edgarasm Posted November 19, 2013 Share Posted November 19, 2013 Hi again , Im trying to create form which allows the users to edit their data , I've created the form ,added the sql i think is right but its not working and giving me sql erro that the data can't be inserted . this is my code for the form details.php : <?php include '../header.php'; include '../config2.php'; session_start(); $id = $_POST['ID']; ?> <script type="text/javascript" src="js/jquery.js"></script> <script type="text/javascript" src="js/parsley.js"></script> <script> $(document).ready(function() { // submit data on click and check if valid $('#sendData').click(function(e) { //check if valid with parsley var valid = $('#detailform').parsley ( 'validate' ); if ( valid === false ) { e.preventDefault(); } else { $.post("updateprocess.php", $("#detailform").serialize()); } }); }); </script> <div id="title"> <div class="inner"> <h1>Changing Your Account Details</h1> </div> </div> <div id="content" class="right-sidebar"> <div class="container inner"> <div id="main" role="main"> <div class="container"> <h3>Please Choose Which information Your would like to change</h3> <form data-validate="parsley" method="POST" action="updateprocess.php" id="detailform" > <label>Email Address</label> <input type="text" name="login_email" data-required="true" value="<?php echo $account['login_email']; ?>"/> <label>Change a password</label> <input type="password" name="login_password" data-notblank="true"/> <label>Re-enter new password</label> <input type="password" name="confirm" data-notblank="true"/> <label>First Name</label> <input type="text" name="first_name" data-required="true" value="<?php echo $account['first_name']; ?>" disabled="disabled" /> <label>Last Name</label> <input type="text" name="last_name" data-notblank="true" /> <label>Address line 1</label> <input type="text" name="address_one" data-required="true" value="<?php echo $account['address_one']; ?>"/> <label>Address line 2</label> <input type="text" name="address_two" data-required="true" value="<?php echo $account['address_two']; ?>"/> <label>Town/City</label> <input type="text" name="town_city" data-required="true" value="<?php echo $account['town_city']; ?>" /> <label>County</label> <input type="text" name="county_option" data-required="true" value="<?php echo $account['county_option']; ?>"/> <label>Postcode</label> <input type="text" name="post_code" data-required="true" value="<?php echo $account['post_code']; ?>"/> <label>Phone number</label> <input type="text" name="phone_number" data-required="true" value="<?php echo $account['phone_number']; ?>"/> <p></p> <p></p> <p></p> <p></p> <p></p> <input type="checkbox" class="checkbox" id="agree" name="agree" /> I Agree With Terms & Conditions</p> <td> <input type="submit" name="submit" class="button" value= "Save"/></td> </form> </div> <div class="space"></div> </div> <ul class="sidebar" role="complementary"> <li> <h2>Navigation</h2> <ul class="link-list"> <li><a href="/account/dashboard.php">Dashboard</a></li> <li><a href="/account/transfer.php">Transfer Money</a></li> <li><a href="/account/transactions.php">Transactions</a></li> <li><a href="/account/withdrawal.php">Withdraw Funds</a></li> <li><a href="/account/upload.php">Upload Funds</a></li> <li><a href="/account/details.php">Change My details</a></li> </ul> </li> </ul> </div> </div> <?php include '../footer.php'; ?> this is the update.php script <?php include "config2.php"; $id = $_POST['ID']; $sql="SELECT * FROM users WHERE id='$id'"; $result=mysql_query($sql); $id = $_POST['ID']; $rows=mysql_fetch_array($result); $email = $_POST['login_email']; $pass = md5($_POST['login_password']); $confirm = md5($_POST['confirm']); $fname = $_POST['first_name']; $lname = $_POST['last_name']; $addressone = $_POST['address_one']; $addresstwo = $_POST['address_two']; $towncity = $_POST['town_city']; $countyoption = $_POST['county_option']; $postcode = $_POST['post_code']; $phone = $_POST['phone_number']; $update = 'UPDATE users SET( login_email, login_password, confirm, first_name, last_name, address_one, address_two, town_city, county_option, post_code, phone_number) VALUES("'.$email.'","'.$pass.'","'.$confirm.'","'.$fname.'","'.$lname.'","'.$addressone.'","'.$addresstwo.'","'.$towncity.'","'.$countyoption.'","'.$postcode.'","'.$phone.'")WHERE id="'.$id.'""'; //$insert = 'UPDATE users SET login_email="'.$email.'", login_password="'.$pass.'", confirm="'.$confirm.'", first_name="'.$fname.'", last_name="'.$lname.'", address_one="'.$addressone.'", address_two="'.$addresstwo.'", town_city="'.$towncity.'", county_option="'.$countyoption.'", post_code="'.$postcode.'", phone_number="'.$phone.'" WHERE id="'.$id.'""'; mysql_query($update) or die("Failed Updating Your Data,check SQL"); header( 'Location: ../account/success.php' ) ; ?> Quote Link to comment https://forums.phpfreaks.com/topic/284067-update-user-details-sql-query-not-working/ Share on other sites More sharing options...
dalecosp Posted November 19, 2013 Share Posted November 19, 2013 giving me sql erro that the data can't be inserted Show this error would probably be helpful ;)Here's an idea: mysql_query($update) or die("Failed Updating Your Data. The SQL was: $update"); Then you can read the SQL and see what's wrong (it's usually a quoting problem or data in the wrong format, etc., but we can't know that without the text of the error message, as I noted above). Quote Link to comment https://forums.phpfreaks.com/topic/284067-update-user-details-sql-query-not-working/#findComment-1459032 Share on other sites More sharing options...
edgarasm Posted November 19, 2013 Author Share Posted November 19, 2013 Heres the error :/ Failed Updating Your Data. The SQL was: UPDATE users SET( login_email, login_password, confirm, first_name, last_name, address_one, address_two, town_city, county_option, post_code, phone_number) VALUES("edgarasm@rocketmail.com","b5154b11aa74cf0bf13f957860d614b6","b5154b11aa74cf0bf13f957860d614b6","","Malov","Flat 2 35 Talbot Avenue","Charminster","Bournemouth","Dorset","BH3 7HS","447795192986")WHERE id=""" Quote Link to comment https://forums.phpfreaks.com/topic/284067-update-user-details-sql-query-not-working/#findComment-1459034 Share on other sites More sharing options...
dalecosp Posted November 19, 2013 Share Posted November 19, 2013 The ID field is empty, (or does it have a double quote all alone in it?) and that's an error. Quote Link to comment https://forums.phpfreaks.com/topic/284067-update-user-details-sql-query-not-working/#findComment-1459044 Share on other sites More sharing options...
Psycho Posted November 19, 2013 Share Posted November 19, 2013 Just a side comment. It will help you greatly if you write the code that creates the query in a readable format. The way you have it now makes it extremely difficult to 1) see the whole query and 2) confirm that the all the quote marks are correct since it keeps going in and out of the quoted text. Here is how I would write that in my code: $update = "UPDATE users SET (login_email, login_password, confirm, first_name, last_name, address_one, address_two, town_city, county_option, post_code, phone_number) VALUES ('{$email}', '{$pass}', '{$confirm}', '{$fname}', '{$lname}', '{$addressone}', '{$addresstwo}', '{$towncity}', '{$countyoption}', '{$postcode}', '{$phone}') WHERE id = '{$id}'"; Quote Link to comment https://forums.phpfreaks.com/topic/284067-update-user-details-sql-query-not-working/#findComment-1459046 Share on other sites More sharing options...
edgarasm Posted November 19, 2013 Author Share Posted November 19, 2013 Just a side comment. It will help you greatly if you write the code that creates the query in a readable format. The way you have it now makes it extremely difficult to 1) see the whole query and 2) confirm that the all the quote marks are correct since it keeps going in and out of the quoted text. Here is how I would write that in my code: $update = "UPDATE users SET (login_email, login_password, confirm, first_name, last_name, address_one, address_two, town_city, county_option, post_code, phone_number) VALUES ('{$email}', '{$pass}', '{$confirm}', '{$fname}', '{$lname}', '{$addressone}', '{$addresstwo}', '{$towncity}', '{$countyoption}', '{$postcode}', '{$phone}') WHERE id = '{$id}'"; This fixed the error but the database doesn't update ? Any ideas? Thanks for the clear up by the way Quote Link to comment https://forums.phpfreaks.com/topic/284067-update-user-details-sql-query-not-working/#findComment-1459086 Share on other sites More sharing options...
Barand Posted November 19, 2013 Share Posted November 19, 2013 Wrong syntax for update query. Should be UPDATE table SET Col1 = 'val1' , Col2= 'val2' , etc WHERE ... Quote Link to comment https://forums.phpfreaks.com/topic/284067-update-user-details-sql-query-not-working/#findComment-1459090 Share on other sites More sharing options...
Psycho Posted November 20, 2013 Share Posted November 20, 2013 Wrong syntax for update query. Should be UPDATE table SET Col1 = 'val1' , Col2= 'val2' , etc WHERE ... LOL, I didn't even read the query. Shame on me. Quote Link to comment https://forums.phpfreaks.com/topic/284067-update-user-details-sql-query-not-working/#findComment-1459126 Share on other sites More sharing options...
edgarasm Posted November 20, 2013 Author Share Posted November 20, 2013 (edited) UPDATE tableSET Col1 = 'val1', Col2= 'val2' , etc WHERE ... LOL, I didn't even read the query. Shame on me. I have updated the query the format you provided me with and it still doesn't update ,starting to worder if the values are getting passed through Post or maybe the ID block doesn't know which id to update :/ Edited November 20, 2013 by edgarasm Quote Link to comment https://forums.phpfreaks.com/topic/284067-update-user-details-sql-query-not-working/#findComment-1459157 Share on other sites More sharing options...
mac_gyver Posted November 20, 2013 Share Posted November 20, 2013 the replies in this thread have already shown that there is no id value in the query statement. your form doesn't have an id field, but even more important, if you were passing the id through the form it would allow anyone to modify the user information for anyone else since you are not checking if the id being edited/submitted is the same as the currently logged in user. you must enforce security on the server in your php code. the only person who should be able to modify their own user information is the user who it belongs to (and perhaps moderators/administrators on your site.) Quote Link to comment https://forums.phpfreaks.com/topic/284067-update-user-details-sql-query-not-working/#findComment-1459186 Share on other sites More sharing options...
edgarasm Posted November 20, 2013 Author Share Posted November 20, 2013 Yes thats the idea for the user be able to edit their data in case it changes . How could i possibly reinforce and pass the id through the form ? Is there any way ? Quote Link to comment https://forums.phpfreaks.com/topic/284067-update-user-details-sql-query-not-working/#findComment-1459201 Share on other sites More sharing options...
dalecosp Posted November 20, 2013 Share Posted November 20, 2013 (edited) Yes thats the idea for the user be able to edit their data in case it changes . How could i possibly reinforce and pass the id through the form ? Is there any way ? The canonical way is: <input type='hidden' name='id' value='<?php echo $id; ?>' />This has one potential problem; the user's ID number is then viewable in the browser's HTML source. Since you've already called session_start() in the script, I'd stick the ID in the $_SESSION array and then use that value when I process the query in update.php. Edited November 20, 2013 by dalecosp Quote Link to comment https://forums.phpfreaks.com/topic/284067-update-user-details-sql-query-not-working/#findComment-1459202 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.