melissal Posted April 26, 2006 Share Posted April 26, 2006 I just built a site with a login system...got it out of a book and edited it slightly to make it work...The problem that I just found, is that when you log in, you can change postings...Something is happening so that when you click to change a posting, then click on the Account button to see your account info, it switches to another person's info...depending on what page you click on before going to your Account page, the account info will be different...Any ideas on how to fix this?Thanks! Quote Link to comment Share on other sites More sharing options...
Yesideez Posted April 26, 2006 Share Posted April 26, 2006 Please post the offending script here and surround it with the CODE tags to help keep it readable. Quote Link to comment Share on other sites More sharing options...
melissal Posted April 26, 2006 Author Share Posted April 26, 2006 It doesn't start messing up until i get to the product_edit.php page....Thanks.[code]<?php include('require.php'); include('include/HTML_header.php');?><table id="table_main" class="table_main"> <tr> <td colspan="4"> <?php include('include/header.php'); ?> </td> </tr> <tr> <td id="table_left" width="150px" align="left"> <?php category_list_by_price(); ?><br /> <?php category_list(); ?><br /> <?php searchform(); ?> </td> <td width="20px"> </td> <td id="table_content" width="560px" align="left"> <!-----------------------------------THE CONTENT GOES BELOW THIS LINE-----------------------------------><?php //if($_SESSION['user_id']=='user_id'){// This page edits a product.// This page is accessed through view_products.php.// Check for a valid product ID, through GET or POST.if ( (isset($_GET['product_id'])) && (is_numeric($_GET['product_id'])) ) { // Accessed through view_products.php $product_id = $_GET['product_id'];} elseif ( (isset($_POST['product_id'])) && (is_numeric($_POST['product_id'])) ) { // Form has been submitted. $product_id = $_POST['product_id'];} else { // No valid ID, kill the script. echo '<div class="titletext">Page Error 37</div> <p class="error">This page has been accessed in error.</p><p><br /><br /></p>'; //include ('./includes/footer.html'); echo "</td></tr></table>"; include('include/loginfooter2.php'); exit();}require_once ('../mysql_connect.php'); // Connect to the db.// Check if the form has been submitted.if (isset($_POST['submitted'])) { $errors = array(); // Initialize error array. // Check for a product title. if (empty($_POST['product_title'])) { $errors[] = 'You forgot to enter a product title.'; } else { $product_title = escape_data($_POST['product_title']); } // Check for a description. if (empty($_POST['product_description'])) { $errors[] = 'You forgot to enter a description.'; } else { $product_description = escape_data($_POST['product_description']); } if (empty($errors)) { // If everything's OK. // Test for unique email address. $query = "SELECT product_title,product_id FROM products WHERE product_id='$product_id'"; $result = mysql_query($query); if (mysql_num_rows($result) != 0) { // Make the query. $query = "UPDATE products SET product_title='$product_title', product_description='$product_description', product_user_id='$user_id', product_category_id='$category_id', product_price_id='$price_id' WHERE product_id=$product_id"; $result = @mysql_query ($query); // Run the query. if (mysql_affected_rows() == 1) { // If it ran OK. // Print a message. echo '<div class="titletext">Edit a Product</div> <p>The product has been edited.</p><p><br /><br /></p>'; } else { // If it did not run OK. echo '<div class="titletext">System Error</div> <p class="error">You must make a change to the information in order to submit.</p>'; // Public message. //echo '<p>' . mysql_error() . '<br /><br />Query: ' . $query . '</p>'; // Debugging message. //include ('./includes/footer.html'); echo "</td></tr></table>"; include('include/loginfooter2.php'); exit(); } } else { // Already registered. echo '<div class="titletext">Error!</div> <p class="error">An error has occured...Please try again later.</p>'; } } else { // Report the errors. echo '<div class="titletext">Error!</div>'; foreach ($errors as $msg) { // Print each error. echo " - $msg<br />\n"; } echo '</p><p>Please try again.</p><p><br /></p>'; } // End of if (empty($errors)) IF.} // End of submit conditional.// Always show the form.// Retrieve the product's information.$query = "SELECT products.product_title,products.product_description,products.product_user_id,products.product_category_id,products.product_price_id,products.product_price,users.user_id,users.first_name,users.last_name, category.category_id,category.category_name,price.price_id,price.price_name FROM products,users,category,price WHERE products.product_id=$product_id AND products.product_user_id=users.user_id AND products.product_category_id=category.category_id AND products.product_price_id=price.price_id"; $result = @mysql_query ($query); // Run the query.if (mysql_num_rows($result) == 1) { // Valid product ID, show the form. // Get the product's information. $row = mysql_fetch_array ($result, MYSQL_NUM); // Create the form. echo '<div class="titletext">Edit a Product</div><br /><form action="product_edit.php" method="post"><table> <tr> <td width="120">Product Title:</td> <td width="200"><input type="text" name="product_title" size="30" value="' . $row[0] . '" /></td> </tr> <tr> <td>Description:</td> <td><textarea name="product_description" cols="25" rows="5">' . $row[1] . '</textarea></td> </tr> <tr> <td>User:</td> <td><select name="user_id">'; $query = "SELECT user_id,first_name,last_name,email FROM users ORDER BY first_name ASC"; $result = mysql_query($query,$connect); for($i=0;$i<mysql_num_rows($result);$i++){ list($user_id,$first_name,$last_name,$email)=mysql_fetch_row($result); echo "<option value='$user_id'>$first_name $last_name</option>"; } echo '</select></td> </tr> <tr> <td>Category:</td> <td><select name="category_id">'; $query = "SELECT category_id,category_name FROM category ORDER BY category_name ASC"; $result = mysql_query($query,$connect); for($i=0;$i<mysql_num_rows($result);$i++){ list($category_id,$category_name)=mysql_fetch_row($result); echo "<option value='$category_id'>$category_name</option>"; } echo '</select></td> </tr> <tr> <td>Price:</td> <td><select name="price_id">'; $query = "SELECT price_id,price_name FROM price ORDER BY price_name ASC"; $result = mysql_query($query,$connect); for($i=0;$i<mysql_num_rows($result);$i++){ list($price_id,$price_name)=mysql_fetch_row($result); echo "<option value='$price_id'>$price_name</option>"; } echo '</select></td> </tr> <tr> <td>Price:</td> <td><input type="text" name="product_price" size="30" maxlength="30" value="' . $row[5] . '" /></td> </tr> <tr> <td><input type="submit" name="submit" value="Submit" /></td> </tr></table><input type="hidden" name="submitted" value="TRUE" /><input type="hidden" name="product_id" value="' . $product_id . '" /></form>';} else { // Not a valid product ID. echo '<div class="titletext">Page Error 181</div> <p class="error">This page has been accessed in error.</p><p><br /><br /></p>';}/*}else{ echo "You are not authorized to view this page.";}*/?><!-----------------------------------THE CONTENT GOES ABOVE THIS LINE-----------------------------------> </td> <td width="20px"> </td> </tr></table><?php include('include/loginfooter2.php'); ?>[/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.