Altering data in MySQL tables

[Vitality]

so I'm trying to change some specific columns in a row in a table of a MySQL database by calling the Doctrine_Query when an option is selected inside an admin panel of my website.

 

Here are the details:

 

Table name: chatUsers

• 
   
  
• I need to find all rows with the person who has a username of: $chatUsers->username (The column inside chatUsers is called username)
  
• Once all those rows are found, change the value of all the row's column "type" to "user"

Is this even possible?

 

So far I have:

<?php
	function userChatReset(){
    		$query = Doctrine_Query::create()->update('db_chatUsers')->set('type', 'user')->where('username = '.$chatUsers->username);

          //execute query
	$rows = $query->execute();
	echo $rows.' rows updated';
	}
?>	

 

...And I'm not sure where to go from there, or if that's even correct. Sorry in advance, I'm not very good with PHP yet.

[trq]

Your query looks fine. The only issue I see here is that $chatUsers isn't defined anywhere within your function. You will need to pass this variable into your function using an argument.

 

function userChatReset($username) {
  $query = Doctrine_Query::create()->update('db_chatUsers')->set('type', 'user')->where('username = ' . $username);

  //execute query
  $rows = $query->execute();
  echo $rows.' rows updated';
}

 

Then call it using:

 

userChatReset($chatUsers->username);

[Vitality]

Ok I have a file called: 'db_chatUsers.php' where the table definitions and everything are declared, that's where I have put:

 

function userChatReset($username) {
		$query = Doctrine_Query::create()->update('db_chatUsers')->set('type', 'user')->where("username = '{$username}'");

  		//execute query
  		$rows = $query->execute();
  		echo $rows.' rows updated';
}

 

I am trying to call this function from 'userDoEdit.php' inside a form and button:

 

<form action="" method="post">
<input type="button" name="userChatReset" value="Submit" onClick="<?php userChatReset($username);?>">
</form>

(I'm passing the username that is declared in this file to the one in db_ChatUsers)

 

What exactly do I need to do to get this working? Is it because it doesn't know where userChatReset() is located?

[trq]

onClick is a client side event and cannot call php which executes on the server. You need to make your form submit to a script which executes your function.

[Vitality]

Oh thank you,

I have updated my form to look like this:

<form action="<?=$_SERVER['PHP_SELF'];?>" method="post">
<input type="button" name="submitUserReset" value="Submit">
</form>

 

at the top of 'userDoEdit.php' I have:

<?php
if(isset($_POST['submitUserReset'])) {

userChatReset($users->username);
}
?>

 

Now I guess my only question is how do I send that parameter of ($users->username) to my 'db_chatUsers.php' file (since my userChatReset function is declared in 'db_chatUsers.php')

[trq]

You could use include.

[vulture]

You can store it as a session variable and retrieve it in userDoEdit.php

@session_start();
$username = $_SESSION['user'];
userChatReset($username);

[jcbones]

Do not use PHP_SELF as the form action.

$_SERVER['PHP_SELF'] is dangerous if misused. If login.php/nearly_arbitrary_string is requested, $_SERVER['PHP_SELF'] will contain not just login.php, but the entire login.php/nearly_arbitrary_string. If you've printed $_SERVER['PHP_SELF'] as the value of the action attribute of your form tag without performing HTML encoding, an attacker can perform XSS attacks by offering users a link to your site such as this:

 

<a href='http://www.example.com/login.php/"><script type="text/javascript">...</script><span a="'>Example.com</a>

 

The javascript block would define an event handler function and bind it to the form's submit event. This event handler would load via an <img> tag an external file, with the submitted username and password as parameters.