Jump to content

update/edit


andy_b_1502

Recommended Posts

i did post the new code for clarification? but heres the form:

 

<form action="view02.php" method="get" enctype="multipart/form-data" class="cursive">
  <table width="316" border="0">
   
		<tr>
		  <td colspan=2><h1>Edit Your details </h1>
		    <p>fill out the form with your details...</p></td>
	    </tr>
            <tr>
              <td> </td>
              <td><p> </p>
                <p>Click update to edit...</p>
<p>  </p></td>
            </tr>
            <tr>
              <td> </td>
              <td><p> </p>
                <p>
                  
                  </p>
                <p>
              <p>  </p></td>
            </tr>
            <tr>
              <td>Website:</td>
              <td><p> </p>
                <p>
                  <input name="website" type="text" id="website" value="optional" />
                  </p>
                <p><a href="view02.php?id=<?PHP echo $row['id']; ?>&website=$website">Update</a></p>
              <p>  </p></td>
            </tr>
            <tr>
              <td>Primary Number:</td>
              <td><p> </p>
                <p>
                  <input name="phone" type="text" id="phone" value="incl. area code" />
                  </p>
                <p><a href="view02.php?id=<?PHP echo $row['id']; ?>&number1="incl. area code">Update</a></p>
              <p>  </p></td>
            </tr>
            <tr>
              <td>Secondary Number:</td>
              <td><p> </p>
                <p>
                  <input name="phone2" type="text" id="phone2" value="optional" />
                  </p>
                <p><a href="view02.php?id=<?PHP echo $row['id']; ?>&number2=1">Update</a></p>
              <p> </p></td>
            </tr>
            <tr>
              <td>Company Description:</td>
              <td><p><em>Write a description of what your company does, the services it offers and any additional information here.</em> </p>
                <p>
                  <textarea rows="10" cols="100" name="premiumuser_description" id="premiumuser_description"></textarea>
                </p>
                <p><a href="view02.php?id=<?PHP echo $row['id']; ?>&description=1">Update</a> </p></td>
            </tr>
            <tr>
              <td> </td>
            </tr>
<tr></tr>
  </table>
</form>

 

 

Link to comment
Share on other sites

  • Replies 57
  • Created
  • Last Reply

as previously posted i get:

 

"UPDATE companies SET website = '$website', phone = '', phone2 = '', premiumuser_description = '' WHERE id = '51'"

 

is it something to do with SET? Should i have them separate or something??

Link to comment
Share on other sites

You have links within your form!

 

Change this:

<p><a href="view02.php?id=<?PHP echo $row['id']; ?>&website=$website">Update</a></p>

 

To:

<p><a href="view02.php?id=<?PHP echo $row['id']; ?>&website=<?PHP echo $website; ?>">Update</a></p>

Link to comment
Share on other sites

Okay, i changed that line of code but i'm getting this:

 

UPDATE companies SET website = 'website', phone = 'phone', phone2 = 'phone2', premiumuser_description = 'premiumuser_decription' WHERE id = 'id'

 

just a quick note, i changed the $'s because they were in variable form, should i have done or not? 

Link to comment
Share on other sites

Your entire concept of submitting forms is wrong.  You have hyperlinks next to each input in your form which is incorrect as the information will not be passed to your form parsing script that way.  Remove your "Update" hyperlinks and add a submit button to the form:

 

<input type="submit" name="submit" value="Update"/>

 

Edit: can't believe I didn't see this earlier.  Forms are submitted as a whole.  To do fancy updates like you're thinking, you will need AJAX.  But do not worry about that for now.

Link to comment
Share on other sites

Try changing the form to:-

 

<form action="view02.php" method="get" enctype="multipart/form-data" class="cursive">
<table width="316" border="0">
	<tr>
		<td colspan="2"><h1>Edit Your details </h1><p>fill out the form with your details...</p></td>
    </tr>
	<tr>
		<td> </td>
		<td><p> </p><p>Click update to edit...</p><p>  </p></td>
	</tr>
	<tr>
		<td> </td>
		<td><p> </p><p></p><p><p>  </p></td>
	</tr>
	<tr>
		<td>Website:</td>
		<td><p> </p><p><input name="website" type="text" id="website" value="optional" /></p>
    			<p>  </p></td>
	</tr>
	<tr>
		<td>Primary Number:</td>
		<td><p> </p><p><input name="phone" type="text" id="phone" value="incl. area code" /></p>
		<p>  </p></td>
	</tr>
	<tr>
		<td>Secondary Number:</td>
		<td><p> </p>
		<p><input name="phone2" type="text" id="phone2" value="optional" /></p>
              <p> </p></td>
	</tr>
	<tr>
		<td>Company Description:</td>
		<td><p><em>Write a description of what your company does, the services it offers and any additional information here.</em> </p>
		<p><textarea rows="10" cols="100" name="premiumuser_description" id="premiumuser_description"></textarea></p>
		<p> </p></td>
	</tr>
	<tr>
		<td> </td>
	</tr>
	<tr>
		<td colspan="2"><input type="submit" name="submit" value="submit" /></td>
	</tr>
</table>
</form>

 

As mrMarcus pointed out, your method of submitting is incorrect - no need for the a hrefs in the form.

Link to comment
Share on other sites

Should i change this bit within view02.php:

 

/* header("Location: view01.php?id=" . $row['id']); */

echo $query;

 

as i'm getting this when i click submit with the new form, thanks by the way for the help and guidance.

 

Link to comment
Share on other sites

In doing this, you will now have to adjust how you're handling your form items in your PHP:

 

$phone = $_GET['number1'];
$phone2 = $_GET['number2'];
$premiumuser_decription = $_GET['description'];

 

Will become:

 

$phone = $_GET['phone'];
$phone2 = $_GET['phone2'];
$premiumuser_decription = $_GET['premiumuser_decription'];

 

And you will also need to add a hidden field, or append to your action, the ID in question:

 

<input type="hidden" name="id" value="<?php echo $row['id']; ?>"/>

 

or

 

<form action="view02.php?<?php echo $row['id']; ?>" method="get" enctype="multipart/form-data" class="cursive">

 

I'm also starting to wonder where $row['id'] is being set in the following line:

 

header("Location: view01.php?id=" . $row['id']);

 

As the form is on a different page than that page, and you are clearly not getting that from the database to populate the header().

 

So, change that to:

 

header("Location: view01.php?id=" . $id);

 

And please, PLEASE, sanitize your incoming form data using mysql_real_escape_string:

 

// e.g.
$query = "UPDATE companies SET website = '". mysql_real_escape_string($website) ."' ... and so on

 

And for good measure, you can remove the enctype attribute from your form as you are not handling file uploads and such.

Link to comment
Share on other sites

Right then,

 

the new form's action is:

 

<form action="view02.php?<?php echo $row['id']; ?>" method="get" enctype="multipart/form-data" class="cursive">

 

the new code for view02.php is:

 

<?PHP
session_start();

include ('php only scripts/db.php');
$id = $_GET['id'];
$website = $_GET['website'];
$phone = $_GET['phone'];
$phone2 = $_GET['phone2'];
$premiumuser_decription = $_GET['premiumuser_decription'];
$query = "UPDATE companies 
SET website = 'website', phone = 'phone', phone2 = 'phone2', premiumuser_description = 'premiumuser_decription' 
WHERE id = 'id'";
$result = mysql_query($query ) or die("SELECT Error: ".mysql_error());
header("Location: view01.php?id=" . $row['id']); 
exit(0);
?>

 

On submit, it sends me to index.php NOT view01.php?=id

 

 

$id is in my db table, when users register it gives them an id?

Link to comment
Share on other sites

No offense, but what you really need to do is go back and learn the very basics of PHP.  You have removed your variables from your query now for some reason.  And nowhere in your code are you SELECT'ing an `id` from the database defining $row in the script above.  Unless there is something in 'php only scripts/db.php' that does that.  Otherwise, $row['id'] is not set and therefore will not work as expected.

Link to comment
Share on other sites

$website is being printed to the screen in variable form?  Can you post your current code, please?

 

Why did you say this? i assumed you wanted me to delete them??

 

 

 

No, I never said to delete anything.

 

I made a typo though.  The following:

 

<form action="view02.php?<?php echo $row['id']; ?>" method="get" enctype="multipart/form-data" class="cursive">

 

needs to be changed to accommodate ?id=

 

<form action="view02.php?id=<?php echo $row['id']; ?>" method="get" enctype="multipart/form-data" class="cursive">

 

Edit: having to wait 5 seconds during login was rather annoying.  I suggest you remove.  People like instant.

Link to comment
Share on other sites

You were querying the fact that i'd done that though? making me assume that it was incorrect, so i experimented!

 

They have since been changed back, to no luck...

 

It still is dropping out and directing me to index.php and not view01.php after the form is submitted to update/edit user details?

Link to comment
Share on other sites

And I told you you need to sanitize your incoming form data.  You didn't, but have now given anybody the ability to mess with your database by posting login credentials to your form.

 

I strongly suggest you immediately change the following:

 

$query = "UPDATE companies 
SET website = 'website', phone = 'phone', phone2 = 'phone2', premiumuser_description = 'premiumuser_decription' 
WHERE id = 'id'";

 

to:

 

$query = "UPDATE companies SET website = '". mysql_real_escape_string($website) ."', phone = '". mysql_real_escape_string($phone) ."', phone2 = '". mysql_real_escape_string($phone2) ."', premiumuser_description = '". mysql_real_escape_string($premiumuser_decription) ."' WHERE id = ". mysql_real_escape_string($id);

 

Edit: not that anything could have been done at this time as you removed all your variables from your query; however, as soon as your SQL became capable of accepting form data again, you could have been in trouble.

Link to comment
Share on other sites

View01.php:

 

<?PHP
session_start();
if(!isset($_SESSION['id']) || !isset($_SESSION['valid_user']) || $_SESSION['valid_user'] != "yes") {
$_SESSION = array();
session_destroy();
header("Location: index.php");	
exit();
}

include ('php only scripts/db.php');
$id = $_GET['id'];

$query ="SELECT * FROM companies WHERE id = '$id'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);

?>
<!DOCTYPE html>
  <head>
    <title>Removalspace.com</title>
<style type="text/css">
<!--
body {
background-image: url(styles/downloaded%20styles/todo/todo/images/bg.png);

}
-->
</style>
<link href="styles/downloaded styles/todo/todo/css/style.css" rel="stylesheet" type="text/css" />
<link rel="stylesheet" type="text/css" href="styles/downloaded styles/todo/todo/css/style9.css" />
    <link rel="stylesheet" type="text/css" href="styles/downloaded styles/todo/todo/css/demo.css" />    
        <link href='http://fonts.googleapis.com/css?family=Terminal+Dosis' rel='stylesheet' type='text/css' />
        <style type="text/css">
<!--
.Stile1 {color: #333333}
-->
        </style>
<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-31656176-1']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
</head>
  
<body>
<!--start container -->
<div id="container">
<header>
    <nav>   
      <div id="logo"><a href="index.php"><img src="images/header2.png" alt="Logo here" width="219" height="161" /></a>      </div>
      
      <div id="search-top"><img src="styles/downloaded styles/todo/todo/images/quote-right.png" alt="images" /><span class="cursive">Enter your postcode here</span><img src="styles/downloaded styles/todo/todo/images/quote-left.png" alt="images" />
        <form method="post" action="search.php">
  <input type="text" name="strSearch" onFocus="if(this.value=='Search Area')this.value='';" onBlur="if(this.value=='')this.value='Search Area';" value="Search Area"  id="search-field"/>
  <input type="submit" value="" id="search-btn"/>
  </form> 
      </div>  
      <div id="nav_social"><a href="http://www.facebook.com/pages/Removalspace/181434181939226"><img src="styles/downloaded styles/todo/todo/images/facebook_32.png" alt="Become a fan" width="32" height="32" /></a><a href="#"><img src="styles/downloaded styles/todo/todo/images/twitter_32.png" alt="Follows on Twitter" /></a><a href="id=183427956&trk=tab_pro"><img src="styles/downloaded styles/todo/todo/images/linkedin_32.png" alt="Linked in" /></a><a href="contact.php"><img src="styles/downloaded styles/todo/todo/images/email_32.png" alt="Contact" width="32" height="32" /></a><!-- Place this tag where you want the +1 button to render -->
<g:plusone size="small" annotation="inline"></g:plusone>

<!-- Place this render call where appropriate -->
<script type="text/javascript">
  (function() {
    var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
    po.src = 'https://apis.google.com/js/plusone.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);
  })();
</script> </div>
  </nav>
  
  </header>


<p><span class="cursive"><a href="removals.php">Search Removals</a></span></p>
<p><span class="cursive"><a href="storage.php">Search Storage</a></span></p>
<p><span class="cursive"><a href="register00.php">Add Listing</a></span></p>
<p><span class="cursive"><a href="about.php">About</a></span></p>
<p><span class="cursive"><a href="contact.php">Contact</a></span></p>
<div class="content">
  <!--star main --> 
  
  <main></main>
    <!--end main -->
    <!--start middle -->
    <middle>    
      <div class="section_slogan"><table>
	<tr>
		<td valign="top"><img src="images/thumbs/<?PHP echo $row['upload']; ?>" alt="logo"/></td>
            
		<td valign="top">
			<?PHP 
			echo $row['street1'] . 
			"<br>" . $row['street2'] . 
			"<br>" . $row['city'] . "," .  $row['postcode'] .  
			"<br>phone: " . $row['phone'] .  
			"<br>email: " . $row['email'] . 
			"<br>website: " . $row['website']  ; 
			?>
		</td>			
	</tr>
        <tr>
		<td><?PHP echo nl2br($row['premiumuser_description']); ?></td>
	</tr></table>
        <?PHP
/* create an email validation function */
function validateEmailAddress($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email);
}
/**
* CALLBACK - determine if the provided postcode is valid.
*
* @param string $postcode
* @return bool TRUE if valid, FALSE otherwise
* @author George Edwards
*/
function is_valid_uk_postcode($postcode) {
    $pattern = "/^([A-PR-UWYZ0-9][A-HK-Y0-9][AEHMNPRTVXY0-9]?[ABEHMNPRVWXY0-9]? {1,2}[0-9][ABD-HJLN-UW-Z]{2}|GIR 0AA)$/";

    if (preg_match($pattern, $postcode)) {
        return TRUE;
    }

    $this->validation->set_message('is_valid_uk_postcode', 'That is not a valid %s.');
    return FALSE;
}
/* FUNCTION TO CREATE SALT */
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
/* check if form was submitted */
if (isset($_POST['Submit'])){
$error_message = "";
/* This is the directory where images will be saved */
$target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES/"; 
$target = $target . basename( $_FILES['upload']['name']); 
/* include validation script */
include ('php only scripts/validation.php');
$uploadDir = 'images/COMPANIES'; /* main picture folder */
$max_height = 450;	/* 	largest height you allowed; 0 means any */
$max_width = 450; /*  largest width you allowed; 0 means any */
$max_file = 2000000;  /*  set the max file size in bytes */
$image_overwrite = 1;	 /* 0 means overwite; 1 means new name */
/* add or delete allowed image types */
$allowed_type01 = array(	"image/gif", 	"image/pjpeg", "image/jpeg", "image/png", "image/x-png", "image/jpg");
$do_thumb = 1;	 /*  1 make thumbnails; 0 means do NOT make */
$thumbDir = "/images/thumbs";  /*  thumbnail folder */
$thumb_prefix = "";  /*  prefix for thumbnails */
$thumb_width = 90; /*  max thumb width */
$thumb_height = 70;	// max thumb height
 //Writes the photo to the server 
if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { 
	/* HERE IS WHERE WE WILL DO THE ACTUAL RESIZING */ 
	/* THESE SIX PARAMETERS MAY BE CHANGED TO SUIT YOUR NEEDS */
	$upload = $_FILES['upload']['name'];
	$o_path ="images/COMPANIES/";
	$s_path = "images/thumbs/";
	$file = $upload;
	$save = $file;
	$t_w = 200;
	$t_h = 150;
	/* DO NOT CHANGE THIS NEXT LINE */
	Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path);
}else{ 
	//Gives and error if its not 
	$error_message .= "Sorry, there was a problem uploading your file."; 
}
/* PREPARE DATA FOR INSERTION INTO TABLE */
//Writes the information to the database 
if(strlen(trim($error_message)) <1){  
	$salt = createsalt();
	$username = trim($_POST['username']);
	$password = trim($_POST['password']);
	$hash = hash('sha256', $salt, $password);
	$approved = 0; 
	$company_name = mysql_real_escape_string(trim($_POST['company_name']));
	$website = mysql_real_escape_string(trim($_POST['website']));
	$contact_name = mysql_real_escape_string(trim($_POST['contact_name']));
	$location = mysql_real_escape_string(trim($_POST['location']));
	$postcode = mysql_real_escape_string(trim($_POST['postcode']));
	$street1 = mysql_real_escape_string(trim($_POST['street1']));
	$street2 = mysql_real_escape_string(trim($_POST['street2']));
	$city = mysql_real_escape_string(trim($_POST['city']));
	$phone = mysql_real_escape_string(trim($_POST['phone']));
	$phone2 = mysql_real_escape_string(trim($_POST['phone2']));
	$email = mysql_real_escape_string(trim($_POST['email']));
	$premiumuser_description = mysql_real_escape_string(trim($_POST['premiumuser_description']));
	$salt = mysql_real_escape_string($salt);
	$upload = mysql_real_escape_string($upload);	
	$query ="INSERT INTO `companies` (company_name, what_services, website, contact_name, location, postcode, street1, street2, city, phone,phone2, email, premiumuser_description, username, password, salt, approved, upload) VALUES ('$company_name', '$what_services', '$website', '$contact_name', '$location', '$postcode', '$street1', '$street2', '$city', '$phone', '$phone2', '$email', '$premiumuser_description', '$username', '$hash', '$salt', '$approved', '$upload')";
	$result = mysql_query($query) or die(mysql_error());
	if ($result) {

		echo('Thank you for registering with removalspace.com, an email has been sent to you for confirmation');}

	/* at this point we can send an email to the admin as well as the user.  DO NOT send the user's password to ANYONE!!!! */ 
}
}//if (isset($_POST['submit']))
?>
<?php
$to = $_POST['email'];
$subject = "Welcome to removalspace.com";
$body = "Welcome $_POST[company_name],\n\nYou are now registered with removalspace.com, Your company details have been added to our website for users to search. Please give 24 hours for new listings to be added to our site as all new listings await approval, thank you for using removalspace.com";
$headers = "From: mail@removalspace.com\r\n" .
     "X-Mailer: php";
if (mail($to, $subject, $body, $from)) {
  }
?>


<?php
if (!empty($error_message)){ echo $error_message; }
?>
<form action="view02.php?id=<?php echo $row['id']; ?>" method="get" enctype="multipart/form-data" class="cursive">
<table width="316" border="0">
	<tr>
		<td colspan="2"><h1>Edit Your details </h1><p>fill out the form with your details...</p></td>
    </tr>
	<tr>
		<td> </td>
		<td><p> </p><p>Click update to edit...</p><p>  </p></td>
	</tr>
	<tr>
		<td> </td>
		<td><p> </p><p></p><p><p>  </p></td>
	</tr>
	<tr>
		<td>Website:</td>
		<td><p> </p><p><input name="website" type="text" id="website" value="optional" /></p>
    			<p>  </p></td>
	</tr>
	<tr>
		<td>Primary Number:</td>
		<td><p> </p><p><input name="phone" type="text" id="phone" value="incl. area code" /></p>
		<p>  </p></td>
	</tr>
	<tr>
		<td>Secondary Number:</td>
		<td><p> </p>
		<p><input name="phone2" type="text" id="phone2" value="optional" /></p>
              <p> </p></td>
	</tr>
	<tr>
		<td>Company Description:</td>
		<td><p><em>Write a description of what your company does, the services it offers and any additional information here.</em> </p>
		<p><textarea rows="10" cols="100" name="premiumuser_description" id="premiumuser_description"></textarea></p>
		<p> </p></td>
	</tr>
	<tr>
		<td> </td>
	</tr>
	<tr>
		<td colspan="2"><input type="submit" name="submit" value="submit" /></td>
	</tr>
</table>
</form>
      </div>
    </middle>
</div>
<!--end middle -->
<!--start footer -->
<footer>  
  <div id="footer"></div>
</footer>
<!--end footer -->
</div>
<!--end container -->
<!-- Free template distributed by http://freehtml5templates.com -->
  </body>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js"></script>
</html>

Link to comment
Share on other sites

You were querying the fact that i'd done that though? making me assume that it was incorrect, so i experimented!

 

They have since been changed back, to no luck...

 

It still is dropping out and directing me to index.php and not view01.php after the form is submitted to update/edit user details?

 

I managed to update your db using the URL and bypassing your form.  I changed phone number to 5555555 and website to yahoo.com

 

Seems like that code is OK.

Link to comment
Share on other sites

View01.php:

 

<?PHP
session_start();
if(!isset($_SESSION['id']) || !isset($_SESSION['valid_user']) || $_SESSION['valid_user'] != "yes") {
$_SESSION = array();
session_destroy();
header("Location: index.php");	
exit();
}

 

I'm guessing that header is what is causing the page to always go to index.php?

 

One of the other guys will know more what they're talking about, but to me that looks like you're saying  if the session is valid, then to close it and send the user to the index page?

 

As I say, others will know more than me, but that's how it looks to me?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.