metalloid Posted May 2, 2011 Share Posted May 2, 2011 Hi. I am working on a website that has restriction level. An admin, a staff, and ordinary user. In my admin page when I click the button "View Users" it shows all the listed users in a table, from admin to ordinary users. And on each entry is an option to either "Delete" or "Edit" the users account. Now I have a problem with editing user profile because it appears blank fields. Not like in the admin side wherein if I click "Edit" the fields are filled with the users info. How do I do this in the staff's page. Here is the view users code from the admin's page: if (@$_GET['action'] == "View Users") { print "<font size=6 color=yellow><center>View User's Records</center><br></font>"; $result = mysql_query ("SELECT * FROM users order by user_lvl, lname asc"); $rows = mysql_num_rows($result); if ($rows!=0) { print "<table border=1 align=center cellspacing=10>"; print " <tr bgcolor=yellow align=center> <td>First Name</td> <td>Last Name</td> <td>Email</td> <td>Username</td> <td>Password</td> <td>Phone Number</td> <td>User Privilege</td> <td>Options</td> </tr>"; for ($i=0; $i< $rows; $i++) { $row = mysql_fetch_row ($result); print "<tr bgcolor= white align=center>"; print "<td>$row[0]</td>"; print "<td>$row[1]</td>"; print "<td>$row[2]</td>"; print "<td>$row[3]</td>"; print "<td>$row[4]</td>"; print "<td>$row[5]</td>"; print "<td>$row[6]</td>"; print "<td>[ <a href=admin_main.php?action=Delete&username=$row[3]>Delete</a> ]"; print "[ <a href=admin_main.php?action=Edit&username=$row[3]>Edit</a> ]"; print "</td>"; print "</tr>"; } print "</table>"; print "<font size=1 color=yellow>Number of entries found: $rows"; } else { print "No records found!"; } mysql_free_result ($result); } Now here is the code when I click "Edit" from the "View Users" table: if (@$_GET['action'] == "Edit") { $result = mysql_query ("Select * from users where username='$_GET[username]'"); $row = mysql_fetch_row ($result); print "<font size=6 color=yellow><center>Edit Records </center></font>"; print "<form method = get> <table border = 1 align=center> <tr> <td><font color=yellow>First Name:</font></td> <td><input type=text name=fname value=$row[0] ></td></tr> <tr> <td><font color=yellow>Last Name:</font></td> <td><input type=text name=lname value=$row[1]></td></tr> <tr> <td><font color=yellow>Email Address: </font></td> <td><input type=text name=email value=$row[2] </td></tr> <tr> <td><font color=yellow>Username: </font></td> <td><input type = text name = username value=$row[3] ></td></tr> <tr> <td><font color=yellow>Password:</font></td> <td><input type=text name=password value=$row[4]></td></tr> <tr> <td><font color=yellow>Contact Number:</font></td> <td><input type = text name = phone_number value=$row[5]></td></tr> <tr> <td><font color=yellow>User Privilege:</font></td> <td><input type = txt name = user_lvl value=$row[6]></td></tr> <tr><td><input type=submit value='Update Users' Submit name=action></td></tr> </table> </form> "; } if (@$_GET['action']=="Update Users") { $result = mysql_query ("UPDATE users SET fname='$_GET[fname]', lname='$_GET[lname]', email='$_GET[email]', username='$_GET[username]', password='$_GET[password]', phone_number='$_GET[phone_number]', user_lvl='$_GET[user_lvl]' where username= '$_GET[username]'"); print "<font size=6 color=yellow><center><blink>Record of User successfully updated!</blink></center></font>"; } Link to comment https://forums.phpfreaks.com/topic/235322-edit-profile-help/ Share on other sites More sharing options...
JKG Posted May 2, 2011 Share Posted May 2, 2011 initially your sql isnt right. you are using php to create the sql so you need to break out of the quotes to insert the php. and you were missing single quotes inside square brackets. $result = mysql_query ("SELECT * FROM `users` WHERE username='".$_GET['username']."'"); secondly, dont print out the whole table with php, just use php where you need it. thirdly, dont suppress errors with the @ symbol, they will just bite you later fourth, using $_POST over $_GET is better. especially when your dealing with a user form, cos you are then posting the password into the url, and into the history. fifth, you had your mysql_query in a variable, but never referred to $result. sixth, again with the breaking out of your sql. seventh, your mysql construction wasnt good, i have given you an update. eighth: its best to carry the id of the row and use that as the sector, not the username. here is some of the work done for you: <?php if ($_GET['action'] == "Edit") { $query = "SELECT * FROM `users` WHERE username='".$_GET['username']."'"; // Execute the query $result = mysql_query($query); if (!$result){ die ("Could not query the database: <br />". mysql_error()); } while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){ $id = $row['id']; $fname = $row['fname']; } ?> <font size="6" color="yellow"><center>Edit Records </center></font> <form method="get"> <table border ="1" align="center"> <tr> <td><font color="yellow">First Name:</font></td> <td><input type="text" name="fname" value="<?php echo $fname;?>"></td> </tr> ... <?php } if ($_GET['action']=="Update Users") { mysql_query ("UPDATE users SET fname='".$_GET['fname']."', lname='".$_GET['lname']."', email='".$_GET['email']."', username='".$_GET['username']."', password='".$_GET['password']."', phone_number='".$_GET['phone_number']."', user_lvl='".$_GET['user_lvl']."' WHERE username= '".$_GET['username']."'"); print "<font size=6 color=yellow><center><blink>Record of User successfully updated!</blink></center></font>"; } ?> also: dont use font tags, look into CSS styling your site. use double quotes in your html, not just the equals sign. Finally: DONT USE BLINK! Link to comment https://forums.phpfreaks.com/topic/235322-edit-profile-help/#findComment-1209324 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.