Jump to content

I Cannot Figure Out Why Database Is Not Updating.

BrettHartel

By BrettHartel
in PHP Coding Help

 Share

Recommended Posts

BrettHartel Member

BrettHartel

Posted
Posted (edited)

Thank you for taking the time to help me!

 

I cannot figure out why these two lines of code are not updating my mysql database. I am deleting a user picture, if it exists, and then setting the picture back to default. No errors are coming back to me and my mysql database is not updating.

 

mysql_query("UPDATE ProfilePicture SET PictureName='$default' WHERE User_ID='$_COOKIE[user_ID]'");
mysql_query("UPDATE ProfilePicture SET PictureType='$default_extension' WHERE User_ID='$_COOKIE[user_ID]'");

 

This is my full code.

 

<?php
$con = mysql_connect("******","******","******");
if (!$con){ die('Could not connect: . mysql_error()'); }
mysql_select_db("******", $con);


$Server = $_SERVER["DOCUMENT_ROOT"];
$target_path = "images/profile_picture/";
$default = "default.gif";
$default_extension = "gif";


$Result_PictureType = mysql_query("SELECT PictureType FROM ProfilePicture WHERE User_ID='$_COOKIE[user_ID]'");
while ($row = mysql_fetch_assoc($Result_PictureType)) {
$User_Picture = $Server . "/images/profile_picture/" . $User_ID . "." . $row["PictureType"];
}


$Result_PictureName = mysql_query("SELECT PictureName FROM ProfilePicture WHERE User_ID='$_COOKIE[user_ID]'");
while ($row = mysql_fetch_assoc($Result_PictureName)) {
$Data_Picture = $row["PictureName"];
}


if ($Data_Picture != "default.gif") {
unlink($User_Picture);
}


mysql_query("UPDATE ProfilePicture SET PictureName='$default' WHERE User_ID='$_COOKIE[user_ID]'");
mysql_query("UPDATE ProfilePicture SET PictureType='$default_extension' WHERE User_ID='$_COOKIE[user_ID]'");


header('Location: profile.php');


mysql_close($con);
?>

 

Thanks,

 

Brett Hartel

Edited by BrettHartel
Christian F. Member

Christian F.

Posted
Posted

I see several issues here, I'm afraid.

  1. You're not validating your input, meaning it could be anything, only limited to the user's imagination. Cookies are stored as clear-text files on the user's computer, after all.
  2. You haven't escaped or sanitized the data going into the SQL sentences, so you're wide open for SQL injections.
  3. You do not handle errors at all in your code, except for one instance when connecting to the SQL server. Incidentally, that's the line which is the least likely to fail in this code.

Also, there is no need to close the SQL connection manually. The PHP parser does this automatically when the script has completed, and usually the PHP parser knows best. Finally you should add the full URI to the header ('Location: ') call, as per the specs. ;)

 

PS: I recommend moving onto the MySQLI or DBO libraries, as the old mysql library is outdated, no longer being maintained, and soon to be deprecated.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.