Jump to content

Help with Updating data in a table

abrahamgarcia27

By abrahamgarcia27
in PHP Coding Help

 Share

Recommended Posts

abrahamgarcia27 Member

abrahamgarcia27

Posted
Posted

I am having trouble updating a table. I cant's seem to make it work. Does anyone see anything wrong with the code?

 

This is the form where the data from the database is populated

<?php
require_once('auth.php');
?>

<?php
//Start session
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit User</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
<body>
<h1>Edit User</h1>
<a href="member-profile.php">Orders</a> | <a href="users.php">Users</a> | <a href="logout.php">Logout</a>
<?php
//Include database connection details
require_once('config.php');

//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
	die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
	die("Unable to select database");	}


$id = $_GET['id']; 
$sql = 'SELECT * FROM `newUsers2` WHERE `member_id` = "'.$id.'"';
  $query = mysql_query($sql) or die("Couldn't execute query. ". mysql_error());
  $results = mysql_fetch_array($query);
?> 

<form id="edituser" name="edituser" method="post" action="edituser-exec.php">
  <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
  <tr>
      <th> </th>
      <td><input name="old_member_id" type="hidden" class="textfield"   value= <?php echo $results[member_id]?> /> </td>
    </tr>
    <tr>
      <th>First Name </th>
      <td><input name="old_fname" type="text" class="textfield"  value= <?php echo $results[firstname]?> /> </td>
    </tr>
    <tr>
      <th>Last Name </th>
      <td><input name="old_lname" type="text" class="textfield"  value= <?php echo $results[lastname]?> /> </td>
    </tr>
    <tr>
      <th width="124">Login</th>
      <td width="168"><input name="old_login" type="text" class="textfield"  value= <?php echo $results[login]?> /> </td>
    </tr>
    <tr>
      <th>Password</th>
      <td><input name="old_password" type="password" class="textfield" value= <?php echo $results[passwd]?> /> </td>
    </tr>
    <tr>
      <th>Confirm Password </th>
      <td><input name="old_cpassword" type="password" class="textfield"  value= <?php echo $results[passwd]?> /> </td>
    </tr>
    <tr>
      <th>Admin Rights </th>
      <td><input name="old_userType" type="checkbox" value=<?php echo $results[userType]?> /></td>
    </tr>
    <tr>
      <td> </td>
      <td><input type="submit" name="Update" value="Update" /></td>
    </tr>
  </table>  
</form>



</body>
</html>

 

this is the update page 

<?php
require_once('auth.php');
?>

<?php
//Start session
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit User</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
<body>
<h1>Edit User</h1>
<a href="member-profile.php">Orders</a> | <a href="users.php">Users</a> | <a href="logout.php">Logout</a>
<?php



//Include database connection details
require_once('config.php');



//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
	die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
	die("Unable to select database");
}

$old_id=$_POST['old_member_id'];
$old_fname=$_POST['old_fname'];
$old_lname=$_POST['old_lname'];
$old_login=$_POST['old_login'];
$old_password=$_POST['old_password'];
$old_userType=$_POST['old_userType'];



$query="UPDATE newUsers2 SET firstname='$old_fname', lastname='$old_lname', login='$old_login', passwd='$old_password', userType='$old_userType' WHERE id='$old_id'";
mysql_query($query);
echo "Record Updated";
mysql_close();




?>


</body>
</html>

 

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

You have no error handling on your query call. I suspect there is an error. Change that line to this:

mysql_query($query) or die("Query: $query<br>Error: " . mysql_error());

 

By the way, why are you allowing the member_id to be changed? I suspect that is the primary id for that table and it would be used as a foreign key in other tables. It shouldn't be changed.

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

You don't have error_reporting / display_errors set properly. Set error_reporting = -1 and display_errors = On in your php.ini file, restart Apache and post any errors that are returned when you run the script after that.

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

I got this

 

Query: UPDATE newUsers2 SET firstname='may', lastname='may', login='may', passwd='may', userType='' WHERE id='12'

Error: Unknown column 'id' in 'where clause'

 

Well, there you go. The name of your ID column is member_id, right?

 

There is a lot wrong with your code that can cause failures and malicious attacks. I hope this is an assignment or just a tutorial you are working on and not a live site.

Link to comment
Share on other sites
abrahamgarcia27 Member

abrahamgarcia27

Posted
  • Author
Posted

mjdamato

I am just trying to learn to code and i thought this would be a cool way to start. Could you tell me where there is alot wrong with the code that can cause failures  and malicious attacks so i can train myself in writing better code?

 

I got it to work by the way, but i still have to add the hash to the password and other stuff to the form

 

Pikachu2000

 

I found the php.ini file, but i cant find the part with error reporting you gave me i found this

 


; Eval the expression with current error_reporting().  Set to true if you want
; error_reporting(0) around the eval().
;assert.quiet_eval = 0
;error_reporting = E_ALL & ~E_NOTICE
;
;   - Show all errors, except for notices
;
;error_reporting = E_ALL & ~E_NOTICE | E_STRICT
;
;   - Show only errors
;
;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR
;
;   - Show all errors except for notices and coding standards warnings
;
error_reporting  =  E_ALL & ~E_NOTICE

; Print out errors (as a part of the output).  For production web sites,
; you're strongly encouraged to turn this feature off, and use error logging
; instead (see below).  Keeping display_errors enabled on a production web site
; may reveal security information to end users, such as file paths on your Web
; server, your database schema or other information.
display_errors = On

; Even when display_errors is on, errors that occur during PHP's startup
; sequence are not displayed.  It's strongly recommended to keep
; display_startup_errors off, except for when debugging.
display_startup_errors = Off

 

 

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

Just change this: error_reporting  =  E_ALL & ~E_NOTICE

 

To this: error_reporting  = -1

 

That enables all errors to be reported while developing. If on a live production server, you'd want to log the errors, rather than display them.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.