BrettHartel Posted December 25, 2012 Share Posted December 25, 2012 (edited) Thank you for taking the time to help me! I cannot figure out why these two lines of code are not updating my mysql database. I am deleting a user picture, if it exists, and then setting the picture back to default. No errors are coming back to me and my mysql database is not updating. mysql_query("UPDATE ProfilePicture SET PictureName='$default' WHERE User_ID='$_COOKIE[user_ID]'"); mysql_query("UPDATE ProfilePicture SET PictureType='$default_extension' WHERE User_ID='$_COOKIE[user_ID]'"); This is my full code. <?php $con = mysql_connect("******","******","******"); if (!$con){ die('Could not connect: . mysql_error()'); } mysql_select_db("******", $con); $Server = $_SERVER["DOCUMENT_ROOT"]; $target_path = "images/profile_picture/"; $default = "default.gif"; $default_extension = "gif"; $Result_PictureType = mysql_query("SELECT PictureType FROM ProfilePicture WHERE User_ID='$_COOKIE[user_ID]'"); while ($row = mysql_fetch_assoc($Result_PictureType)) { $User_Picture = $Server . "/images/profile_picture/" . $User_ID . "." . $row["PictureType"]; } $Result_PictureName = mysql_query("SELECT PictureName FROM ProfilePicture WHERE User_ID='$_COOKIE[user_ID]'"); while ($row = mysql_fetch_assoc($Result_PictureName)) { $Data_Picture = $row["PictureName"]; } if ($Data_Picture != "default.gif") { unlink($User_Picture); } mysql_query("UPDATE ProfilePicture SET PictureName='$default' WHERE User_ID='$_COOKIE[user_ID]'"); mysql_query("UPDATE ProfilePicture SET PictureType='$default_extension' WHERE User_ID='$_COOKIE[user_ID]'"); header('Location: profile.php'); mysql_close($con); ?> Thanks, Brett Hartel Edited December 25, 2012 by BrettHartel Quote Link to comment Share on other sites More sharing options...
Christian F. Posted December 25, 2012 Share Posted December 25, 2012 I see several issues here, I'm afraid. You're not validating your input, meaning it could be anything, only limited to the user's imagination. Cookies are stored as clear-text files on the user's computer, after all. You haven't escaped or sanitized the data going into the SQL sentences, so you're wide open for SQL injections. You do not handle errors at all in your code, except for one instance when connecting to the SQL server. Incidentally, that's the line which is the least likely to fail in this code. Also, there is no need to close the SQL connection manually. The PHP parser does this automatically when the script has completed, and usually the PHP parser knows best. Finally you should add the full URI to the header ('Location: ') call, as per the specs. PS: I recommend moving onto the MySQLI or DBO libraries, as the old mysql library is outdated, no longer being maintained, and soon to be deprecated. Quote Link to comment Share on other sites More sharing options...
Cainj Posted December 25, 2012 Share Posted December 25, 2012 on your "mysql_query()" add a or die(mysql_error()); then you will see exactly why it is not updating. Quote Link to comment Share on other sites More sharing options...
Barand Posted December 25, 2012 Share Posted December 25, 2012 BTW, one query will do it UPDATE ProfilePicture SET PictureName='$default' , PictureType='$default_extension' WHERE User_ID='$_COOKIE[user_ID]' Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted December 25, 2012 Share Posted December 25, 2012 ^^^ Likewise for the SELECT query. Run one query that selects both columns and since you expect at most one row, there's no need to loop over the results. Just run one fetch statement. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.