Jump to content

[SOLVED] edit profile help

quickstopman

By quickstopman
in PHP Coding Help

 Share

Recommended Posts

quickstopman Regular Member

quickstopman

Posted
Posted

ok i have a minor problem.

when my user updates his or her profile

when they try to insert HTML into it it doesn't work

for instance..

when you want to put

<font color="red">

you get

<font color=/"red/">

which doesn't work

does anyone know how to fix that?

Link to comment
https://forums.phpfreaks.com/topic/51545-solved-edit-profile-help/
Share on other sites
quickstopman Regular Member

quickstopman

Posted
  • Author
Posted

here is to code

<?php
ob_start();
session_start();
//include config.php file
include('config.php');
include_once 'header.php';
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<style>
.words
{
background-color:#16333B;
color:#A9D033;
}
</style>
<?php
$p = $_GET['p'];
//see my ?id= browsing tutorial
if(!isset($_SESSION['username'])){ ?>
<form action='login.php' method='POST'>
	You Must Be logged in to View this page!<br>
	Login here:<br>
	Username: <input type='text' name='username' class='words'><br>
                Password: <input type='password' name='password' class='words'><br>
	<input name='login' type='submit' value='Submit' class='words'><br>
	Not <a href="../register.php">registered</a>?
</form> 
<?php
exit();
}
else{
if($_POST['update']){
	// Get Posted Variables...
	$fullname = mysql_real_escape_string($_POST['fullname']);
	$aboutme = mysql_real_escape_string($_POST['aboutme']);
	$email = mysql_real_escape_string($_POST['email']);
                $likes = mysql_real_escape_string($_POST['likes']);
                $hates = mysql_real_escape_string($_POST['hates']);
	$id = $_SESSION['id'];



	// Get Sandy's record from the "example" table
                 
	$result = mysql_query("UPDATE users SET  `aboutme` =  '$aboutme', `email` =  '$email', `fullname` =  '$fullname', `likes` = '$likes', `hates` = '$hates' WHERE  id = '$id'") or die(mysql_error());  


header("Refresh:2");
echo "<B>Profile Updated</B><br><br>";

} else { 

$sql = mysql_query("SELECT * FROM users WHERE id = '{$id}'") or die(mysql_error());
$r=mysql_fetch_array($sql);
?>
<form name="update" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<table  cellpadding="2" cellspacing="1" width="400">
<tr>
    	<td wdith="35%">Username:</td>
    		<td><?php echo $r['username']; ?></td>
  	</tr>  
        <tr>
    	<td wdith="35%">Id:</td>
    		<td><?php echo $r['id']; ?></td>
  	</tr>  
  	<tr>
    	<td>Full Name:</td>
    		<td><input type="text" name="fullname" value="<?php echo $r['fullname']; ?>" /></td>
  	</tr>
<tr>
    	<td>Email Address:</td>
    	<td><input type="text" name="email" value="<?php echo $r['email']; ?>" /></td>
  	</tr>
	<tr>
    	<td>About Me:</td>
    	<td><textarea cols="50" rows="5" input type="text/html"  name="aboutme" value="" /><? echo $r['aboutme'];  ?></textarea></td>
  	</tr>
        <td>Likes:</td>
    	<td><textarea cols="50" rows="5" name="likes"><? echo $r['likes']; ?></textarea></td>
  	</tr>
         <td>Hates:</td>
    	<td><textarea cols="50" rows="5"  name="hates"><? echo $r['hates']; ?></textarea></td>
  	</tr>
  	<tr>
    	<td colspan="2"><input type="submit" name="update" value="Update Profile" ></td>
  	</tr>
</table>
</form>
<?
}

}
?>

so where would i put that code exactly?

lewis987 Member

lewis987

Posted
Posted

you can use either,

 

try this code then

<?php
if (isset($_POST) and get_magic_quotes_gpc()) array_walk_recursive($_POST,create_function('&$value',"\$value = stripslashes(\$value);"));
ob_start();
session_start();
//include config.php file
include('config.php');
include_once 'header.php';
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<style>
.words
{
background-color:#16333B;
color:#A9D033;
}
</style>
<?php
$p = $_GET['p'];
//see my ?id= browsing tutorial
if(!isset($_SESSION['username'])){ ?>
<form action='login.php' method='POST'>
	You Must Be logged in to View this page!<br>
	Login here:<br>
	Username: <input type='text' name='username' class='words'><br>
                Password: <input type='password' name='password' class='words'><br>
	<input name='login' type='submit' value='Submit' class='words'><br>
	Not <a href="../register.php">registered</a>?
</form> 
<?php
exit();
}
else{
if($_POST['update']){
	// Get Posted Variables...
	$fullname = mysql_real_escape_string($_POST['fullname']);
	$aboutme = mysql_real_escape_string($_POST['aboutme']);
	$email = mysql_real_escape_string($_POST['email']);
                $likes = mysql_real_escape_string($_POST['likes']);
                $hates = mysql_real_escape_string($_POST['hates']);
	$id = $_SESSION['id'];



	// Get Sandy's record from the "example" table
                 
	$result = mysql_query("UPDATE users SET  `aboutme` =  '$aboutme', `email` =  '$email', `fullname` =  '$fullname', `likes` = '$likes', `hates` = '$hates' WHERE  id = '$id'") or die(mysql_error());  


header("Refresh:2");
echo "<B>Profile Updated</B><br><br>";

} else { 

$sql = mysql_query("SELECT * FROM users WHERE id = '{$id}'") or die(mysql_error());
$are=mysql_fetch_array($sql);
?>
<form name="update" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<table  cellpadding="2" cellspacing="1" width="400">
<tr>
    	<td wdith="35%">Username:</td>
    		<td><?php echo $are['username']; ?></td>
  	</tr>  
        <tr>
    	<td wdith="35%">Id:</td>
    		<td><?php echo $are['id']; ?></td>
  	</tr>  
  	<tr>
    	<td>Full Name:</td>
    		<td><input type="text" name="fullname" value="<?php echo $are['fullname']; ?>" /></td>
  	</tr>
<tr>
    	<td>Email Address:</td>
    	<td><input type="text" name="email" value="<?php echo $are['email']; ?>" /></td>
  	</tr>
	<tr>
    	<td>About Me:</td>
    	<td><textarea cols="50" rows="5" input type="text/html"  name="aboutme" value="" /><? echo $are['aboutme'];  ?></textarea></td>
  	</tr>
        <td>Likes:</td>
    	<td><textarea cols="50" rows="5" name="likes"><? echo $are['likes']; ?></textarea></td>
  	</tr>
         <td>Hates:</td>
    	<td><textarea cols="50" rows="5"  name="hates"><? echo $are['hates']; ?></textarea></td>
  	</tr>
  	<tr>
    	<td colspan="2"><input type="submit" name="update" value="Update Profile" ></td>
  	</tr>
</table>
</form>
<?
}

}
?>

Wildbug Newbie

Wildbug

Posted
Posted

array_walk_recursive() is only PHP 5+.  Do you have an older version?

 

There are user-written alternatives around for that functionality.  Otherwise, just use the single case on the variable that's giving you trouble.

 

if (get_magic_quotes_gpc()) $value = stripslashes($value);

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.