I'm trying to allow users to change their passwords in my site.
I'm getting stuck in the controller. My doubt is whether $sql = $this->db->select("*")->from("logins_table")->where('lt_username',$this->session->userdata('email'))->get(); is working or not.
My controller:
<?php
class Changepw extends MY_Controller {
public function Changepwd(){
}
public function reset() // we will load models here to check with database
{
$sql = $this->db->select("*")->from("logins_table")->where('lt_username',$this->session->userdata('email'))->get();
foreach ($sql->result() as $my_info) {
$db_password = $my_info->lt_password;
$db_id = $my_info->lt_id;
}
if($this->input->post('opassword') == $db_password && ($this->input->post('npassword') != '') && ($this->input->post('cpassword')!='')) {
$fixed_pw = mysql_real_escape_string(md5($this->input->post('npassword')));
$update = $this->db->query("Update 'logins_table' SET 'lt_password'= '$fixed_pw' WHERE 'id'= '$db_id'")or die(mysql_error());
//$this->form_validation->set_message('change',"sucess");
echo json_encode(array("success"=>true));
}else {
//$this->form_validation->set_message('change', "err");
echo json_encode(array("success"=>false));
}
exit;
}
}
and my view page is:
<table width="95%" border="0" cellspacing="5" cellpadding="5">
</tbody>
<tr>
<td width="35%" class="heading">Email</td>
<td><input type="text" name="email" ></td>
<tr>
<td class="heading">Existing Password</td>
<td><input type="password" name="opassword" ></td>
</tr>
<tr title="Ignore new password if you dont want to change password">
<td class="heading">New Password</td>
<td><input type="password" name="npassword"></td>
</tr>
<tr>
<td class="heading">Confirm Password</td>
<td><input type="password" name="cpassword"></td>
</tr>
<tr>
<td> </td>
<td><button name="Submit" id="forgotBtn" class="customBtn" value="Submit">Save changes</button>
</td>
<tr>
<td> </td>
<td ><div class="errorMsg" id="errMsg" style="display:none"> Error in updating </div></td>
</tr>
</tr>
</tbody>
</table>
</form>
$("#forgotBtn").on('click', function()
{
$.post( "/changepw/reset", $("#forgotForm").serialize(), // serializes the form's elements.
function(data) {
data = jQuery.parseJSON(data);
if(data.error == false) {
$("#successMsg").hide();
}else{
$("#errMsg").show();
}
} );
return false;
});
Thanks.
I think according to the code, your error is here.
$this->input->post('opassword') == $db_password// this line
While storing password in database you have used md5(), but here you are just checking for the plain text which is wrong
md5($this->input->post('opassword')) == $db_password
This should help you.
Related
customer_register.php
<?php
session_start();
?>
<form action="customer_register.php" method="post" enctype="multipart/form-data">
<?php
if (isset($_POST['c_name']) && isset($_POST['c_email']) && isset($_POST['c_usrname']) && isset($_POST['c_password']) && isset($_POST['c_country']) && isset($_POST['c_city']) && isset($_POST['c_contact']) && isset($_POST['c_address']) && isset($_FILES['c_image']['name'])) {
$c_ip_add = getIp();
$c_name = $_POST['c_name'];
$c_email = $_POST['c_email'];
$c_username = $_POST['c_usrname'];
$c_password = $_POST['c_password'];
$c_country = $_POST['c_country'];
$c_city = $_POST['c_city'];
$c_contact = $_POST['c_contact'];
$c_address = $_POST['c_address'];
$c_image = #$_FILES['c_image']['name'];
$c_tmp_name = #$_FILES['c_image']['tmp_name'];
$location = 'customer/customer_images/';
if (!empty($c_name) && !empty($c_email) && !empty($c_username) && !empty($c_password) && !empty($c_country) && !empty($c_city) && !empty($c_contact) && !empty($c_address) && !empty($c_image)) {
move_uploaded_file($c_tmp_name, $location.$c_image);
$select_user = "SELECT customers_username FROM customers WHERE customers_username = '$c_username'";
$run_select_user = mysqli_query($conn, $select_user);
if (mysqli_num_rows($run_select_user) == NULL) {
$insert_customer = "INSERT INTO customers(customers_ip, customers_name, customers_email, customers_username, customers_pass, customers_country, customers_city, customers_contact, customers_address, customers_image) VALUES ('$c_ip_add', '$c_name', '$c_email', '$c_username', '$c_password', '$c_country', '$c_city', '$c_contact', '$c_address', '$c_image')";
$run_insert_customer = mysqli_query($conn, $insert_customer);
$select_cart = "SELECT * FROM cart WHERE ip_add = '$c_ip_add'";
$run_select_cart = mysqli_query($conn, $select_cart);
$check_cart = mysqli_num_rows($run_select_cart);
if ($check_cart == 0) {
$_SESSION['customer_email'] = $c_email;
$_SESSION['username'] = $c_username;
echo '<script>alert("Account has been successfully created")</script>';
echo '<script>window.open("customer/my_account.php","_self")</script>';
} else {
$_SESSION['customer_email'] = $c_email;
$_SESSION['username'] = $c_username;
echo '<script>alert("Account has been successfully created")</script>';
echo '<script>window.open("checkout.php","_self")</script>';
}
} else {
echo "<div align='center' style='color:white; font-size:20px; padding:20px 0px;'><b>The Username already exists. Please try another username.</b></div>";
}
} else {
echo "<div align='center' style='color:white; font-size:20px; padding:20px 0px;'><b>All Fileds are required</b></div>";
}
}
?>
<table align="center" width="750">
<thead>
<tr align="center">
<th colspan="3"><h1>Create an Account</h1></th>
</tr>
</thead>
<tbody>
<tr>
<td id="label" align="right">Name:</td>
<td><input type="text" name="c_name" size="40" required></td>
</tr>
<tr>
<td id="label" align="right">Email:</td>
<td><input type="text" name="c_email" size="40" required></td>
</tr>
<tr>
<td id="label" align="right">Username:</td>
<td><input type="text" name="c_usrname" size="40" required></td>
</tr>
<tr>
<td id="label" align="right">Password:</td>
<td><input type="password" name="c_password" size="40" required></td>
</tr>
<tr>
<td id="label" align="right">Image:</td>
<td><input type="file" name="c_image" required></td>
</tr>
<tr>
<td id="label" align="right">Country:</td>
<td>
<select name="c_country">
<option size="50">Select Country</option>
<?php countries(); ?>
</select>
</td>
</tr>
<tr>
<td id="label" align="right">City:</td>
<td><input type="text" name="c_city" size="40" required></td>
</tr>
<tr>
<td id="label" align="right">Contact:</td>
<td><input type="text" name="c_contact" size="40" required></td>
</tr>
<tr>
<td id="label" align="right">Address:</td>
<td><input type="text" name="c_address" size="40" required></td>
</tr>
<tr align="center">
<td colspan="3"><input type="submit" name="register" value="Create Account"></td>
</tr>
</tbody>
</table>
</form>
customer_login.php
<?php
session_start();
?>
<form method="post" action="">
<table width="500" align="center" bgcolor="skyblue">
<thead>
<tr align="center">
<th colspan="4"><h2>Login or Register to Buy!</h2></th>
</tr>
</thead>
<tbody>
<tr>
<td align="right"><b>Email:</b></td>
<td><input type="text" name="email" placeholder="Enter Email"></td>
</tr>
<tr>
<td align="right"><b>Password:</b></td>
<td><input type="password" name="pass" placeholder="Enter Password"></td>
</tr>
<tr align="center">
<td colspan="4">Forgot Password?</td>
</tr>
<tr align="center">
<td colspan="3"><input type="submit" name="login" value="Login"></td>
</tr>
</tbody>
</table>
<h2 style="float:right; padding:10px;">New? Register Here</h2>
</form>
<?php
if (isset($_POST['email']) && isset($_POST['pass'])) {
$email = $_POST['email'];
$pass = $_POST['pass'];
if (!empty($email) && !empty($pass)) {
$select_id = "SELECT * FROM customers WHERE customers_email = '$email' AND customers_pass = '$pass'";
$run_select_id = mysqli_query($conn, $select_id);
foreach ($run_select_id as $details) {
$usrname = $details['customers_username'];
$id = $details['customers_id'];
}
$num_run_select = mysqli_num_rows($run_select_id);
if ($num_run_select == NULL) {
echo '<script>alert("Invalid : Email/Password combination")</script>';
exit();
}
$c_ip_add = getIp();
$select_cart = "SELECT * FROM cart WHERE ip_add = '$c_ip_add'";
$run_select_cart = mysqli_query($conn, $select_cart);
$check_cart = mysqli_num_rows($run_select_cart);
if ($num_run_select > 0 AND $check_cart == 0) {
$_SESSION['customer_email'] = $email;
$_SESSION['username'] = $usrname;
$_SESSION['id'] = $id;
echo "<script>alert('You Have Logged In Succesfully')</script>";
echo "<script>window.open('customer/my_account.php','_self')</script>";
exit();
} else {
$_SESSION['customer_email'] = $email;
$_SESSION['username'] = $usrname;
$_SESSION['id'] = $id;
echo "<script>alert('You Have Logged In Succesfully')</script>";
echo "<script>window.open('checkout.php','_self')</script>";
}
} else {
echo 'Please enter valid email ID';
}
}
?>
my_account.php
<?php
session_start();
?>
<ul id="categories">
<?php
$location = 'customer_images/';
$usr_email = $_SESSION['customer_email'];
$user_name = #$_SESSION['username'];
$usr_id = $_SESSION['id'];
$select_image = "SELECT * FROM customers WHERE customers_id = '$usr_id'";
$run_image = mysqli_query($conn,$select_image);
foreach ($run_image as $select_all_data) {
$id = $select_all_data['customers_id'];
$name = $select_all_data['customers_name'];
$username = $select_all_data['customers_username'];
$email = $select_all_data['customers_email'];
$country = $select_all_data['customers_country'];
$city = $select_all_data['customers_city'];
$contact = $select_all_data['customers_contact'];
$address = $select_all_data['customers_address'];
$image = $select_all_data['customers_image'];
echo "<li style=''><img src='$location$image' height='150' width='174' style='text-align:center; border:3px solid black; padding:4px; border-radius: 109px;'></li>";
}
?>
<li>My Orders</li>
<li>Edit Account</li>
<li>Change Password</li>
<li>Delete Account</li>
<li>Logout</li>
</ul>
</div>
<div class="content_area2">
<?php cart(); ?>
<div id="my_account_menu">
<span>
<?php
if (isset($_SESSION['customer_email'])) {
echo "Welcome <i style='color:orange;'>" . $_SESSION['username']. ' </i>';
}
?>
<?php
if (!isset($_SESSION['customer_email'])) {
echo "<a href='../checkout.php' style='color:white;'>Login</a>";
} else {
echo "<a href='../logout.php' style='color:orange;'>Logout</a>";
}
?>
</span>
</div>
<?php getIp(); ?>
<div id="products_box">
<?php
if (!isset($_GET['my_orders']) && !isset($_GET['edit_account']) && !isset($_GET['change_pass']) && !isset($_GET['delete_account'])) {
?>
<div style="text-align:center;">
<table>
<tbody>
<tr>
<td id="label">Name : </td>
<td id="detail"><?php echo #$name; ?></td>
</tr>
<tr>
<td id="label">Username (Display Name) : </td>
<td id="detail"><?php echo #$username; ?></td>
</tr>
<tr>
<td id="label">Email : </td>
<td id="detail"><?php echo #$email; ?></td>
</tr>
<tr>
<td id="label">City : </td>
<td id="detail"><?php echo #$city; ?></td>
</tr>
<tr>
<td id="label">Contact : </td>
<td id="detail"><?php echo #$contact; ?></td>
</tr>
<tr>
<td id="label">Address : </td>
<td id="detail"><?php echo #$address; ?></td>
</tr>
</tbody>
</table>
</div>
<div style="padding:20px;"><b>You can see your orders by clicking this link</b></div>
<?php
}
?>
The problem is when I login it is working fine but when I register the user it gives the error undefined
$usr_id = $_SESSION['id'];
in my_account.php and all the information about the user is not displayed
I HAVE STARTED THE SESSION
I think you forget to call session_start before to do anything, even when there is no existing session.
<?php
session_start()
// your code...
You may want to look how it works with the basic example from the session_start function
As stated within the PHP session_start documentation:
To use cookie-based sessions, session_start() must be called before outputing anything to the browser.
So you may want to include this call after PHP opening tag <?php as I wrote above
You have to initiate the session by using session_start() on every page where you want to use the session. And this is missing on my_account.php
Ex:
<?php
session_start();
// your code
nowhere in your customer_register.php file do you actually set $_SESSION['id'].
in addition to this:
there are no form tags around your register form, so its hard to see how any data is getting into the script anyway.
your'e also silencing (#) errors. If this is a learning task, which from your comments I assume it is, thats a very counterproductive thing to do.
As you only set $_SESSION['id'] in the login handing script, its not going to be available across pages unless they go through that form. Its hard to tell from your code what your'e intended user journey is, but as it stands at the moment it looks like your'e expecting them to register, then be able to see the account page as a logged in user.
Just set $_SESSION['id'] in the register script, or dispense with it entirely and use the username (seeing as you validate it as unique anyway).
Also, your'e query in the my_account.php is looking for a column customer_id which (as far as I can see) you dont actually set in the insert statement.
This is the trouble with programming, it only does what you tell it to do.
Ok i have a session class that currently handles setting variables, getting variables, deleting them and destroying them. I have a form which take information from a user and i am not sure how i would get the post variables using a session class rather than just using $_SESSION{'some variable'] to set the variables and use them.
<?php
class sessionClass{
public function _constructor()
{
session_start();
}
public function destroy()
{
session_destroy();
}
public function add($name, $value)
{
if(empty($name)){
die('Invalid variable name');
}
$_SESSION[$name] = $value;
}
public function delete($name)
{
session_unset ($_SESSION[$name]);
}
public function get($name)
{
if(isset($_SESSION[$name]))
$_SESSION[$name] = $name;
else
return ($_SESSION[$name]);
}
}
?>
Above is my session class. Now i am trying to use OOPHP and i am trying to validate the data being entered into my template form page. However because i am passing the variables $_POST['LoginID'] and $_POST['Password'] i am getting these errors.
Notice: Undefined index: LoginID in /home/comp3170-020/public_html/assignment2/index.php on line 20 Notice: Undefined index: LoginID in /home/comp3170-020/public_html/assignment2/index.php on line 25 ect ect
//Creating class objects
$val = new validatorClass();
$ses = new sessionClass();
$dis = new XHTMLDisplayClass();
$dis->setTemplate('templates/index.tpl.php');
//Checking that data is validated
if (isset($_POST['Submit']))
{
if ((!$val->isValidLoginID($_POST['LoginID'])) || (!$val->isValidLoginIDE($_POST['LoginID'])) ||(!isValidPassword($_POST['Password'])))
{
$errs = $val->getErrorMessages();
$d-> addVar('errors', $errs);
}
else {
//$ses = new sessionClass();
$ses->add('LoginID', $_POST['LoginID']);
$ses->add('Password',$_POST['Password'] );
$ses->add('validationDone', true);
header('Location:auth.php');
exit;
}
}
Can anyone tell me how i should pass the variables to the functions of the classes.
form code :
<form name="form1" action="index.php" method="POST">
<td width="220" class="content_l">Login ID</td>
<font color = "FF0000">
<?php if (isset ($errors['isValidLoginID'])){echo $errors['isValidLoginID'];}?>
<?php if (isset ($errors['isValidLoginIDE'])){echo $errors['isValidLoginIDE'];}?>
<?php if (isset ($errors['isValidPassword'])){echo $errors['isValidPassword'];}?>
</font>
</tr>
<tr>
<td><input type="text" name="textfield" class="form250"></td>
</tr>
<tr>
<td height="25" valign="bottom" class="content_l">Password</td>
</tr>
<tr>
<td><input type="password" name="textfield" class="form250" ></td>
</tr>
<tr>
<tr>
<td height="25" valign="bottom" class="content_1">Identification Used</td>
</tr>
<tr>
<td><input type="radio" name="authtyp" value="Username" class="form250" <?php echo $usertyp?> checked>Username <input type="radio" name="authtyp" value= "Email" class="form250" <?php echo $emailtyp?>> Email</td>
</tr>
<tr>
<td height="40" valign="bottom">
<input type="submit" name="Submit" value="LOGIN" class="btn70" style="margin-top:10px; ">
</form>
</td>
</tr>
<tr>
<td height="30" valign="bottom">Forgot your password? </td>
</tr>
</table></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
</table>
i have a form error when i put password and click submit button query executed but on database password row empty :(
please help me to sort out this problem i tried but didn't solve. php contain html via double quotes
thanks
<?php echo errormessage();
if(isset($_REQUEST['email']) && !empty($_REQUEST['email']) AND isset($_REQUEST['token']) && !empty($_REQUEST['token'])){
// Verify data
$email = mysql_prep($_REQUEST['email']); // Set email variable
$token = mysql_prep($_REQUEST['token']); // Set hash variable
$result = mysqli_query($connection,"SELECT email, hash FROM job_seeker WHERE email='".$email."' AND hash='".$token."'");
$num_rows = mysqli_num_rows($result);
if($num_rows > 0){
echo '<form method="post" action=""><table class="table table-bordered" width="100%" >
<tr>
<td width="40%">New Password :</td>
<td width="60%"><input type="password" required="" value="" name="pass"></td>
</tr>
<tr>
<td>Confirm New Password : </td>
<td><input type="password" required="" value="" name="cpass"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Update"></td>
</tr>
</table></form>';
//<?php //var_dump($_POST);
#$pass = mysql_prep($_POST['pass']);
#$cpass = mysql_prep($_POST['cpass']);
if(isset($_POST)){
if($pass == $cpass)
{
//echo $hashed_password = password_encrypt($pass);
$hashed_password = $pass;
$result = mysqli_query($connection,"UPDATE job_seeker SET hashed_password='$hashed_password', hash='' WHERE email='".$email."' AND hash='".$token."'");
if ($result) {
// Success
$_SESSION["message"] = "Password Successfully Changed.";
} else {
// Failure
$_SESSION["message"] = "Oops... Something went wrong.";
}
}
}
}else{
$_SESSION["message"] = "OOPS: Link Expired. Please check your inbox.";
}
}else{
//var_dump($_REQUEST);
redirect_to('index.php');
}
?>
The code line:
if(isset($_REQUEST['email']) && !empty($_REQUEST['email']) AND isset($_REQUEST['token']) && !empty($_REQUEST['token'])){
checks for the password and executes query only if the password (token) is posted.
Please update it to:
if(isset($_REQUEST['email']) && !empty($_REQUEST['email'])){
And you code will work.
Problem solved if(isset($_POST)){ lol every one gave new instruction except to change the code if(isset($_POST))
There are errors in the "password change" portion of your code.
$result = mysqli_query($connection,"UPDATE job_seeker SET hashed_password='$hashed_password', hash='' WHERE email='".$email."' AND hash='".$token."'");
depending on your php configuration, it might set the password column to
"$hashed_password"
or to whatever was in the variable $hashed_password
You probably meant to do this :
$result = mysqli_query($connection,"UPDATE job_seeker SET hashed_password='".$hashed_password."', hash='' WHERE email='".$email."' AND hash='".$token."'");
But that is still a terrible idea, because this is vulnerable to sql injection.
Also, make sure you have your column names right, down to the letter. ( i can't check that for you )
I could be because you have predefined Value in form.
Try to change this:
echo '<form method="post" action=""><table class="table table-bordered" width="100%" >
<tr>
<td width="40%">New Password :</td>
<td width="60%"><input type="password" required="" value="" name="pass"></td>
</tr>
<tr>
<td>Confirm New Password : </td>
<td><input type="password" required="" value="" name="cpass"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Update"></td>
</tr>
</table></form>';
For this:
echo '<form method="post" action=""><table class="table table-bordered" width="100%" >
<tr>
<td width="40%">New Password :</td>
<td width="60%"><input type="password" required="" name="pass"></td>
</tr>
<tr>
<td>Confirm New Password : </td>
<td><input type="password" required="" name="cpass"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Update"></td>
</tr>
</table></form>';
Without value attribute
I have a registration form that user submits, data is sent using isset($_POST) to see if there is anything that was put into form input boxes. If not it is sent to an else which then sends it to a function that returns the user back to registration form to complete some missing forms. For some reason it is not working properly.
Here is my checking code -------
function returnBack(){
header("Location:register.php");
exit;
}
if(isset($_POST['myusername']))
{
$myusername = $_POST['myusername'];
}
else
{
returnBack();
}
if(isset($_POST['mypassword'])) {
$mypassword=$_POST['mypassword'];
}
else{
returnBack();
}
if(isset($_POST['myemail'])) {
$myemail=$_POST['myemail'];
}
else{
returnBack();
}
if(isset($_POST['myname'])) {
$myname=$_POST['myname'];
}
else{
returnBack();
}
if(isset($_POST['mylastname'])){
$mylastname=$_POST['mylastname'];
}
else{
returnBack();
}
/////////////////////////////////////////////////////////////*******CONNECT TO SERVER ******************************************************************/
try {
# MySQL with PDO_MYSQL
$DBH = new PDO("mysql:host=$hostname;dbname=$database", $username, $password);
$DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
}
catch(PDOException $e) {
echo "I'm sorry, I'm afraid I can't do that.";
file_put_contents('PDOErrors.txt', $e->getMessage(), FILE_APPEND);
}
////////////////////////////////////////////////////////////***********INSERT REGISTER DATA INTO DB ***************************************************************/
//$encrypt_password = md5($mypassword);
$insertdata = $DBH->prepare("INSERT INTO members (username, password, email, firstname, lastname ) VALUES ('$myusername','$mypassword','$myemail','$myname','$mylastname')");
$insertdata->execute();
echo "success";
$DBH = null;
Here is the form section ------------------------------
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="register" method="post" action="insertnewmem.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Registration Form </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername" ></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>Email</td>
<td>:</td>
<td><input name="myemail" type="text" id="myemail"></td>
</tr>
<tr>
<td>First Name</td>
<td>:</td>
<td><input name="myname" type="text" id="myname"></td>
</tr>
<tr>
<td>Last Name</td>
<td>:</td>
<td><input name="mylastname" type="text" id="mylastname"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Register"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
UPDATED ----------------------------------------------
Sorry it skips the function returnBack() and just inserts it into db even if form not properly filled.
Try !empty() instead of isset(). This will evaluate to true only if there is something other than null, false, 0, or empty string ''. You probably have empty strings being submitted.
Others have posted answer, but let me explain why.
isset() checks to see if the value was set, not what the value is, but simply if it has a value. When you submit your form, you are passing an empty string as the value for each of the inputs.
Normally I check this using:
if(isset($_POST['variable']) && $_POST['variable'] !== "")
The first part makes sure the variable exists ( so that the second condition will not throw an error ) and the second condition makes sure that the string is not empty.
G'Day
I have a php page that I want to edit an entry but for the life of me I can not figure out why it is coming up with this erro.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= po_postcode = '4060', email ='-', phone = '732997688', fax = '' WHERE id='1'' at line 1
HELP I am desperate and going insane. (Similar Code works on another page but not this one)....
Can someone PLEASE HELP.
{
<?php
/*
EDIT.PHP
Allows user to edit specific entry in database
*/
// creates the edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($id, $name, $po_street, $po_suburb, $po_state, $po_postcode, $email, $phone, $fax, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<table width="347" border="0" align="center">
<tr valign="baseline">
<td align="right" nowrap="nowrap"><p align="center"><img src="hartwell_banner.JPG" width="624" height="134" /></p>
</tr>
</table>
<table align="center">
<tr valign="baseline">
<td width="290" align="right" nowrap="nowrap"><div align="left"><h2 align="left"><p align="left">Enter a New Contact</p></h2></div></td>
<td width="290" align="center" nowrap="nowrap"><div align="left"><h2 align="center"><p align="center">Return to Index</p>
</h2>
</div></td>
</tr>
</table>
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<table align="center">
<tr valign="baseline">
<td width="98" align="right" nowrap="nowrap"><div align="left">ID:</div></td>
<td width="329"><input type="text" name="id" value="<?php echo $id; ?>" size="40" readonly = "readonly" /> * </td>
</tr>
<tr valign="baseline">
<td width="98" align="right" nowrap="nowrap"><div align="left">Name:</div></td>
<td width="329"><input type="text" name="name" value="<?php echo $name; ?>" size="40" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Postal Street </div></td>
<td><input type="text" name="po_street" value="<?php echo $po_street; ?>" size="40" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Postal Suburb</div></td>
<td><Input type ="text" name="po_suburb" value="<?php echo $po_suburb; ?> " size="30" maxlength="50" >*</td>
<tr valign="baseline">
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">State</div></td>
<td><Input type ="text" name="po_state" value="<?php echo $po_state; ?>" size="5" maxlength="3" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Postal Postcode</div></td>
<td><Input type ="text" name="po_postcode" value="<?php echo $po_postcode; ?>" size="5" maxlength="4"/> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Email:</div></td>
<td><input type="text" name="email" value="<?php echo $email; ?>" size="40" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Phone:</div></td>
<td><input name="phone" type="text" value="<?php echo $phone; ?>" size="12" maxlength="10" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Fax:</div></td>
<td><input name="fax" type="text" value="<?php echo $fax; ?>" size="12" maxlength="10" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"> </td>
<td> <input type="submit" name="submit" value="Submit"> * Denotes Required Field<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?> </td>
</tr>
<tr valign="baseline">
<td colspan="2" align="right" nowrap="nowrap"><div align="center"><img src="hartwell_costs.JPG" alt="" width="340" height="147" /></div></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (isset($_POST['id']))
{
// get form data, making sure it is valid
$id = mysql_real_escape_string(htmlspecialchars($_POST['id']));
$name = mysql_real_escape_string(htmlspecialchars($_POST['name']));
$po_street = mysql_real_escape_string(htmlspecialchars($_POST['po_street']));
$po_suburb = mysql_real_escape_string(htmlspecialchars($_POST['po_suburb']));
$po_state = mysql_real_escape_string(htmlspecialchars($_POST['po_state']));
$po_postcode = mysql_real_escape_string(htmlspecialchars($_POST['po_postcode']));
$email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
$phone = mysql_real_escape_string(htmlspecialchars($_POST['phone']));
// check that firstname/lastname fields are both filled in
if ($id == '' || $name == '' || $po_street == '' || $po_suburb == ''|| $po_state == '' || $po_postcode == ''|| $email == '' || $phone == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
//error, display form
renderForm($id, $name, $po_street, $po_suburb, $po_state, $po_postcode, $email, $phone, $fax, $error);
}
else
{
// save the data to the database
mysql_select_db($database_hartwell, $hartwell);
mysql_query("UPDATE contact SET id= '$id', name='$name', po_street ='$po_street', po_suburb = '$po_suburb', po_state = '$po_state', = po_postcode = '$po_postcode', email ='$email', phone = '$phone', fax = '$fax' WHERE id='$id'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
}
else
{
//if the 'id' isn't valid, display an error
echo 'ID Not Valid!';
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// query db
$id = $_GET['id'];
mysql_select_db($database_hartwell, $hartwell);
$result = mysql_query("SELECT * FROM contact WHERE id=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$id = $row['id'];
$name = $row['name'];
$po_street = $row['po_street'];
$po_suburb = $row['po_suburb'];
$po_state = $row['po_state'];
$po_postcode = $row['po_postcode'];
$email = $row['email'];
$phone = $row['phone'];
$fax = $row['fax'];
// show form
renderForm($id, $name, $po_street, $po_suburb, $po_state, $po_postcode, $email, $phone, $fax,'');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'No ID Value!';
}
}
?>
The error is right there in your query, just like the error message says:
, = po_postcode = '$po_postcode',
^
|
+ this doesn't belong here
remove the equal sign here:
'$po_state', = po_postcode
mysql_query("UPDATE contact SET id= '$id', name='$name', po_street ='$po_street', po_suburb = '$po_suburb', po_state = '$po_state', po_postcode = '$po_postcode', email ='$email', phone = '$phone', fax = '$fax' WHERE id='$id'")
So the problem is here = po_postcode = '$po_postcode',