I am trying to get information to update in my table. I have spent hours and keep going in circles. I think the problem is in my query section toward the end of the code. Any help would be appreciated. Thanks.
<?php require "connect.php"; ?>
<?php
session_start();
if(isset($_SESSION["ID"])){
}else{
header('Location:login.php');
}
?>
<?php
$User = $_SESSION["ID"];
$result = $con->query("select * from BD where ID='$User'");
$row = $result->fetch_array(MYSQLI_BOTH);
$_SESSION["FirstName"] = $row['FirstName'];
$_SESSION["LastName"] = $row['LastName'];
$_SESSION["Email"] = $row['Email'];
$_SESSION["UserName"] = $row['UserName'];
$_SESSION["Password"] = $row['Password'];
?>
<?php
if(isset($_Post['Update'])){
$UpdateFName = $_Post['FirstName'];
$UpdateLName = $_Post['LastName'];
$UpdateEmail = $_Post['Email'];
$UpdateUName = $_Post['UserName'];
$UpdatePassword = $_Post['Password'];
$sql = $con->query("UPDATE BD SET FirstName = '{$UpdateFName}', LastName = '{$UpdateLName}', Email = '{$UpdateEmail}', UserName = '{$UpdateUName}', Password = '{$UpdatePassword}' where ID= $User");
header('Location: update.php');
}
?>
You have used the post method wrongly. You should use post method like $_POST[''] not $_Post[''].
if(isset($_POST['Update'])){
$UpdateFName = $_POST['FirstName'];
$UpdateLName = $_POST['LastName'];
$UpdateEmail = $_POST['Email'];
$UpdateUName = $_POST['UserName'];
$UpdatePassword = $_POST['Password'];
$sql = $con->query("
UPDATE BD SET
FirstName = '$UpdateFName',
LastName = '$UpdateLName',
Email = '$UpdateEmail',
UserName = '$UpdateUName',
Password = '$UpdatePassword'
WHERE
ID= '$User'"
);
header('Location: update.php');
}
<?php
if (isset($_POST['Update'])) {
$UpdateFName = isset($_POST['FirstName']) ? $_POST['FirstName'] : '';
$UpdateLName = isset($_POST['LastName']) ? $_POST['LastName'] : '';
$UpdateEmail = isset($_POST['Email']) ? $_POST['Email'] : '';
$UpdateUName = isset($_POST['UserName']) ? $_POST['UserName'] : '';
$UpdatePassword = isset($_POST['Password']) ? $_POST['Password'] : '';
$sql = $con->query("UPDATE BD SET
`FirstName` = '$UpdateFName',
`LastName` = '$UpdateLName',
`Email` = '$UpdateEmail',
`UserName` = '$UpdateUName',
`Password` = '$UpdatePassword'
WHERE
`ID` = $User"
);
header('Location: update.php');
}
First of all you should include your error, and second, you don't have to use curly braces for the query try it without them.
Related
session_start();
require_once 'config.php';
if(isset($_POST['username']) && isset($_POST['password'])){
$uname = $_POST['username'];
$upass = $_POST['password'];
//select users information from database
$buildsql = "SELECT * FROM umembersd WHERE uusername = '$uname' AND upassword = '$upass'";
$myexec = mysqli_query($conn, $buildsql) or die (mysqli_error($conn));
if($myexec->num_rows > 0){
while($data = $myexec->fetch_assoc()){
$_SESSION['no'] = 'id';
$_SESSION['firstname'] = 'ufname';
$_SESSION['lastname']= 'ulname';
$_SESSION['phonenumber'] = 'uphone';
$_SESSION['emailaddress']= 'uemail';
$_SESSION['datejoined'] = 'uregdate';
$_SESSION['datereg'] = 'uusername';
header('location: index.php?successful');
}
}else{
header('location: login.php?nerror');
}
}
I am wanting to keep a table log history of executed MySQLI queries and log the specific user who executed a query and date & time the query was executed - on any (all) of my PHP pages.
What is the best way and simplest way to achieve this?
PHP
session_start();
if(!isset($_SESSION["username"])){
header("Location: login.php");
exit(); }
$connection = mysqli_connect("****", "****", "****", "****");
if (!$connection) {
die("Database connection failed: " . mysqli_connect_error());
}
if(isset($_POST['update'])) {
$accountNo = $_GET['ID'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$town = $_POST['town'];
$postcode = $_POST['postcode'];
Recommendation from a SO user:
However, there are errors with this suggestion ...many.
$query = "UPDATE usertable set firstname = '".$firstname."', surname='".$surname."', dob='".$dob."', email='".$email."', phone='".$phone."', address='".$address."', town='".$town."', postcode='".$postcode."' where accountNo='".$accountNo."'";
$log_action = mysqli_query($connection,$query);
$result = mysqli_query($connection,$query);
if($result) {
define("LOG_FILE", "https://www.*******.com/logfile.txt");
function log_action($action, $data) {
$time = date('Y-m-d h:i:s');
$user = isset($_SESSION['username']) ? $_SESSION['username'] : '';
$message = "$time\tuser=$user\taction=$action\tdata=$data\n";
file_put_contents(LOG_FILE, $message, FILE_APPEND);
}
Write a wrapper library that logs all the mysqli calls that you want to record, e.g.
function my_mysqli_query($link, $query, $resultmode = MYSQLI_STORE_RESULT) {
log_action('mysqli_query', $query);
return mysqli_query($link, $query, $resultmode);
}
function my_mysqli_prepare($link, $query) {
log_action('mysqli_prepare', $query);
return mysqli_prepare($link, $query);
}
...
define("LOG_FILE", "/path/to/logfile.txt");
function log_action($action, $data) {
$time = date('Y-m-d h:i:s');
$user = isset($_SESSION['username']) ? $_SESSION['username'] : '';
message = "$time\tuser=$user\taction=$action\tdata=$data\n";
file_put_contents(LOG_FILE, $message, FILE_APPEND);
}
I've written it to log to a file. You could log to a database table instead, it's just more code in log_action().
Then do a global replace in all your other scripts, replacing mysqli_query with my_mysqli_query, mysqli_prepare with my_mysqli_prepare, and so on. So your code would look like:
if(isset($_POST['update'])) {
$accountNo = $_GET['ID'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$town = $_POST['town'];
$postcode = $_POST['postcode'];
$query = "UPDATE usertable set firstname = '".$firstname."', surname='".$surname."', dob='".$dob."', email='".$email."', phone='".$phone."', address='".$address."', town='".$town."', postcode='".$postcode."' where accountNo='".$accountNo."'";
$result = my_mysqli_query($connection,$query);
if ($result) {
echo "Update successful";
}
}
I am trying to change the value of an ENUM in a mySQL database that will help identify when a user is logged on or logged off on a website to be displayed to all users of the site. I set an ENUM column with possible values of 0 and 1. 0 being logged off, and 1 being logged on. But it doesnt seem to be changing anything. Here is my code:
//LOGIN
session_start();
$username = ($_POST['username']);
$password = ($_POST['password']);
$sql = "SELECT * FROM users WHERE username = '$username' LIMIT 1";
$query = mysqli_query($conn, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$userid = $row[0];
$dbusername = $row[1];
$dbpassword = $row[2];
$email = $row[4];
$status = $row[7];
$permit = $row[6];
$active = $row[5];
$fname = $row[8];
$lname = $row[9];
$dob = $row[10];
$signupdate = $row[3];
$ipadd = $row[11];
$loggedin = $row[12];
}
if ($username == $dbusername && $password == $dbpassword){
$_SESSION['username'] = $username;
$_SESSION['id'] = $userid;
$_SESSION['email'] = $email;
$_SESSION['status'] = $status;
$_SESSION['permit'] = $permit;
$_SESSION['email_activation'] = $active;
$_SESSION['first_name'] = $fname;
$_SESSION['last_name'] = $lname;
$_SESSION['dob'] = $dob;
$_SESSION['sign_up_date'] = $signupdate;
$_SESSION['ipv4'] = $ipadd;
$_SESSION['loggedin'] = $loggedin;
$sql = "UPDATE username SET loggedin = '1'";
header("Location: ../main.php");
Replace your update query with this one
"UPDATE users SET loggedin = '1' where `id` = $userid ";
//LOGIN
session_start();
$username = ($_POST['username']);
$password = ($_POST['password']);
$sql = "SELECT * FROM users WHERE username = '$username' LIMIT 1";
$query = mysqli_query($conn, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$userid = $row[0];
$dbusername = $row[1];
$dbpassword = $row[2];
$email = $row[4];
$status = $row[7];
$permit = $row[6];
$active = $row[5];
$fname = $row[8];
$lname = $row[9];
$dob = $row[10];
$signupdate = $row[3];
$ipadd = $row[11];
$loggedin = $row[12];
$sql = "UPDATE users SET loggedin = '1' where id = '$userid'";
mysqli_query($conn, $sql);
}
if ($username == $dbusername && $password == $dbpassword){
$_SESSION['username'] = $username;
$_SESSION['id'] = $userid;
$_SESSION['email'] = $email;
$_SESSION['status'] = $status;
$_SESSION['permit'] = $permit;
$_SESSION['email_activation'] = $active;
$_SESSION['first_name'] = $fname;
$_SESSION['last_name'] = $lname;
$_SESSION['dob'] = $dob;
$_SESSION['sign_up_date'] = $signupdate;
$_SESSION['ipv4'] = $ipadd;
$_SESSION['loggedin'] = $loggedin;
header("Location: ../main.php");
I'm trying to update a database table to change a field when a user logs in. When the user inputs his/her correct information, a query runs to change the field from 0 to 1. However, this does not happen. I'm assuming that my query statement is wrong. Can anyone explain to me what I did wrong with the statement and what I should do to fix it?
<?php
session_start();
require("../includes/header.php");
if($_SERVER["REQUEST_METHOD"] == "POST"){
$p_num = $_POST["username"];
$pwd = $_POST["password"];
$query = "SELECT * FROM $user_table";
$result = mysqli_query($connect, $query);
while($row = mysqli_fetch_assoc($result)){
$user_id = "{$row['user_id']}";
$user_name = "{$row['user_name']}";
$password = "{$row['password']}";
$image = "{$row['image']}";
$email = "{$row['email']}";
$program = "{$row['program']}";
$role = "{$row['role']}";
$logged_in = "{$row['logged_in']}";
if(($user_id == $p_num) && ($pwd == $password)){
$_SESSION["id"] = $user_id;
$_SESSION["user"] = $user_name;
$_SESSION["program"] = $program;
$_SESSION["pass"] = $password;
$_SESSION["image"] = $image;
$_SESSION["email"] = $email;
$_SESSION["role"] = $role;
$_SESSION["logged in"] = $logged_in;
mysqli_query($connect, "UPDATE '{$user_table}' SET logged_in = 1 WHERE user_id = '{$p_num}'");
header("Location: ../pages/instructor.php");
}
else{
header("Refresh: 1; URL=../index.php");
}
}
}
?>
I actually figured this out myself. I was simply checking for the wrong values in the sql statement.
im a newbie in php and sql programming and can someone help me in my syntax , lately ive been creating this code to edit my user and write it on the database but it always gets an error in oldpassword and password , and it always says password didnt match even if i do it correctly the process , any help on me ? tnx
<?php
$update = strip_tags($_POST['update']);
$username = strtolower(strip_tags($_POST['username']));
$oldpassword = strip_tags($_POST['oldpassword']);
$newpassword = strip_tags($_POST['newpassword']);
$firstname = strip_tags($_POST['first']);
$lastname = strip_tags($_POST['last']);
$gender = strip_tags($_POST['gender']);
$address = strip_tags($_POST['address']);
$zipcode = strip_tags($_POST['zip']);
$contact = strip_tags($_POST['con']);
$email = strip_tags($_POST['mail']);
error_reporting(0);
if($update)
{
if($username&& $oldpassword && $newpassword && $firstname && $lastname && $address && $zipcode && $contact && $email)
{
$connect = mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("brightlights") or die(mysql_error());
$updatecheck = mysql_query("SELECT * FROM username FROM tb_user WHERE username='$username'");
$count = mysql_num_rows($updatecheck);
if($count<=1)
{
if($_SESSION['password']==($oldpassword))
{
mysql_query("UPDATE tb_user SET
username = '$username',
password = '$newpassword',
Firstname = '$firstname',
Lastname = '$lastname',
gender = '$gender',
address = '$address',
zipcode = '$zipcode',
contact = '$contact',
email = '$email'
WHERE username='".$_SESSION['username']."'");
$_SESSION['username'] = $username;
$_SESSION['password'] = $newpassword;
$_SESSION['Firstname'] = $firstname;
$_SESSION['Lastname'] = $lastname;
$_SESSION['gender'] = $gender;
$_SESSION['address'] = $address;
$_SESSION['zipcode'] = $zipcode;
$_SESSION['contact'] = $contact;
$_SESSION['email'] = $email;
session_write_close();
echo "Succesfully Updated!";
}else
echo "Password not match!";
}else
echo "Username already Taken!";
}else
echo "Please fill up all form!";
}
?>
if($_SESSION['password']==($oldpassword))
But I can't see session_start() after <?php
I think $_SESSION['password'] is an encrypted password that doesn't match. Please echo $_SESSION['password'] and $oldpassword and exit, and check their values.