Here is the code, I search in the net for the UPDATE statement, and this is what I learned, but even if it doesn't make an error, it doesnt change the information in database.
update.inc.php:
<?php
session_start();
include '../data_base.php';
include 'header.php';
$first = $_POST['first'];
$last = $_POST['last'];
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$number = $_POST['number'];
$age = $_POST['age'];
$email = $_POST['email'];
$sql = "UPDATE user
SET first = $first, last = $last, uid = $uid, pwd = $pwd, number = $number, age = $age, email = $email
WHERE id = $id";
$result = mysqli_query($conn,$sql);
header("Location: ../index.php");
?>
update.php:
<?php
include 'header.php';
?>
<?php
if (isset($_SESSION['id'])) {
echo "You Can Edit Your Files!";
} else {
echo "You Need To Create An Account First!";
}
?>
<br><br><br>
<?php
if (isset($_SESSION['id'])) {
echo "<form action='includes/update.inc.php' method='POST'>
<input type='text' name='first' placeholder='FirstName'><br>
<input type='text' name='last' placeholder='LastName'><br>
<input type='text' name='uid' placeholder='UserName'><br>
<input type='password' name='pwd' placeholder='Password'><br>
<input type='text' name='number' placeholder='Telemóvel'><br>
<input type='text' name='age' placeholder='Idade'><br>
<input type='text' name='email' placeholder='Email'><br>
<button type='submit'>EDIT</button>
</form>";
}
?>
Need Help.
First enable error in your file and change your query with
$sql = "UPDATE user
SET first = '$first', last = '$last', uid = '$uid', pwd = '$pwd', number = '$number', age = '$age', email = '$email'
WHERE id = $id";
enable errors
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
Your code is open to sql injection so I would like to prefer to make use of prepared statement with mysqli(preferred is PDO one)
$sql = "UPDATE user
SET first = ?,
last = ?,
uid = ?,
pwd = ?,
number = ?,
age = ?,
email = ?
WHERE id = ?";
$stmt = $mysqli->prepare($sql);
// here s represnts string and i represents integer to the corresponding variable
// example $firstname is string, i $uid is integer
$stmt->bind_param("ssisiisi",$firstname,$lastname,$uid,$pwd,$number,$age,$email,$id);
$first = $_POST['first'];
$last = $_POST['last'];
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$number = $_POST['number'];
$age = $_POST['age'];
$email = $_POST['email'];
// in above your $id is missing
$id = $_POST["id"];
// now execute the statement now your database changes
$stmt->execute();
echo "Record updated successfylly";
header("Location: ../index.php");
Related
i'm creating a site for a client and i get an error message saying "undefined index". I'm trying to upload data to a database from 3 multi form pages and they are handled by cv.php.
The form details are stored on page 2
<?php
session_start();
if(isset($_SESSION['FirstName'])){
$_SESSION['FirstName'] = $_POST['FirstName'];}
if(isset($_SESSION['LastName'])){
$_SESSION['LastName'] = $_POST['LastName'];}
if(isset($_SESSION['dob'])){
$_SESSION['dob'] = $_POST['dob'];}
if(isset($_SESSION['Age'])){
$_SESSION['Age'] = $_POST['Age'];}
if(isset($_SESSION['AddressLine1'])){
$_SESSION['AddressLine1'] = $_POST['AddressLine1'];}
if(isset($_SESSION['AddressLine2'])){
$_SESSION['AddressLine2'] = $_POST['AddressLine2'];}
if(isset($_SESSION['City'])){
$_SESSION['City'] = $_POST['City'];}
if(isset($_SESSION['County'])){
$_SESSION['County'] = $_POST['County'];}
if(isset($_SESSION['PostCode'])){
$_SESSION['PostCode'] = $_POST['PostCode'];}
if(isset($_SESSION['Country'])){
$_SESSION['Country'] = $_POST['Country'];}
if(isset($_SESSION['Telephone'])){
$_SESSION['Telephone'] = $_POST['Telephone'];}
if(isset($_SESSION['Mobile'])){
$_SESSION['Mobile'] = $_POST['Mobile'];}
if(isset($_SESSION['Email'])){
$_SESSION['Email'] = $_POST['Email'];}
?>
Page 3
<?php
session_start();
if(isset($_SESSION['Skills'])) {
$_SESSION['Skills'] = $_POST['Skills'];}
if(isset($_SESSION['ReasonApp'])){
$_SESSION['ReasonApp'] = $_POST['ReasonApp'];}
if(isset($_SESSION['WorkName'])){
$_SESSION['WorkName'] = $_POST['WorkName'];}
if(isset($_SESSION['WorkDesc'])){
$_SESSION['WorkDesc'] = $_POST['WorkDesc'];}
if(isset($_SESSION['W_AddressLine1'])){
$_SESSION['W_AddressLine1'] = $_POST['W_AddressLine1'];}
if(isset($_SESSION['W_AddressLine2'])){
$_SESSION['W_AddressLine2'] = $_POST['W_AddressLine2'];}
if(isset($_SESSION['W_City'])){
$_SESSION['W_City'] = $_POST['W_City'];}
if(isset($_SESSION['W_Telephone'])){
$_SESSION['W_Telephone'] = $_POST['W_Telephone'];}
?>
And my CV.php
<?
session_start();
ini_set('display_errors',1);
error_reporting(E_ALL);
//include connection profile
require_once("Sql/con.php");
include("config.php");
//declare variables with sessions
$FirstName = $_SESSION['FirstName'];
$LastName = $_SESSION['LastName'];
$dob = $_SESSION['dob'];
$Age = $_SESSION['Age'];
$AddressLine1 = $_SESSION['AddressLine1'];
$AddressLine2 = $_SESSION['AddressLine2'];
$PostCode = $_SESSION['PostCode'];
$City = $_SESSION['City'];
$County = $_SESSION['County'];
$Country = $_SESSION['Country'];
$Mobile = $_SESSION['Mobile'];
$Telephone = $_SESSION['Telephone'];
$Email = $_SESSION['Email'];
$Skills = $_SESSION['Skills'];
$ReasonApp = $_SESSION['ReasonApp'];
$SchoolName = $_SESSION['SchoolName'];
$Course = $_SESSION['Course'];
$Certificate = $_SESSION['Certificate'];
$DateFrom = $_SESSION['DateFrom'];
$DateTo = $_SESSION['DateTo'];
$CollName = $_SESSION['CollName'];
$CollQualification = $_SESSION['CollQualification'];
$CollYear = $_SESSION['CollYear'];
$WorkName = $_SESSION['WorkName'];
$WorkDesc = $_SESSION['WorkDesc'];
$W_AddressLine1 = $_SESSION['W_AddressLine1'];
$W_AddressLine2 = $_SESSION['W_AddressLine2'];
$W_PostCode = $_SESSION['PostCode'];
$W_City = $_SESSION['City'];
$W_Telephone = $_SESSION['Telephone'];
//database connection
$dblink = mysqli_connect($mysql_host,$mysql_user,$mysql_pw,$mysql_db) OR DIE ("Unable to
connect to database! Please try again later.");
//inserting information into tables
$order = "INSERT INTO CV_personal
(FirstName,LastName,dob,Age,AddressLine1,AddressLine2,PostCode,City,County,Country,Mobile,Telephone,Email,Skills,ReasonApp,SchoolName,Course,Certificate,DateFrom,DateTo,CollName,CollQualification,CollYear,WorkName,WorkDesc,W_AddressLine1,W_AddressLine2,W_City,W_Telephone)
VALUES
('$FirstName',
'$LastName',
'$dob',
'$Age',
'$AddressLine1',
'$AddressLine2',
'$PostCode',
'$City',
'$County',
'$Country',
'$Mobile',
'$Telephone',
'$Email',
'$Skills',
'$ReasonApp',
'$SchoolName',
'$Course',
'$Certificate',
'$DateFrom',
'$DateTo',
'$CollName',
'$$CollQualification',
'$ColYear',
'$WorkName',
'$WorkDesc',
'$W_AddressLine1',
'$W_AddressLine2',
'$W_PostCode',
'$W_City',
'$W_Telephone',)";
//declare in the order variable
$result = mysqli_query($dblink, $order); //order executes
?>
On my final page do i need to had my form into the session because i declared a variable for them on Cv.php ?
Thank you
In your first two blocks of code, you should be checking if the $_POST[...] is set, not the $_SESSION[...] because that it what you are assigning, so it won't cause an error.
On CV.php you should check whether the $_SESSION[...] exists before assigning it to a variable or else it WILL cause an error.
Tip:
If you are going to name your variables exactly the name of all your keys in the $_SESSION array. You can just substitute you many lines with this single line:
extract($_SESSION);
More on extract: http://www.php.net/extract
I am trying to update user profile by overwriting current data in the MySql.
It isn't working properly its stating it echos my "the name doesn't exist"
Here is my php code:
``````
<?php
// see if the form has been completed
session_start();
include_once("php_includes/check_login_status.php");
include_once("php_includes/db_conx.php");
// Initialize any variables that the page might echo
$u = "";
$firstname = "";
$surname = "";
$gender = "Male";
$country = "";
$weight = "";
$height = "";
$password = "";
$password2 = "";
if(isset($_GET["u"])){
$u = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
}
$sql = "SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// check if the user exists in the database
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$firstname = $row["firstname"];
$surname = $row["surname"];
$weight = $row["weight"];
$height = $row["height"];
$email = $row["email"];
$gender = $row ["gender"];
}
if (isset($_POST['submit'])){
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$weight = $_POST['weight'];
$height = $_POST['height'];
$email = $_POST['email'];
$gender = $_POST['gender'];
mysql_connect ("localhost","root","pass123"); mysql_select_db('worldoi5_social');
// check if that user exist
$exists = mysql_query ("SELECT * FROM users WHERE username='$u' ") or die ("query cant connect");
if (mysql_num_rows ($exists) != 0) {
// update the description in the database
mysql_query("UPDATE users SET firstname='$firstname', surname='$surname', weight='$weight', height='$height' WHERE username='$u'") or die ("update could not be applied");
echo "successful";
} else echo "the name does not exist";
}
?>
I have made the code work with less code, but since i have added more it stopped working, and the data reads fine, I do not see the errors or mistake.
here is a bit of the HTML aswell:
<form action="user1.php" method="POST">
<div>
<p>First Name: <input type="text" name="firstname" id="firstname" value="<?=$firstname?>"></p>
<p>Surname: <input type="text" name="surname" id="surname" value="<?=$surname?>"></p>
<p>Weight: <input type="text" name="weight" id="weight" value="<?=$weight?>"></p>
<p>Height: <input type="text" name="height" id="height" value="<?=$height?>"></p>
<p> <input type="submit" name="submit" id="submit" value="Update Description"></p>
</div>
</form>
</body>
I figured out the answer:
from the php code line
$exists = mysql_query ("SELECT * FROM users WHERE username='$u' ")
the single and double quots where messed up so i had to use it like this;
$exists = mysql_query ("SELECT * FROM users WHERE firstname='" . $firstname . "'")
then it read it properly also i decided to use firstname as the selective
I have created a social website, so far everything is good with the loggin and logout etc... but when it comes to the edit profile page I cant figure out my error can somebody suggest whats wrong or is there a better way to approach this Update Profile page.
The error I am getting is:
Parse error: syntax error, unexpected '$firstname' (T_VARIABLE) in C:\wamp\www\change.php on line 28
My PHP code:
<?php
session_start();
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
}
else {
echo "You have not signed in";
}
?>
<?php
include_once ("php_includes/db_conx.php");
$sql = "SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$username = $row["surname"];
$firstname = $row["firstname"];
$surname = $row["surname"];
$weight = $row["weight"];
$height = $row["height"];
}
function filter($date)
{
return trim(htmlspecialchars($date));
}
$username = filter($_POST['username'])
$firstname = filter($_POST['firstname'])
$surname = filter($_POST['surname'])
$weight = filter($_POST['weight'])
$height = filter($_POST['height'])
if (username)
{
$sql = mysql_query ("UPDATE users SET username='$username', firstname='$firstname', surname='$surname', weight='$weight', height='$height' WHERE username='$username'")
or die (mysql_error());
}
?>
<form action="change.php" method="post">
Username: <input type="text" name="username"><br />
Firstname: <input type="text" name="firstname"><br />
Surname: <input type="text" name="surname"><br />
weight: <input type="text" name="weight"><br />
height: <input type="text" name="height"><br />
<input type="submit" value="Submit">
</form>
$username = filter($_POST['username']);
$firstname = filter($_POST['firstname']);
$surname = filter($_POST['surname']);
$weight = filter($_POST['weight']);
$height = filter($_POST['height']);
You need to terminate each statement/ line with ;
$sql = mysql_query ("UPDATE users SET weight='$weight', height='$height' WHERE username='$username'")
i think you have to create like this
$sql = mysql_query ('UPDATE users SET username ="'.$username.'" WHERE username="'.$username.'"');
$sql = mysql_query ('UPDATE users SET firstname="'.$firstname.'" WHERE username = "'.$username.'"');
$sql = mysql_query ('UPDATE users SET surname="'.$surname.'" WHERE username = "'.$username.'"');
$sql = mysql_query ('UPDATE users SET weight='".$weight."' WHERE username = "'.$username.'"');
$sql = mysql_query ('UPDATE users SET height="'.$height.'" WHERE username="'.$username'"');
paste this codes.
You need to terminate each line of code with a semicolon. Line 27 (and the next four lines) are missing the semicolon.
I am new here, and I am continuing previous developer website for the client.
This web will sent an verification email for user after the user sign up for member in the web.
The email is send to the user but my problem now is that the verification doesn't work. When the user click on the verification link, it's does link to the verification.php but show a blank page.
I don't know where is the problem.
This is the account_verification.php file:
session_start();
require_once 'cms/configuration.php';
$username = $_GET['e_username'];
$key = $_GET['key'];
$sql = "SELECT * FROM member WHERE username = '$username'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$memberID = $row['id'];
if ($key == md5($username.$row['id']))
{
$sql = "UPDATE member SET verified = '1' WHERE id = '{$row['id']}'";
$result = mysql_query($sql);
echo ' <script type="text/javascript">
alert("Your account is activated.");
window.location = "homepage.php";
</script>';
}
?>
And this is the membersignup.php file:
<?php
session_start();
require_once 'cms/configuration.php';
include "includes/phpmailer.php";
foreach ($_POST as $key => $value)
{
$_POST[$key] = $value;
}
$e_username = trim($_POST['username']);
$password = $_POST['password'];
$ic_no = $_POST['ic_no'];
$email = $_POST['email'];
$dob = $_POST['dob'];
$contact = $_POST['contact'];
$address = $_POST['address'];
$comp_name = $_POST['comp_name'];
$comp_address = $_POST['comp_address'];
$comp_contact = $_POST['comp_contact'];
$comp_fax = $_POST['comp_fax'];
$comp_email = $_POST['comp_email'];
$about_us = $_POST['about_us'];
$datetime = $_POST['datetime'];
;
$result = mysql_query("SELECT username FROM member WHERE username='$e_username'");
$num_records = mysql_num_rows($result);
if ($num_records !=0){
echo "Please use different username.";
exit();
}
$sql = sprintf("INSERT INTO member (username, password, ic_no,email, birthday, contact, address, company_name, company_address, company_contact, company_fax, company_email, about_us, register_date)
VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s',NOW())",
mysql_real_escape_string($e_username),
md5($password),
mysql_real_escape_string($ic_no),
mysql_real_escape_string($email),
mysql_real_escape_string($dob),
mysql_real_escape_string($contact),
mysql_real_escape_string($address),
mysql_real_escape_string($comp_name),
mysql_real_escape_string($comp_address),
mysql_real_escape_string($comp_contact),
mysql_real_escape_string($comp_fax),
mysql_real_escape_string($comp_email),
mysql_real_escape_string($about_us),
mysql_real_escape_string($datetime)
);
$result = mysql_query($sql) or die(mysql_error());
$insertID = mysql_insert_id();
$key = md5($_POST['username'].$insertID);
$link = "http://___/account_verification.php?username={$_POST['username']}&key=$key";
$body = "<div>
<p style='padding:10px;'>
Hello {$_POST['username']}!
</p>
<p style='padding:10px;'>
Thank you for creating an account at ___.
</p>
<p style='padding:10px;'>
Please keep this e-mail for your records. Your account information is as follows:<br/>
Username : $e_username <br/>
Password : {$_POST['password']}
</p>
<p style='padding:10px;'>
Verify your account to complete your registration by clicking the link:<br/>
<a href='$link' target='_blank'>$link</a>
</p>
<p style='padding:10px;'> </p>
<p style='padding:10px;'>
Thanks,<br/>Admin
</p>
</div>";
$subject = "Member Registration and Verification";
if ($result)
{
$sendMailResult = sendPHPMail('noreply#___.com', '___', $_POST['email'], $subject, $body);
if($sendMailResult == TRUE)
echo 1;
else
echo "There's problem sending validation mail to your email. Please try again later.";
}
else
{
echo "There's problem saving your registration details to our database. Please try again later.";
}
?>
Can anyone help me to find what is the problem here?
You are searching for a user that matches $username = $_GET['e_username']; when you are actually only sending in the url username
So, your account_verification.php should be
session_start();
require_once 'cms/configuration.php';
$username = $_GET['username'];
$key = $_GET['key'];
$sql = "SELECT * FROM member WHERE username = '$username'";
etc ...
And your link to this script should be as follows: (note: your username variable is changed to $_POST['e_username']
$link = "http://___/account_verification.php?username={$_POST['e_username']}&key=$key";
Hi Guys I am having a problem that when adding form data into a database. For some reason the data is not inserted. here is my code:
<?php include_once 'secure/connect.php'; ?>
<?php
$name = "Your Name";
$email = "Your Best Email";
$msg_to_user = "";
if ($_POST['name'] != ""){
//Be sure to filter this data to deter SQL injection
$name = $_POST['name'];
$name = stripslashes($name);
$name = strip_tags($name);
$email = $_POST['email'];
$email = stripslashes($email);
$email = strip_tags($email);
$sql = mysql_query("SELECT * FROM newsletter WHERE email='$email'");
$numRows = mysql_num_rows($sql);
if(!$email){
$msg_to_user = '<h4><font color="FF0000">Please Type an email address ' . $name . '</font></h4>';
} else if ($numRows > 0) {
$msg_to_user = '<h4><font color="FF0000">' . $email . ' is already in our system</font></h4>';
} else {
$sql_insert = mysql_query("INSERT INTO newsletter (name, email, dateTime) VALUES ('$name', '$email', now())") or die (mysql_error());
$msg_to_user = '<h4><font color="0066FF">Thanks' . $name . ', You have been added successfully</font></h4>';
$name = "";
$email = "";
}
}
?>
And my html form looks like this:
<div class="topForm">
<H3 style="text-align:center">SIGN UP FOR OUR NEWSLETTER</H3>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="text" name="name" value="<?php echo $name; ?>"/>
<input type="text" name="email" value="<?php echo $email; ?>"/><br/>
<input name="mySubmitBtn" type="submit" value="SUBMIT">
<?php echo $msg_to_user; ?>
</form>
</div>
Many thanks in advance all
Phillip
This is what I have now and nothing is still working...
<?php
$name = "Your Name";
$email = "Your Best Email";
$msg_to_user = "";
if ($_POST['name'] != ""){
include_once 'secure/connect.php';
//Be sure to filter this data to deter SQL injection
$name = $_POST['name'];
$name = stripslashes($name);
$name = strip_tags($name);
$email = $_POST['email'];
$email = stripslashes($email);
$email = strip_tags($email);
$sql = mysql_query("SELECT * FROM newsletter WHERE email='$email'");
$numRows = mysql_num_rows($sql);
if(!$email){
$msg_to_user = '<h4><font color="FF0000">Please Type an email address ' . $name . '</font></h4>';
} else if ($numRows > 0) {
$msg_to_user = '<h4><font color="FF0000">' . $email . ' is already in our system</font></h4>';
} else {
$sql_insert = mysql_query("INSERT INTO newsletter (name, email) VALUES ('".$name."', '".$email."')") or die (mysql_error());
$msg_to_user = '<h4><font color="0066FF">Thanks' . $name . ', You have been added successfully</font></h4>';
$name = "";
$email = "";
}
}
?>
without regard to other errors or inconsistencies. also let me note that you should use mysqli or pdo. but php uses time()
$sql_insert = mysql_query("
INSERT INTO newsletter
(name, email, dateTime)
VALUES
('$name', '$email', ".time().")
");
or if you want a date time instead of the timestamp you can use the date() function.
You have to change now() from your code. And Use Following code.
$time = time() ;
$sql_insert = mysql_query("INSERT INTO newsletter (name, email, dateTime) VALUES ('".$name."', '".$email."', '".$time."' )") or die (mysql_error());
make sure you are connected to the database ! see what echo mysql_error(); says
if a form was submitted, catch the values, and then sanitize
insert query
ps: see what the following do:
if(isset($_POST['name']) ...
echo mysql_insert_id();
time() not now()
see the id of the new data inserted
your code, should work, if you follow these steps, and if you are connected to the database