Jump to content


Photo

trying to update information


  • Please log in to reply
2 replies to this topic

#1 kikilahooch

kikilahooch
  • Members
  • PipPipPip
  • Advanced Member
  • 72 posts

Posted 22 April 2006 - 02:18 PM

i'm trying to create a page on my website where existing members can update their current details. once the customer is logged in they can click on the "update details" button and they should be brought to a page where their details are pre-populated in a table. What in fact is happening is that their username is displayed,along with their email address and phone number but the fields for their password,name and address are showing up blank and when I look in my database I can see that these details have been deleted. this happens everytime. As far as I can see I have the fields that are being displayed the same as the ones being deleted but someone can point out where I am going wrong that would be great. Here's my code:

<?php 

include("db.php");

$userId= $_GET['id']; 

$sql = "select password, name, surname, address, address2, county, country, telNo, paypalEmail from customer where userName = '$userId';";
//db
$result = mysql_query($sql,$conn) or die(mysql_error());





if(isset($_POST['submittedUpdate'])){
        
        
        
        
        $password = trim($_POST['password']);
        $name = trim($_POST['name']);
        $surname = trim($_POST['surname']);
        $address = trim($_POST['address']);
        $address2 = trim($_POST['address2']);
        $county = trim($_POST['county']);
        $country = trim($_POST['country']);
        $telNo= trim($_POST['telNo']);
        $paypalEmail= trim($_POST['paypalEmail']);
}

        
        
        $query2 = "UPDATE customer SET password='$password', name='$name', surname='$surname', address='$address', address2='$address2', county='$county', country='$country' WHERE userName= '$userId'";
        

        
        $result = @mysql_query($query2);
            if($result){
                echo'<p align=center><font color="black"><b>UPDATED SUCCESSFULLY</b></font></p>';
            }
    
            else{
                echo'<h1> System Error </h1>';
            }
        
                
        $query = "SELECT * FROM customer WHERE userName = '$userId'";

        $result = @mysql_query($query);    
            if($result){
                    echo'
                <form action="update.php" method="post">
                    
                                        
                    <center>
                    <table align="center" cellspacing="0" cellpadding="5" bgcolor="#ffffff" border=1 bordercolor="#2696b8">';




        while($row = mysql_fetch_array($result, MYSQL_ASSOC)){
                    echo'
            
<TR><TD align=left bgcolor="#2696b8" width="30%"><FONT color=white><B>User Name: </B></FONT></TD> 
<TD width="70%">'.$row['userName'].'</TD></TR>

<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Password:</B></FONT></TD> 
<TD><INPUT type=password maxLength=45 size=45 name=password value="'.$row['password'].'"></TD></TR>

<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>First Name:</B></FONT></TD>
<TD><INPUT type ="text" maxLength=45 size=45 name=name value="'.$row['name'].'"></TD></TR>
              
<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Last Name:</B></FONT></TD> 
<TD><INPUT type ="text" maxLength=45 size=45 name=surname value="'.$row['surname'].'"></TD></TR>
              
<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Address 1:</B></FONT></TD> 
<TD><INPUT type ="text" maxLength=45 size=45 name=address value="'.$row['address'].'"></TD></TR>
          
<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Address 2:</B></FONT></TD> 
<TD><INPUT type ="text" maxLength=45 size=45 name=address2 value="'.$row['address2'].'"></TD></TR>
             
<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>County:</B></FONT></TD> 
<TD<INPUT type ="text" maxLength=45 size=45 name=county select name="'.$row['county'].'">       
          <TD><SELECT name=county> <OPTION 
                    value= >Antrim</OPTION> <OPTION 
                    value=Armagh>Armagh</OPTION> <OPTION 
                    value=Carlow>Carlow</OPTION> <OPTION 
                    value=Westmeath>Westmeath</OPTION> <OPTION 
                    value=Wexford>Wexford</OPTION> <OPTION 
                    value=Wicklow>Wicklow</OPTION> <OPTION>
               None of the Above</OPTION>
            </SELECT></TD></TR>


<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Country:</B></FONT></TD> 
<TD><INPUT type="text" maxLength=45 size=45 name=country value="'.$row['country'].'"></TD></TR>

<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Telephone No:</B></FONT></TD> 
<TD><INPUT maxLength=45 size=45 name=telNo value ="'.$row['telNo'].'"></TD></TR>
              
<TR><TD align=right height=30 bgcolor="#2696b8"><FONT color=white><B>PayPal Email Address:</B></FONT></TD> 
<TD><INPUT maxLength=45 size=45 name=paypalEmail value="'.$row['paypalEmail'].'"></TD></TR>
              
<TR><TD height=82></td>
<TD><CENTER><input name=submit type=submit value="Save">
<FONT color=navy></FONT></P></TD></TR></TBODY></TABLE></FORM>';
    
    }
}

?>


#2 eves

eves
  • Members
  • PipPip
  • Member
  • 26 posts

Posted 22 April 2006 - 02:29 PM

Hi,

Place your
$query2
inside your
if(isset($_POST['submittedUpdate']))
condition, that should do the trick.

Your query is being run everytime your page loads and you need to re structure your codes a little bit, include all updateing in your POST condition.

hope that helps.

#3 Orio

Orio
  • Staff Alumni
  • Advanced Member
  • 2,491 posts

Posted 22 April 2006 - 03:18 PM

And this is very unsecure. The user can modify the "GET" info and see & edit someone else's info... Use sessions.

Orio.
Think you're smarty?

(Gone until 20 to November)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users