Jump to content

Recommended Posts

Hi again ,

 

Im trying to create  form which allows the users to edit their data , I've created the form ,added the sql i think is right but its not working and giving me sql erro that the data can't be inserted . this is my code for the form details.php :

<?php include '../header.php'; 
	  include '../config2.php';
	
	session_start();
	
	$id = $_POST['ID'];
	
	
?>
	<script type="text/javascript" src="js/jquery.js"></script>
	<script type="text/javascript" src="js/parsley.js"></script>
	
	<script>
		$(document).ready(function() { 

    // submit data on click and check if valid 
    $('#sendData').click(function(e) { 
        //check if valid with parsley
        var valid = $('#detailform').parsley ( 'validate' );
        if ( valid === false )
        {
            e.preventDefault();
        }
        else 
        {
            $.post("updateprocess.php", $("#detailform").serialize());       
        }
    });
}); 
		</script>
	<div id="title">
		<div class="inner">
			
			<h1>Changing Your Account Details</h1>
		</div>
	</div>	
	  
	<div id="content" class="right-sidebar">
	    
		<div class="container inner">
		<div id="main" role="main">
		<div class="container">

				<h3>Please Choose Which information Your would like to change</h3>
				
				<form data-validate="parsley" method="POST" action="updateprocess.php" id="detailform" >
					<label>Email Address</label>
					<input type="text" name="login_email" data-required="true" value="<?php echo $account['login_email']; ?>"/>
					<label>Change a password</label>
					<input type="password" name="login_password" data-notblank="true"/>
					<label>Re-enter new password</label>
					<input type="password" name="confirm" data-notblank="true"/>
					<label>First Name</label>
					<input type="text" name="first_name" data-required="true"   value="<?php echo $account['first_name']; ?>" disabled="disabled" />
					<label>Last Name</label>
					<input type="text" name="last_name" data-notblank="true" />
					<label>Address line 1</label>
					<input type="text" name="address_one" data-required="true" value="<?php echo $account['address_one']; ?>"/>
					<label>Address line 2</label>
					<input type="text" name="address_two" data-required="true" value="<?php echo $account['address_two']; ?>"/>
					<label>Town/City</label>
					<input type="text" name="town_city" data-required="true" value="<?php echo $account['town_city']; ?>" />
					<label>County</label>
					<input type="text" name="county_option" data-required="true" value="<?php echo $account['county_option']; ?>"/>
					<label>Postcode</label>
					<input type="text" name="post_code" data-required="true" value="<?php echo $account['post_code']; ?>"/>
					<label>Phone number</label>
					<input type="text" name="phone_number" data-required="true" value="<?php echo $account['phone_number']; ?>"/> 
					<p></p>
					<p></p>
					<p></p>
					<p></p>
					<p></p>
					
					
					<input type="checkbox" class="checkbox" id="agree" name="agree" /> I Agree With Terms & Conditions</p>
					
					<td> <input type="submit" name="submit" class="button" value= "Save"/></td>
				</form>
				</div>
				<div class="space"></div>
			</div>
			<ul class="sidebar" role="complementary">
				<li>
					<h2>Navigation</h2>
					<ul class="link-list">
<li><a href="/account/dashboard.php">Dashboard</a></li>
<li><a href="/account/transfer.php">Transfer Money</a></li>
<li><a href="/account/transactions.php">Transactions</a></li>
<li><a href="/account/withdrawal.php">Withdraw Funds</a></li>
<li><a href="/account/upload.php">Upload Funds</a></li>
<li><a href="/account/details.php">Change My details</a></li>
					</ul>
				</li>
			</ul>
		</div>
	</div>
<?php include '../footer.php'; ?>

this is the update.php script

<?php

include "config2.php";

$id = $_POST['ID'];

$sql="SELECT * FROM users WHERE id='$id'";
$result=mysql_query($sql);

$id = $_POST['ID'];

$rows=mysql_fetch_array($result);

$email = $_POST['login_email'];
$pass =  md5($_POST['login_password']);
$confirm = md5($_POST['confirm']);
$fname = $_POST['first_name'];
$lname = $_POST['last_name'];
$addressone = $_POST['address_one'];
$addresstwo = $_POST['address_two'];
$towncity = $_POST['town_city'];
$countyoption = $_POST['county_option'];
$postcode = $_POST['post_code'];
$phone = $_POST['phone_number'];
$update = 'UPDATE users SET( login_email, login_password, confirm, first_name, last_name, address_one, address_two, town_city, county_option, post_code, phone_number) VALUES("'.$email.'","'.$pass.'","'.$confirm.'","'.$fname.'","'.$lname.'","'.$addressone.'","'.$addresstwo.'","'.$towncity.'","'.$countyoption.'","'.$postcode.'","'.$phone.'")WHERE id="'.$id.'""';
//$insert = 'UPDATE users SET login_email="'.$email.'", login_password="'.$pass.'", confirm="'.$confirm.'", first_name="'.$fname.'", last_name="'.$lname.'", address_one="'.$addressone.'", address_two="'.$addresstwo.'", town_city="'.$towncity.'", county_option="'.$countyoption.'", post_code="'.$postcode.'", phone_number="'.$phone.'" WHERE id="'.$id.'""'; 
mysql_query($update) or die("Failed Updating Your Data,check SQL");

   header( 'Location: ../account/success.php' ) ;

?>

 

 

giving me sql erro that the data can't be inserted


Show this error would probably be helpful ;) ;)

Here's an idea:

 

mysql_query($update) or die("Failed Updating Your Data. The SQL was: $update");



Then you can read the SQL and see what's wrong (it's usually a quoting problem or data in the wrong format, etc., but we can't know that without the text of the error message, as I noted above).

 

Heres the error :/

 

Failed Updating Your Data. The SQL was: UPDATE users SET( login_email, login_password, confirm, first_name, last_name, address_one, address_two, town_city, county_option, post_code, phone_number) VALUES("edgarasm@rocketmail.com","b5154b11aa74cf0bf13f957860d614b6","b5154b11aa74cf0bf13f957860d614b6","","Malov","Flat 2 35 Talbot Avenue","Charminster","Bournemouth","Dorset","BH3 7HS","447795192986")WHERE id="""

Just a side comment. It will help you greatly if you write the code that creates the query in a readable format. The way you have it now makes it extremely difficult to 1) see the whole query and 2) confirm that the all the quote marks are correct since it keeps going in and out of the quoted text. Here is how I would write that in my code:

 

 

$update = "UPDATE users SET
               (login_email, login_password, confirm, first_name, last_name, address_one,
                address_two, town_city, county_option, post_code, phone_number)
           VALUES
               ('{$email}', '{$pass}', '{$confirm}', '{$fname}', '{$lname}', '{$addressone}',
                '{$addresstwo}', '{$towncity}', '{$countyoption}', '{$postcode}', '{$phone}')
           WHERE id = '{$id}'";

 

Just a side comment. It will help you greatly if you write the code that creates the query in a readable format. The way you have it now makes it extremely difficult to 1) see the whole query and 2) confirm that the all the quote marks are correct since it keeps going in and out of the quoted text. Here is how I would write that in my code:

$update = "UPDATE users SET
               (login_email, login_password, confirm, first_name, last_name, address_one,
                address_two, town_city, county_option, post_code, phone_number)
           VALUES
               ('{$email}', '{$pass}', '{$confirm}', '{$fname}', '{$lname}', '{$addressone}',
                '{$addresstwo}', '{$towncity}', '{$countyoption}', '{$postcode}', '{$phone}')
           WHERE id = '{$id}'";

This fixed the error but the database doesn't update ?

 

Any ideas?

 

Thanks for the clear up by the way 

 

 

UPDATE table

SET

  

Col1 = 'val1'

,  Col2= 'val2'

,  etc

WHERE ...

LOL, I didn't even read the query. Shame on me.

I have updated the query the format you provided me with and it still doesn't update ,starting to worder if the values are getting passed through Post or maybe the ID block doesn't know which id to update :/

Edited by edgarasm

the replies in this thread have already shown that there is no id value in the query statement.

 

your form doesn't have an id field, but even more important, if you were passing the id through the form it would allow anyone to modify the user information for anyone else since you are not checking if the id being edited/submitted is the same as the currently logged in user.

 

you must enforce security on the server in your php code. the only person who should be able to modify their own user information is the user who it belongs to (and perhaps moderators/administrators on your site.)

Yes thats the idea for the user be able to edit their data in case it changes . 

 

How could i possibly reinforce and pass the id through the form ?

 

Is there any way ?

The canonical way is:

<input type='hidden' name='id' value='<?php echo $id; ?>' />
This has one potential problem; the user's ID number is then viewable in the browser's HTML source.

 

Since you've already called session_start() in the script, I'd stick the ID in the $_SESSION array and then use that value when I process the query in update.php.

Edited by dalecosp
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.