,

  `subevent3` longtext collate latin1_general_ci,

  `subevent4` longtext collate latin1_general_ci,

  `subevent5` longtext collate latin1_general_ci,

  `subevent6` longtext collate latin1_general_ci,

  `subevent7` longtext collate latin1_general_ci,

  `subevent8` longtext collate latin1_general_ci,

  `price1` varchar(255) collate latin1_general_ci NOT NULL,

  `price2` varchar(255) collate latin1_general_ci default NULL,

  `price3` varchar(255) collate latin1_general_ci default NULL,

  `price4` varchar(255) collate latin1_general_ci default NULL,

  `price5` varchar(255) collate latin1_general_ci default NULL,

  `price6` varchar(255) collate latin1_general_ci default NULL,

  `price7` varchar(255) collate latin1_general_ci default NULL,

  `price8` varchar(255) collate latin1_general_ci default NULL,

  `title1` varchar(255) collate latin1_general_ci NOT NULL,

  `title2` varchar(255) collate latin1_general_ci NOT NULL,

  `title3` varchar(255) collate latin1_general_ci NOT NULL,

  `title4` varchar(255) collate latin1_general_ci NOT NULL,

  `title5` varchar(255) collate latin1_general_ci NOT NULL,

  `title6` varchar(255) collate latin1_general_ci NOT NULL,

  `title7` varchar(255) collate latin1_general_ci NOT NULL,

  `title8` varchar(255) collate latin1_general_ci NOT NULL,

  `date1` varchar(255) collate latin1_general_ci NOT NULL,

  `date2` varchar(255) collate latin1_general_ci NOT NULL,

  `date3` varchar(255) collate latin1_general_ci NOT NULL,

  `date4` varchar(255) collate latin1_general_ci NOT NULL,

  `date5` varchar(255) collate latin1_general_ci NOT NULL,

  `date6` varchar(255) collate latin1_general_ci NOT NULL,

  `date7` varchar(255) collate latin1_general_ci NOT NULL,

  `date8` varchar(255) collate latin1_general_ci NOT NULL,

  PRIMARY KEY  (`eventid`),

  FULLTEXT KEY `event_3` (`event`),

  FULLTEXT KEY `description` (`description`),

  FULLTEXT KEY `location` (`location`),

  FULLTEXT KEY `subevent1` (`subevent1`,`subevent2`,`subevent3`,`subevent4`,`subevent5`,`subevent6`,`subevent7`,`subevent8`),

  FULLTEXT KEY `price1` (`price1`,`price2`,`price3`,`price4`,`price5`,`price6`,`price7`,`price8`)

) ENGINE=MyISAM  DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=5 ;

Link to comment
Share on other sites

I see in your code, you're checking if( isset($_POST['editUser']) ) { but there's no form field by that name. If you're using it to see if the submit button has been clicked, either rename the submit button, or change the conditional check.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.