kikilahooch Posted April 22, 2006 Share Posted April 22, 2006 i'm trying to create a page on my website where existing members can update their current details. once the customer is logged in they can click on the "update details" button and they should be brought to a page where their details are pre-populated in a table. What in fact is happening is that their username is displayed,along with their email address and phone number but the fields for their password,name and address are showing up blank and when I look in my database I can see that these details have been deleted. this happens everytime. As far as I can see I have the fields that are being displayed the same as the ones being deleted but someone can point out where I am going wrong that would be great. Here's my code:[code]<?php include("db.php");$userId= $_GET['id']; $sql = "select password, name, surname, address, address2, county, country, telNo, paypalEmail from customer where userName = '$userId';";//db$result = mysql_query($sql,$conn) or die(mysql_error());if(isset($_POST['submittedUpdate'])){ $password = trim($_POST['password']); $name = trim($_POST['name']); $surname = trim($_POST['surname']); $address = trim($_POST['address']); $address2 = trim($_POST['address2']); $county = trim($_POST['county']); $country = trim($_POST['country']); $telNo= trim($_POST['telNo']); $paypalEmail= trim($_POST['paypalEmail']);} $query2 = "UPDATE customer SET password='$password', name='$name', surname='$surname', address='$address', address2='$address2', county='$county', country='$country' WHERE userName= '$userId'"; $result = @mysql_query($query2); if($result){ echo'<p align=center><font color="black"><b>UPDATED SUCCESSFULLY</b></font></p>'; } else{ echo'<h1> System Error </h1>'; } $query = "SELECT * FROM customer WHERE userName = '$userId'"; $result = @mysql_query($query); if($result){ echo' <form action="update.php" method="post"> <center> <table align="center" cellspacing="0" cellpadding="5" bgcolor="#ffffff" border=1 bordercolor="#2696b8">'; while($row = mysql_fetch_array($result, MYSQL_ASSOC)){ echo' <TR><TD align=left bgcolor="#2696b8" width="30%"><FONT color=white><B>User Name: </B></FONT></TD> <TD width="70%">'.$row['userName'].'</TD></TR><TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Password:</B></FONT></TD> <TD><INPUT type=password maxLength=45 size=45 name=password value="'.$row['password'].'"></TD></TR><TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>First Name:</B></FONT></TD><TD><INPUT type ="text" maxLength=45 size=45 name=name value="'.$row['name'].'"></TD></TR> <TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Last Name:</B></FONT></TD> <TD><INPUT type ="text" maxLength=45 size=45 name=surname value="'.$row['surname'].'"></TD></TR> <TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Address 1:</B></FONT></TD> <TD><INPUT type ="text" maxLength=45 size=45 name=address value="'.$row['address'].'"></TD></TR> <TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Address 2:</B></FONT></TD> <TD><INPUT type ="text" maxLength=45 size=45 name=address2 value="'.$row['address2'].'"></TD></TR> <TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>County:</B></FONT></TD> <TD<INPUT type ="text" maxLength=45 size=45 name=county select name="'.$row['county'].'"> <TD><SELECT name=county> <OPTION value= >Antrim</OPTION> <OPTION value=Armagh>Armagh</OPTION> <OPTION value=Carlow>Carlow</OPTION> <OPTION value=Westmeath>Westmeath</OPTION> <OPTION value=Wexford>Wexford</OPTION> <OPTION value=Wicklow>Wicklow</OPTION> <OPTION> None of the Above</OPTION> </SELECT></TD></TR><TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Country:</B></FONT></TD> <TD><INPUT type="text" maxLength=45 size=45 name=country value="'.$row['country'].'"></TD></TR><TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Telephone No:</B></FONT></TD> <TD><INPUT maxLength=45 size=45 name=telNo value ="'.$row['telNo'].'"></TD></TR> <TR><TD align=right height=30 bgcolor="#2696b8"><FONT color=white><B>PayPal Email Address:</B></FONT></TD> <TD><INPUT maxLength=45 size=45 name=paypalEmail value="'.$row['paypalEmail'].'"></TD></TR> <TR><TD height=82></td><TD><CENTER><input name=submit type=submit value="Save"><FONT color=navy></FONT></P></TD></TR></TBODY></TABLE></FORM>'; }}?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/8115-trying-to-update-information/ Share on other sites More sharing options...
eves Posted April 22, 2006 Share Posted April 22, 2006 Hi,Place your [code]$query2[/code] inside your [code]if(isset($_POST['submittedUpdate']))[/code] condition, that should do the trick.Your query is being run everytime your page loads and you need to re structure your codes a little bit, include all updateing in your POST condition.hope that helps. Quote Link to comment https://forums.phpfreaks.com/topic/8115-trying-to-update-information/#findComment-29587 Share on other sites More sharing options...
Orio Posted April 22, 2006 Share Posted April 22, 2006 And this is very unsecure. The user can modify the "GET" info and see & edit someone else's info... Use sessions.Orio. Quote Link to comment https://forums.phpfreaks.com/topic/8115-trying-to-update-information/#findComment-29596 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.