I'm trying to update user profile with session. Suppose, the user profile page will update accordingly to the profile of the logged in user. Here's the sample code of user_profile.php:-
<?php
session_start();
ob_start();
include("../function/dbconnect.php");
include("header.php");
?>
<html>
<body>
<?php
if(isset($_SESSION['VALID_USER'])){
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$s=mysql_query("UPDATE tbl_staffs SET username='$username', password='$password' WHERE username='".mysql_real_escape_string($_SESSION["VALID_USER"])."'");
if ($s)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_profile.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_profile.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE username='".mysql_real_escape_string($_SESSION["VALID_USER"])."' AND user_levels = '".mysql_real_escape_string('1')."'");
$query2=mysql_fetch_array($query1);
?>
<form action="user_profile.php" method="POST">
<div>Your Profile</div>
<table border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td><div>Username:</div></td>
<td><input type="text" name="username" value="<?php echo $query2['username']; ?>" /></td>
</tr>
<tr>
<td><div align="left" id="tb-name">Password:</div></td>
<td><input type="text" name="password" value="<?php echo $query2['password']; ?>" /></td>
</tr>
</table>
<input type="submit" name="submit" value="Update" />
</form>
<?php
// close while loop
}}
?>
<?php
// close connection;
mysql_close();
?>
</br>
</body>
</html>
The page returns blank. There are several other codes that I'm working on for the user_profile.php page too but, the results that I get are the same... I used below codes for admin to update user profile.
include('function/dbconnect.php');
if(isset($_GET['id']))
{
$id=$_GET['id'];
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$user_type = $_POST['user_type'];
$query3 = mysql_query("UPDATE tbl_staffs
SET username='$username', email='$email', password='$password', WHERE id='$id'");
if ($query3)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_list.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_list.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE id='$id'");
$query2=mysql_fetch_array($query1);
<form method="post">
<tr>
<td><b>Username:</b></td><td><input type="text" name="username" style="width:255px" value="<?php echo $query2['username']; ?>" /></td>
</tr>
<tr>
<td><b>Email:</b></td><td><input type="text" name="email" style="width:255px" value="<?php echo $query2['email']; ?>" /></td>
</tr>
<tr>
<td><b>Password:</b></td><td><input type="text" name="password" style="width:255px" value="<?php echo $query2['password']; ?>" /></td>
</tr>
<tr>
<td colspan="2" align="right">
<br />
<span title="Click to update the user details"><input type="submit" name="submit" value="Update" /></span>
</td>
</tr>
</table>
</form>
<?php
}
?>
Apparently, it works fine as it is. Though, when I tried to imply the codes for user so that they can update their own profile, the codes won't work. Where am I doing it wrong?
first check your session is exist or not and then replace ".mysql_real_escape_string($_SESSION["VALID_USER"])." in your query by a variable like
$VALID_USER=mysql_real_escape_string($_SESSION["VALID_USER"]);
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$s=mysql_query("UPDATE tbl_staffs SET username='$username', password='$password' WHERE username='$VALID_USER");
if ($s)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_profile.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_profile.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE username='$' AND user_levels = '".mysql_real_escape_string('1')."'");
$query2=mysql_fetch_array($query1);
Related
I have a form and successfully connect them to the database.
Now I'm trying to update the data. Unfortunately, nothing happened when I click the submit button. I'm sure I miss something. Please help me, thank you.
config.php :
<?php
$conn=odbc_connect("dsn", "", "");
if (!$conn)
{
exit("Connection Failed : " . $conn);
}
?>
This is my code :
<?php
include "config.php";
ini_set('error_reporting', E_ALL);
error_reporting(-1);
$sql = odbc_exec( $conn, "SELECT
UserId,
UserName,
UserEmail
FROM DBA.tblUser
WHERE UserId='".$_GET['UserId']."'");
if(isset($_POST['submit']))
{
$UserId=$_POST["UserId"];
$UserName=$_POST["UserName"];
$UserEmail=$_POST["UserEmail"];
//UPDATE
$stmt = odbc_exec( $conn,
"UPDATE DBA.tableUsers SET
UserName = '$UserName',
UserEmail ='$UserEmail'
WHERE UserId=$UserId");
if ($stmt) {
echo "Update Success";
echo $UserName;
echo $UserEmail;
} else {
"Error : " . odbc_errormsg();
}
}
?>
Form :
<form class="form" method="post">
<tr>
<td class = "userid">User ID</td>
<td><?php echo $UserId = odbc_result($sql,'UserId'); ?></td>
</tr>
<tr>
<td class = "name">User Name<span class="required"> * </span></td>
<td><input type="text" name="UserName" value="<?php echo $UserName = odbc_result($sql,'UserName'); ?>"></td>
</tr>
<tr>
<td class = "email">Email<span class="required"> * </span></td>
<td><input type="text" name="UserEmail" value="<?php echo $UserEmail = odbc_result($sql,'UserEmail'); ?>"></td>
</tr>
<button name="submit" type="submit" value ="submit" >Update</button>
</form>
Replace
$UserName=$_POST["UserName"];
With
$UserName=$_POST["UserId"];
Why? Simply because in your form, you have name as UserId and not UserName
<input type="text" name="UserId" value="<?php echo $UserName = odbc_result($sql,'UserName'); ?>"></td>
I managed to get the answer with the same concept and variable.
config.php :
<?php
$conn=odbc_connect("dsn", "", "");
if ($conn) {
echo "Connected";
}
if (!$conn) {
exit("Connection Failed : " . $conn);
}
?>
code :
<?php
include "config.php";
$sql = odbc_exec( $conn, "SELECT
UserId,
UserName,
UserEmail
FROM DBA.tblUser
WHERE UserId='".$_GET['UserId']."'");
if(isset($_POST['submit'])) {
$UserName=$_POST["UserName"];
$UserEmail=$_POST["UserEmail"];
$stmt = odbc_exec($conn,
"UPDATE DBA.tblUser SET
UserName = '$UserName',
UserEmail ='$UserEmail'
WHERE UserId='".$_GET['UserId']."'");
if ($stmt) {
echo "Update Successfull";
echo $UserName;
echo $UserEmail;
}
else {
"Error : " . odbc_errormsg();
}
}
?>
html :
<!DOCTYPE html>
<html>
<head>
<title>Administration</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="css/userpage.css" media="screen"/>
<body>
<content>
<div class="user-form">
<div class="user-form-heading">Update User</div><br>
<form class="form" method="post">
<h><table class ="user">
<!-- .................................. Updatable ....................................... -->
<tr>
<td class = "name">User Name<span class="required"> * </span></td>
<td><input type="text" name="UserName" value="<?php echo $UserName = odbc_result($sql,'UserName'); ?>"></td>
</tr>
<tr>
<td class = "userid">User Id</td>
<td><?php echo $UserId = odbc_result($sql,'UserId'); ?></td>
</tr>
<tr>
<td class = "email">Email<span class="required"> * </span></td>
<td><input type="text" name="UserEmail" value="<?php echo $UserEmail = odbc_result($sql,'UserEmail'); ?>"></td>
</tr>
<tr>
<td>
<f><button name="submit" type="submit" value ="submit" >UPDATE</button></f>
</table>
</form>
</div>
</content>
</body>
</head>
</html>
I am trying to create a sign up sheet for an assignment but i am having difficulty as i have to allow for admin rights so i decide to create a column called administrator in my table as a boolean ie true or false. on my sign up sheet i wish to use a checkbox if its checked they are an administrator if not then they are not.
how can i make the check box = 1 or 0 to the mysql statment?
here is the code for sign up:
<form method="POST" action="new-user 2.php">
<td>Full Name</td><td>
<input type="text" name="name"></td>
</tr>
<tr>
<td>Email</td>
<td>
<input type="text" name="email"></td>
</tr>
<tr>
<td>UserName</td>
<td>
<input type="text" name="user">
</td> </tr>
<tr>
<td>Password</td>
<td>
<input type="password" name="pass">
</td>
</tr>
<tr>
<td>Confirm Password </td>
<td><input type="password" name="cpass">
</td>
</tr>
</tr>
<tr>
<td>Administrator </td>
<td><input type="checkbox" name="cbox" />
</td>
</tr>
<tr>
<td>
<input id="button" type="submit" name="submit" value="Register">
</td>
</tr>
</form>
</table>
</fieldset>
</div>
</div>
</body>
</html>
<?php
if(isset($_POST['cbox']))
{
$administrator ='1';
}
else
{
$administrator ='0';
}
?>
Thank you
Update:
The new user2.php code is as follows:
require_once('connection.php');
function NewUser()
{
#$salt = 'sadfh9832asd34rf28asjvddap';
#$crypt = crypt ($salt .$password);
$fullname = $_POST['name'];
$userName = $_POST['user'];
$email = $_POST['email'];
$administrator =$_POST['administrator'];
#$password = crypt($_POST['pass']);
$password = md5($_POST['pass']);
echo "<hr>".$_POST['pass'] . "=[$password]<hr>";
#$password = stripslashes($password);
#$password = mysql_real_escape_string($password);
$query = "INSERT INTO `WebsiteUsers`(`fullname`, `userName`, `email`, `pass`, `administrator`) VALUES ('$fullname','$userName','$email','$password', 'administrator')";
$data = mysql_query ($query)or die(mysql_error());
echo "<hr>$query<hr>";
if($data)
{
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
function SignUp()
{
if(!empty($_POST['user'])) //checking the 'user' name which is from Sign-Up.html, is it empty or have some text
{ $query = mysql_query("SELECT * FROM WebsiteUsers WHERE userName = '$_POST[user]'
AND pass = '$_POST[pass]'") or die(mysql_error());
if(!$row = mysql_fetch_array($query) or die(mysql_error()))
{
newuser();
}
else
{
echo "SORRY...YOU ARE ALREADY A REGISTERED USER..."; }
}
}
if(isset($_POST['submit']))
{
SignUp();
}
#header("location:index.html");
?>
<?php
$cookie_name = "cookieuser";
$cookie_value = $fullname;
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
?>
Give a value to the checkbox like this
<input type="checkbox" name="cbox" value="1" />
Then check if that value is assigned to the $_POST variable like this.
if($_POST['cbox'] == '1')
Complete code is listed below. I have done some modifications.
<form method="POST" action="new-user 2.php">
<td>Full Name</td><td>
<input type="text" name="name"></td>
</tr>
<tr>
<td>Email</td>
<td>
<input type="text" name="email"></td>
</tr>
<tr>
<td>UserName</td>
<td>
<input type="text" name="user">
</td> </tr>
<tr>
<td>Password</td>
<td>
<input type="password" name="pass">
</td>
</tr>
<tr>
<td>Confirm Password </td>
<td><input type="password" name="cpass">
</td>
</tr>
</tr>
<tr>
<td>Administrator </td>
<td><input type="checkbox" name="cbox" value="1" />
</td>
</tr>
<tr>
<td>
<input id="button" type="submit" name="submit" value="Register">
</td>
</tr>
</form>
</table>
</fieldset>
</div>
</div>
</body>
</html>
<?php
if(isset($_POST['cbox']))
{
if($_POST['cbox'] == '1'){
$administrator ='1';
}else{
$administrator ='0';
}
}else
{
$administrator ='0';
}
?>
Per your form elemenet, <form method="POST" action="new-user 2.php"> this script is submitting to new-user 2.php. If this page is new-user 2.php then $administrator will be 1 or 0 (as a string).
If this page is not new-user 2.php then this check:
<?php
if(isset($_POST['cbox']))
{
$administrator ='1';
}
else
{
$administrator ='0';
}
?>
will not run, because the PHP only executes on page load; it is not available once the page has loaded.
$_POST['cbox'] is either going to have the value of on or not be set.
You can see all values being submitted by outputting the POST after the form is submitted with this, print_r($_POST);.
If this is new-user 2.php then please update your question to where the usage of $administrator can be seen.
Per your update code the issue is you are checking the wrong form element. Your form element is cbox, not administrator. You also are open to SQL injections with this code and are using the deprecated driver, mysql_. You should switch up to mysqli or pdo.
On to your code... Your NewUser function should be updated to:
function NewUser()
{
#$salt = 'sadfh9832asd34rf28asjvddap';
#$crypt = crypt ($salt .$password);
$fullname = mysql_real_escape_string($_POST['name']);
$userName = mysql_real_escape_string($_POST['user']);
$email = mysql_real_escape_string($_POST['email']);
$administrator = isset($_POST['cbox']) ? 1 : 0;
#$password = crypt($_POST['pass']);
$password = md5($_POST['pass']);
echo "<hr>".$_POST['pass'] . "=[$password]<hr>";
#$password = stripslashes($password);
#$password = mysql_real_escape_string($password);
$query = "INSERT INTO `WebsiteUsers`(`fullname`, `userName`, `email`, `pass`, `administrator`) VALUES ('$fullname','$userName','$email','$password', $administrator)";
$data = mysql_query ($query)or die(mysql_error());
echo "<hr>$query<hr>";
if($data)
{
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
Note the escaping and $administrator = isset($_POST['cbox']) ? 1 : 0;.
It seems my code doesn't show the query after using the edit function of my system and after pressing the save/submit button, Im trying to use the variable passing through the url and using the $_GET to show only the user's own account, I know my code has a conflict around the update statement of Mysql, Please help.
My question is: How do I make the query appear after pressing the save button in the form?
Here is my code:
<?PHP
include ("dbcon1.php");
//GET THE VARIABLE USERNAME THROUGH THE URL
$username=$_GET['username'];
?>
<html>
<head>
</head>
<body>
<form method="post">
<table>
<?PHP
//GETS ONLY THE QUERY DEPENDING ON THE URL (edit2.php?USERNAME=$USERNAME)
$customerquery=mysql_query("select * from customerinfo where username='$username'");
$customerrows=mysql_fetch_array($customerquery);
?>
//FORM THAT HAS THE USER'S INFORMATION
<tr><td>First name:</td><td><input type="text" name="fname" value="<?PHP echo $customerrows['fname'];?>"></td></tr>
<tr><td>Last name:</td><td><input type="text" name="lname" value="<?PHP echo $customerrows['lname'];?>"></td></tr>
<tr><td>Address:</td><td><input type="text" name="address" value="<?PHP echo $customerrows['address'];?>"></td></tr>
<tr><td>Contact Number:</td><td><input type="text" name="contactno" value="<?PHP echo $customerrows['contactno'];?>"></td></tr>
<tr><td>Username:</td><td><input type="text" name="username" value="<?PHP echo $customerrows['username'];?>"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" value="<?PHP echo $customerrows['password'];?>"></td></tr>
//SAVE BUTTON
<tr><td><input type="submit" name="submit" value="Save"></td></tr>
</table>
</form>
</body>
</html>
<?PHP
include('dbcon1.php');
include('dbcon.php');
//SAVE BUTTON WHEN PRESSED, UPDATES THE TABLE
if(isset($_POST['submit'])){
$username=$_GET['username'];
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$address=$_POST['address'];
$contactno=$_POST['contactno'];
$username=$_POST['username'];
$password=$_POST['password'];
//UPDATE THE TABLE
mysql_query("update customerinfo set fname='$fname',lname='$lname',address='$address',contactno='$contactno',username='$username',password='$password' where username='$username'");
header("location:index5.php?username=$username");
}
?>
<table border='1'>
<?PHP
include('dbcon.php');
include('dbcon1.php');
//GET THE VARIABLE USERNAME THROUGH THE URL
$username = $_GET['username'];
//SHOW THE USER THAT IS CURRENTLY LOGGED IN
//TABLE OF INFORMATION ABOUT THE USER
$customerquery = mysqli_query($con,"SELECT * FROM customerinfo WHERE username = '$username'");
while($customerrows=mysqli_fetch_array($customerquery)){
?>
<tr>
<td>Id</td><td>First Name</td><td>Last Name</td><td>Address</td><td>Contact No</td <td>Username</td><td>Password</td><td>Edit</td>
</tr>
<tr>
<td><?PHP echo $customerrows['id'];?></td>
<td><?PHP echo $customerrows['fname'];?></td>
<td><?PHP echo $customerrows['lname'];?></td>
<td><?PHP echo $customerrows['address'];?></td>
<td><?PHP echo $customerrows['contactno'];?></td>
<td><?PHP echo $customerrows['username'];?></td>
<td><?PHP echo $customerrows['password'];?></td>
//EDIT BUTTON
<td><input type="button" value="edit" onClick="window.location='edit2.php?username=<?php echo $username ?>'"></td>
</tr>
<?PHP } ?>
</table>
Log-out
Firstly Your Query has an Error
$customerquery=mysql_query("select * from customerinfo where username='".$username."' ");
AND
mysql_query("UPDATE customerinfo SET fname='".$fname."',lname='".$lname."',address='".$address."',contactno='".$contactno."',username='".$username."',password='".$password."' WHERE username='".$username."' ");
hey i am new here any one can help me with this chunk of code in php and mysql
i know that this is a little mistake but i could not know where is the error and thank you.
this is the code :
//index.php
<html>
<head>
<title>Search for a user</title>
</head>
<body>
<h2> Search for a user below:</h2><br /><br />
<form action="profileprocess.php" method="get">
<table>
<tr>
<td>Username:</td><td><input type="text" id="username" name="username" /></td></tr>
<tr>
<td><input type="submit" name="submit" id="submit" value="View Profile" /></td>
</tr>
</table>
</form>
</body>
</html>
// profileprocess.php
<html>
<head>
<title><?php echo $username; ?> <?php echo $lastname; ?>s profile</title>
</head>
<body>
<?php
if(isset($_GET['username'])){
$username = $_GET['username'];
mysql_connect("localhost", "root", "") or die ("could not connect t the server");
mysql_select_db("users") or die("this database was not found");
$userquery = mysql_query("SELECT * FROM users WHERE username='$username'") or die("the query could be fale please try again");
if(mysql_num_rows($userquery) != 1){
die("that username could not be found!");
}
while($row = mysql_fetch_array($userquery, MYSQL_ASSOC)){
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$email = $row['email'];
$dbusername = $row['username'];
$activated = $row['activated'];
$access = $row['access'];
}
if($username != $dbusername){
die ("there has been a fatal error please try again. ");
}
if($activated == 0){
$active = "this account has not been activated";
}else{
$active = "ths account has been activated";
}
if($access == 0){
$admin = "this user is not administrator";
}else{
$admin = "this user is an administrator";
}
?>
<h2><?php echo $username; ?> <?php echo $lastname; ?>s profile</h2>
<table>
<tr>
<td>firstname:</td><td><?php echo $firstname; ?></td>
</tr>
<tr>
<td>lastname:</td><td><?php echo $lastname; ?></td>
</tr>
<tr>
<td>email:</td><td><?php echo $email; ?></td>
</tr>
<tr>
<td>username:</td><td><?php echo $dbusername; ?></td>
</tr>
<tr>
<td>activated:</td><td><?php echo $active; ?></td>
</tr>
<tr>
<td>access:</td><td><?php echo $admin; ?></td>
</tr>
</table>
<?php
}else die("You need to specify a username!");
?>
</body>
</html>
//// any help????
I just run this code on my XAMPP server and it seems to work fine.
<html>
<head>
<title>Search for a user</title>
</head>
<body>
<h2> Search for a user below:</h2><br /><br />
<form action="" method="get">
<table>
<tr>
<td>Username:</td><td><input type="text" id="username" name="username" /></td></tr>
<tr>
<td><input type="submit" name="submit" id="submit" value="View Profile" /></td>
</tr>
</table>
</form>
</body>
</html>
<?php
if($_GET['username'] != ''){
echo $_GET['username'];
} else
die('doesnt work'); ?>
One problem i definitely see is that you have used echo at the start of the page and the query is not running. That is going to throw up errors.
Also, please tell us what the errors are, so that we can try and help you better.
i want to get value from database..for exmaple,in the name field, it show the name that stored in the database. i want to show the value in the respective field.but it cannot retrieve the value..plz guys..help me
<?php
session_start();
$username = $_SESSION["username"];
$department = $_SESSION["department"];
?>
<html>
<head>
<title>Change Password</title>
</head>
<form method="post" action="changepassprocess.php">
<?php
$db = mysql_connect('localhost','root')
or die ("unable to connect");
mysql_select_db('fyp',$db) or die ("able to select");
$sql_select = "SELECT * FROM access WHERE username ='".$username."' ";
?>
<font face= "arial" size="2" font color="black">
<center>
<h3 align=center> Change Password </h3>
<table width="500" height="100" border="0" cellspacing="0" cellpadding="2">
<tr>
<tr>
<td align="left">User ID</td>
<td>: <input name="username" type="text" id="username" value="<? {echo "$username"; } ?>" size="20" maxlength="10" readonly='username'></td>
</tr>
<tr>
<td align="left">Name </td>
<td>: <input name="name" type="text" id="name" value="<? {echo "$name"; } ?>" size="50" readonly="name"></td>
</tr>
<tr>
<td align="left">Department </td>
<td>: <?php echo $row['department']; ?> </td>
</tr>
<tr>
<td align="left">New Password </td>
<td>:<input name="newpassword" type="password" id="newpassword" size="20" ></td>
</tr>
</table><br>
<align = center><input type="submit" name="send" value="Change Password">
</form>
</body>
</html>
Well, you forgot to run your query to the database. The $sql_select variable holds the query text, but you need to pass it to the database and retrieve the answer from it. Read http://php.net/manual/en/function.mysql-query.php and examples there.
You are missing:
$result = mysql_query($sql_select);
$row = mysql_fetch_array($result);
These will execute the query you've prepared and get the results as an array $row.
You might want to see how get fetch a value from Mysql DB using php from:
W3school: Select Data From a Database Table.
<?php
session_start();
include("../connect.php");
$user=$_SESSION['user'];
if(empty($user))
{
header("location:index.php");
}
else{
$query_display="SELECT * FROM user_login WHERE user_id_no='$user_id_no'";
$result=mysqli_query($bd,$query_display);
while($arr=mysqli_fetch_array($result))
{
$first_name=$arr['first_name'];
$last_name=$arr['last_name'];
$address=$arr['address'];
}
echo $first_name;
echo $last_name;
echo $address;
}
?>
connect.php
<?php
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "";
$mysql_database = "";
$bd=mysqli_connect($mysql_hostname,$mysql_user,$mysql_password,$mysql_database);
?>