Jump to content

Help with Updating data in a table

abrahamgarcia27

By abrahamgarcia27
in PHP Coding Help

Recommended Posts

abrahamgarcia27 Member

abrahamgarcia27

Posted
Posted

I am having trouble updating a table. I cant's seem to make it work. Does anyone see anything wrong with the code?

 

This is the form where the data from the database is populated

<?php
require_once('auth.php');
?>

<?php
//Start session
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit User</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
<body>
<h1>Edit User</h1>
<a href="member-profile.php">Orders</a> | <a href="users.php">Users</a> | <a href="logout.php">Logout</a>
<?php
//Include database connection details
require_once('config.php');

//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
	die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
	die("Unable to select database");	}


$id = $_GET['id']; 
$sql = 'SELECT * FROM `newUsers2` WHERE `member_id` = "'.$id.'"';
  $query = mysql_query($sql) or die("Couldn't execute query. ". mysql_error());
  $results = mysql_fetch_array($query);
?> 

<form id="edituser" name="edituser" method="post" action="edituser-exec.php">
  <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
  <tr>
      <th> </th>
      <td><input name="old_member_id" type="hidden" class="textfield"   value= <?php echo $results[member_id]?> /> </td>
    </tr>
    <tr>
      <th>First Name </th>
      <td><input name="old_fname" type="text" class="textfield"  value= <?php echo $results[firstname]?> /> </td>
    </tr>
    <tr>
      <th>Last Name </th>
      <td><input name="old_lname" type="text" class="textfield"  value= <?php echo $results[lastname]?> /> </td>
    </tr>
    <tr>
      <th width="124">Login</th>
      <td width="168"><input name="old_login" type="text" class="textfield"  value= <?php echo $results[login]?> /> </td>
    </tr>
    <tr>
      <th>Password</th>
      <td><input name="old_password" type="password" class="textfield" value= <?php echo $results[passwd]?> /> </td>
    </tr>
    <tr>
      <th>Confirm Password </th>
      <td><input name="old_cpassword" type="password" class="textfield"  value= <?php echo $results[passwd]?> /> </td>
    </tr>
    <tr>
      <th>Admin Rights </th>
      <td><input name="old_userType" type="checkbox" value=<?php echo $results[userType]?> /></td>
    </tr>
    <tr>
      <td> </td>
      <td><input type="submit" name="Update" value="Update" /></td>
    </tr>
  </table>  
</form>



</body>
</html>

 

this is the update page 

<?php
require_once('auth.php');
?>

<?php
//Start session
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit User</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
<body>
<h1>Edit User</h1>
<a href="member-profile.php">Orders</a> | <a href="users.php">Users</a> | <a href="logout.php">Logout</a>
<?php



//Include database connection details
require_once('config.php');



//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
	die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
	die("Unable to select database");
}

$old_id=$_POST['old_member_id'];
$old_fname=$_POST['old_fname'];
$old_lname=$_POST['old_lname'];
$old_login=$_POST['old_login'];
$old_password=$_POST['old_password'];
$old_userType=$_POST['old_userType'];



$query="UPDATE newUsers2 SET firstname='$old_fname', lastname='$old_lname', login='$old_login', passwd='$old_password', userType='$old_userType' WHERE id='$old_id'";
mysql_query($query);
echo "Record Updated";
mysql_close();




?>


</body>
</html>

 

Link to comment
https://forums.phpfreaks.com/topic/241032-help-with-updating-data-in-a-table/
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

You have no error handling on your query call. I suspect there is an error. Change that line to this:

mysql_query($query) or die("Query: $query<br>Error: " . mysql_error());

 

By the way, why are you allowing the member_id to be changed? I suspect that is the primary id for that table and it would be used as a foreign key in other tables. It shouldn't be changed.

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

You don't have error_reporting / display_errors set properly. Set error_reporting = -1 and display_errors = On in your php.ini file, restart Apache and post any errors that are returned when you run the script after that.

Psycho Prolific Member

Psycho

Posted
Posted

I got this

 

Query: UPDATE newUsers2 SET firstname='may', lastname='may', login='may', passwd='may', userType='' WHERE id='12'

Error: Unknown column 'id' in 'where clause'

 

Well, there you go. The name of your ID column is member_id, right?

 

There is a lot wrong with your code that can cause failures and malicious attacks. I hope this is an assignment or just a tutorial you are working on and not a live site.

abrahamgarcia27 Member

abrahamgarcia27

Posted
  • Author
Posted

mjdamato

I am just trying to learn to code and i thought this would be a cool way to start. Could you tell me where there is alot wrong with the code that can cause failures  and malicious attacks so i can train myself in writing better code?

 

I got it to work by the way, but i still have to add the hash to the password and other stuff to the form

 

Pikachu2000

 

I found the php.ini file, but i cant find the part with error reporting you gave me i found this

 


; Eval the expression with current error_reporting().  Set to true if you want
; error_reporting(0) around the eval().
;assert.quiet_eval = 0
;error_reporting = E_ALL & ~E_NOTICE
;
;   - Show all errors, except for notices
;
;error_reporting = E_ALL & ~E_NOTICE | E_STRICT
;
;   - Show only errors
;
;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR
;
;   - Show all errors except for notices and coding standards warnings
;
error_reporting  =  E_ALL & ~E_NOTICE

; Print out errors (as a part of the output).  For production web sites,
; you're strongly encouraged to turn this feature off, and use error logging
; instead (see below).  Keeping display_errors enabled on a production web site
; may reveal security information to end users, such as file paths on your Web
; server, your database schema or other information.
display_errors = On

; Even when display_errors is on, errors that occur during PHP's startup
; sequence are not displayed.  It's strongly recommended to keep
; display_startup_errors off, except for when debugging.
display_startup_errors = Off

 

 

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

Just change this: error_reporting  =  E_ALL & ~E_NOTICE

 

To this: error_reporting  = -1

 

That enables all errors to be reported while developing. If on a live production server, you'd want to log the errors, rather than display them.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.