Jump to content

Information isn't being updated properly because of astrosphere? Not sure ......


scm22ri

Recommended Posts

When I add an astrosphere' to any of my words the updating of my data dosen't seem to want to work. I'm not sure what I'm doing wrong with my code. Below I have my edit_info.php syntax. To login use, test@yahoo.com / test.

 

http://whatsmyowncarworth.com/members/login.php

 

<?php
session_start(); // Must start session first thing

// Here we run a login check
if (!isset($_SESSION['id'])) { 
   echo 'Please <a href="login.php">log in</a> to access your account';
   exit(); 
}
//Connect to the database through our include 
include_once "connect_to_mysql.php";
// Place Session variable 'id' into local variable
$id = $_SESSION['id'];
// Process the form if it is submitted
if ($_POST['state']) {
    $country = $_POST['country'];
    $state = $_POST['state'];
    $city = $_POST['city'];
    $bio = $_POST['bio'];
    $sql = mysql_query("UPDATE members SET country='$country', state='$state', city='$city', bio='$bio' WHERE id='$id'"); 
    echo 'Your account info has been updated, visitors to your profile will now see the new info.<br /><br />
To return to your profile edit area, <a href="member_account.php">click here</a>';
exit();
} // close if post
?>
<?php
// Query member data from the database and ready it for display
$sql = mysql_query("SELECT * FROM members WHERE id='$id' LIMIT 1");
while($row = mysql_fetch_array($sql)){
$country = $row["country"];
$state = $row["state"];
$city = $row["city"];
$accounttype = $row["accounttype"];
$bio = $row["bio"];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Edit Your Account Info</title>
<script type="text/javascript">
<!-- Form Validation -->
function validate_form ( ) { 
valid = true; 
if ( document.form.country.value == "" ) { 
alert ( "State must not be blank." ); 
valid = false;
}
if ( document.form.state.value == "" ) { 
alert ( "State must not be blank." ); 
valid = false;
}
if ( document.form.city.value == "" ) { 
alert ( "City must not be blank." ); 
valid = false;
}
return valid;
}
<!-- Form Validation -->
</script>
</head>
<body>
     <div align="center">
       <h3><br />
         Edit your account info here<br />  
       <br />
       </h3>
     </div>
     <table align="center" cellpadding="8" cellspacing="8">
      <form action="edit_info.php" method="post" enctype="multipart/form-data" name="form" id="form" onsubmit="return validate_form ( );">
     <tr>
      <td>Country:</td>
      <td><select name="country">
      <option value="<?php echo "$country"; ?>"><?php echo "$country"; ?></option>
      <option value="Australia">Australia</option>
      <option value="Canada">Canada</option>
      <option value="Mexico">Mexico</option>
      <option value="United Kingdom">United Kingdom</option>
      <option value="United States">United States</option>
      <option value="Zimbabwe">Zimbabwe</option>
      </select></td>
    </tr>
        <tr>
          <td><div align="right">State:</div></td>
          <td><input name="state" type="text" id="state" value="<?php echo "$state"; ?>" size="30" maxlength="64" /></td>
        </tr>  
        <tr>
          <td><div align="right">City:</div></td>
          <td><input name="city" type="text" id="city" value="<?php echo "$city"; ?>" size="30" maxlength="24" /></td>
        </tr>
        <tr>
          <td class="style7"><div align="right">Bio:</div></td>
          <td><textarea name="bio" cols="42" rows="8" id="bio"><?php echo "$bio"; ?></textarea></td>
        </tr>				
        <tr>
          <td> </td>
          <td><input name="Submit" type="submit" value="Submit Changes" /></td>
        </tr>
      </form>
</table>
</body>
</html>

Link to comment
Share on other sites

Echo out your query, it will help you figure out what's going on.

 

You're accidentally injecting special, reserved characters into your query. This can lead to database compromise, so it's something you really want to fix. Functions like mysql_escape_string will automatically sanitize strings like this for you.

Link to comment
Share on other sites

Thanks guys for the responses. Everything seems to be working but according to what I've been reading. mysql_escape_string is something I shouldn't be using. I should be using MySQLi or mysqli_escape_string() but every-time I try and add a i at the end of my syntax it's not working. Do I need to change my connection syntax for the mysqli to work? or am I totally wrong about that?

 

My syntax

 

<?php
session_start(); // Must start session first thing

// Here we run a login check
if (!isset($_SESSION['id'])) { 
   echo 'Please <a href="login.php">log in</a> to access your account';
   exit(); 
}
//Connect to the database through our include 
include_once "connect_to_mysql.php";
// Place Session variable 'id' into local variable
$id = $_SESSION['id'];
// Process the form if it is submitted
if ($_POST['state']) {
    $country = mysql_real_escape_string($_POST['country']); // if I add a "i" to the end of mysqli_real_escape_string it dosen't want to work?
/*$country = mysqli_escape_string($_POST['country']);*/ // not working?
    $state = mysql_real_escape_string($_POST['state']);
    $city = mysql_real_escape_string($_POST['city']);
    $bio = mysql_real_escape_string($_POST['bio']);
    $sql = mysql_query("UPDATE members SET country='$country', state='$state', city='$city', bio='$bio' WHERE id='$id'"); 
    echo 'Your account info has been updated, visitors to your profile will now see the new info.<br /><br />
To return to your profile edit area, <a href="member_account.php">click here</a>';
exit();
} // close if post
?>
<?php
// Query member data from the database and ready it for display
$sql = mysql_query("SELECT * FROM members WHERE id='$id' LIMIT 1");
while($row = mysql_fetch_array($sql)){
$country = mysql_real_escape_string ($row["country"]);
$state = mysql_real_escape_string ($row["state"]);
$city = mysql_real_escape_string ($row["city"]);
$accounttype = mysql_real_escape_string ($row["accounttype"]);
$bio = mysql_real_escape_string ($row["bio"]);
}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Edit Your Account Info</title>
<script type="text/javascript">
<!-- Form Validation -->
function validate_form ( ) { 
valid = true; 
if ( document.form.country.value == "" ) { 
alert ( "State must not be blank." ); 
valid = false;
}
if ( document.form.state.value == "" ) { 
alert ( "State must not be blank." ); 
valid = false;
}
if ( document.form.city.value == "" ) { 
alert ( "City must not be blank." ); 
valid = false;
}
return valid;
}
<!-- Form Validation -->
</script>
</head>
<body>
     <div align="center">
       <h3><br />
         Edit your account info here<br />  
       <br />
       </h3>
     </div>
     <table align="center" cellpadding="8" cellspacing="8">
      <form action="edit_info.php" method="post" enctype="multipart/form-data" name="form" id="form" onsubmit="return validate_form ( );">
     <tr>
      <td>Country:</td>
      <td><select name="country">
      <option value="<?php echo "$country"; ?>"><?php echo "$country"; ?></option>
      <option value="Australia">Australia</option>
      <option value="Canada">Canada</option>
      <option value="Mexico">Mexico</option>
      <option value="United Kingdom">United Kingdom</option>
      <option value="United States">United States</option>
      <option value="Zimbabwe">Zimbabwe</option>
      </select></td>
    </tr>
        <tr>
          <td><div align="right">State:</div></td>
          <td><input name="state" type="text" id="state" value="<?php echo "$state"; ?>" size="30" maxlength="64" /></td>
        </tr>  
        <tr>
          <td><div align="right">City:</div></td>
          <td><input name="city" type="text" id="city" value="<?php echo "$city"; ?>" size="30" maxlength="24" /></td>
        </tr>
        <tr>
          <td class="style7"><div align="right">Bio:</div></td>
          <td><textarea name="bio" cols="42" rows="8" id="bio"><?php echo "$bio"; ?></textarea></td>
        </tr>				
        <tr>
          <td> </td>
          <td><input name="Submit" type="submit" value="Submit Changes" /></td>
        </tr>
      </form>
</table>
</body>
</html>

Link to comment
Share on other sites

You are using the mysql_ set of functions, not the mysqli_ set of functions. You can't use them interchangeably.

 

If you'd like to move your script over to mysqli_, it's definitely recommended, but it's quite a bit of work. You have to change every call to mysql_ to mysqli_, and the first argument must be the variable containing the database object you've created ($db = mysqli_connect($host, $user, $pass, $db))

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.