Jump to content

Archived

This topic is now archived and is closed to further replies.

kikilahooch

trying to update information

Recommended Posts

i'm trying to create a page on my website where existing members can update their current details. once the customer is logged in they can click on the "update details" button and they should be brought to a page where their details are pre-populated in a table. What in fact is happening is that their username is displayed,along with their email address and phone number but the fields for their password,name and address are showing up blank and when I look in my database I can see that these details have been deleted. this happens everytime. As far as I can see I have the fields that are being displayed the same as the ones being deleted but someone can point out where I am going wrong that would be great. Here's my code:

[code]<?php

include("db.php");

$userId= $_GET['id'];

$sql = "select password, name, surname, address, address2, county, country, telNo, paypalEmail from customer where userName = '$userId';";
//db
$result = mysql_query($sql,$conn) or die(mysql_error());





if(isset($_POST['submittedUpdate'])){
        
        
        
        
        $password = trim($_POST['password']);
        $name = trim($_POST['name']);
        $surname = trim($_POST['surname']);
        $address = trim($_POST['address']);
        $address2 = trim($_POST['address2']);
        $county = trim($_POST['county']);
        $country = trim($_POST['country']);
        $telNo= trim($_POST['telNo']);
        $paypalEmail= trim($_POST['paypalEmail']);
}

        
        
        $query2 = "UPDATE customer SET password='$password', name='$name', surname='$surname', address='$address', address2='$address2', county='$county', country='$country' WHERE userName= '$userId'";
        

        
        $result = @mysql_query($query2);
            if($result){
                echo'<p align=center><font color="black"><b>UPDATED SUCCESSFULLY</b></font></p>';
            }
    
            else{
                echo'<h1> System Error </h1>';
            }
        
                
        $query = "SELECT * FROM customer WHERE userName = '$userId'";

        $result = @mysql_query($query);    
            if($result){
                    echo'
                <form action="update.php" method="post">
                    
                                        
                    <center>
                    <table align="center" cellspacing="0" cellpadding="5" bgcolor="#ffffff" border=1 bordercolor="#2696b8">';




        while($row = mysql_fetch_array($result, MYSQL_ASSOC)){
                    echo'
            
<TR><TD align=left bgcolor="#2696b8" width="30%"><FONT color=white><B>User Name: </B></FONT></TD>
<TD width="70%">'.$row['userName'].'</TD></TR>

<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Password:</B></FONT></TD>
<TD><INPUT type=password maxLength=45 size=45 name=password value="'.$row['password'].'"></TD></TR>

<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>First Name:</B></FONT></TD>
<TD><INPUT type ="text" maxLength=45 size=45 name=name value="'.$row['name'].'"></TD></TR>
              
<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Last Name:</B></FONT></TD>
<TD><INPUT type ="text" maxLength=45 size=45 name=surname value="'.$row['surname'].'"></TD></TR>
              
<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Address 1:</B></FONT></TD>
<TD><INPUT type ="text" maxLength=45 size=45 name=address value="'.$row['address'].'"></TD></TR>
          
<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Address 2:</B></FONT></TD>
<TD><INPUT type ="text" maxLength=45 size=45 name=address2 value="'.$row['address2'].'"></TD></TR>
            
<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>County:</B></FONT></TD>
<TD<INPUT type ="text" maxLength=45 size=45 name=county select name="'.$row['county'].'">      
          <TD><SELECT name=county> <OPTION
                    value= >Antrim</OPTION> <OPTION
                    value=Armagh>Armagh</OPTION> <OPTION
                    value=Carlow>Carlow</OPTION> <OPTION
                    value=Westmeath>Westmeath</OPTION> <OPTION
                    value=Wexford>Wexford</OPTION> <OPTION
                    value=Wicklow>Wicklow</OPTION> <OPTION>
               None of the Above</OPTION>
            </SELECT></TD></TR>


<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Country:</B></FONT></TD>
<TD><INPUT type="text" maxLength=45 size=45 name=country value="'.$row['country'].'"></TD></TR>

<TR><TD align=right bgcolor="#2696b8"><FONT color=white><B>Telephone No:</B></FONT></TD>
<TD><INPUT maxLength=45 size=45 name=telNo value ="'.$row['telNo'].'"></TD></TR>
              
<TR><TD align=right height=30 bgcolor="#2696b8"><FONT color=white><B>PayPal Email Address:</B></FONT></TD>
<TD><INPUT maxLength=45 size=45 name=paypalEmail value="'.$row['paypalEmail'].'"></TD></TR>
              
<TR><TD height=82></td>
<TD><CENTER><input name=submit type=submit value="Save">
<FONT color=navy></FONT></P></TD></TR></TBODY></TABLE></FORM>';
    
    }
}

?>[/code]

Share this post


Link to post
Share on other sites
Hi,

Place your [code]$query2[/code] inside your [code]if(isset($_POST['submittedUpdate']))[/code] condition, that should do the trick.

Your query is being run everytime your page loads and you need to re structure your codes a little bit, include all updateing in your POST condition.

hope that helps.

Share this post


Link to post
Share on other sites
And this is very unsecure. The user can modify the "GET" info and see & edit someone else's info... Use sessions.

Orio.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.