my code basically override requests (for classes that are full in capacity) submitted by students to specific professors. Let's say 2 students have requested an override to the same class, when a professor is logged in, the code fetches the two override requests with an option of accepting/denying, when i as a professor accept/deny a single override request, it does the action for both the override requests instead of the one i chose.
Basically it's not accepting/denying the requests as selected, its doing the same action for all overrides.
Code:
<?php
} else if ($usertype == 1) {
$server = "";
$user = "";
$pass = "";
$db = "";
$db2 = "";
$db3 = "";
$user1 = $_SESSION['username'];
$mysqli = new Mysqli($server, $user, $pass, $db) or mysqli_error($mysqli);
$mysqli2 = new Mysqli($server, $user, $pass, $db2) or mysqli_error($mysqli);
$mysqli3 = new Mysqli($server, $user, $pass, $db3) or mysqli_error($mysqli);
$status= $mysqli->query("SELECT status FROM Overrides WHERE professor = '$user1'")->fetch_object()->status;
$overrides = $mysqli->query("SELECT * FROM Overrides WHERE professor = '$user1'");
$num_rows = mysqli_num_rows($overrides);
?>
<form method="post" action="dbheads.php" name="HF" id="HF" autocomplete="off">
<script type="text/javascript">
function submitForm(action)
{
document.getElementById('HF').action = action;
document.getElementById('HF').submit();
}
</script>
<?php if ($status == 1) {
echo " Overrides today: " . $num_rows;
?>
<?php
while($row = mysqli_fetch_array($overrides)) { ?>
<fieldset> <?php
echo "First Name: " . $row['name'] . "<br />";
echo "<br />Mid. Name: " . $row['mname'] . "<br />";
echo "<br />Fam. Name: " . $row['fname'] . "<br />";
echo "<br />Student ID: " . $row['sid'] . "<br />";
echo "<br />Scolarship: " . $row['sc'] . "<br />";
echo "<br />Phone No: " . $row['phone'] . "<br />";
echo "<br />Email: " . $row['email'] . "<br />";
echo "<br />Subject: " . $row['subject'] . "<br />";
echo "<br />Section: " . $row['section'] . "<br />";
echo "<br />Semester: " . $row['semester'] . "<br />";
$name = $row['name'];
echo "<input type='hidden' name='name' value='$name'>";
$mname = $row['mname'];
echo "<input type='hidden' name='mname' value='$mname'>";
$fname = $row['fname'];
echo "<input type='hidden' name='fname' value='$fname'>";
$sid = $row['sid'];
echo "<input type='hidden' name='sid' value='$sid'>";
$sc = $row['sc'];
echo "<input type='hidden' name='sc' value='$sc'>";
$phone = $row['phone'];
echo "<input type='hidden' name='phone' value='$phone'>";
$email = $row['email'];
echo "<input type='hidden' name='email' value='$email'>";
$subject = $row['subject'];
echo "<input type='hidden' name='subject' value='$subject'>";
$section = $row['section'];
echo "<input type='hidden' name='section' value='$section'>";
$semester = $row['semester'];
echo "<input type='hidden' name='semester' value='$semester'>";
?>
<br />
<div>
<label for="comments" accesskey="c">Notes & Comments:</label><br />
<input type="textarea" name="comments" id="comments" cols="35" rows="10">
<br>
</div>
<br>
<script type="text/javascript">
function submitForm(action)
{
document.getElementById('HF').action = action;
document.getElementById('HF').submit();
}
</script>
...
<input type="button" onclick="submitForm('dbheads.php')" value="Accept" />
<input type="button" onclick="submitForm('dbheads2.php')" value="Deny" /></form>
</fieldset>
<br>
<?php } }
?>
<br />
dbheads.php
<?php
include_once 'includes/db_connect.php';
include_once 'includes/functions.php';
sec_session_start();
?>
<html>
<?php
$mysql_host = "";
$mysql_username = "";
$mysql_password = "r!~";
$mysql_database = "";
$user = $_SESSION['username'];
if (login_check($mysqli) == true) : ?>
<p>Welcome <?php echo htmlentities($user); ?>!</p>
<?php
$mysqli = new Mysqli($mysql_host, $mysql_username, $mysql_password, $mysql_database) or die(mysqli_error());
$status = 2;
$stmt = $mysqli->prepare("UPDATE Overrides SET status=? WHERE username='$user'");
$stmt->bind_param("s", $status);
$stmt->execute();
echo htmlentities(accepted);
?>
<?php else : ?>
<p>
<span class="error">You are not authorized to access this page.</span> Please login.
</p>
<?php endif; ?>
</html>
bheads2.php
<html>
<?php
$mysql_host = "";
$mysql_username = "";
$mysql_password = "";
$mysql_database = "";
$user = $_SESSION['username'];
if (login_check($mysqli) == true) : ?>
<p>Welcome <?php echo htmlentities($user); ?>!</p>
<?php
$mysqli = new Mysqli($mysql_host, $mysql_username, $mysql_password, $mysql_database) or die(mysqli_error());
$status = 5;
$stmt = $mysqli->prepare("UPDATE Overrides SET status=? WHERE username='$user'");
$stmt->bind_param("s", $status);
$stmt->execute();
echo htmlentities(denied);
?>
<?php else : ?>
<p>
<span class="error">You are not authorized to access this page.</span> Please login.
</p>
<?php endif; ?>
</html>
Any help on how can i fix this? I'm a beginner so ignore the messy code.
It seems you are updating the database with the following query
$stmt = $mysqli->prepare("UPDATE Overrides SET status=? WHERE username='$user'")
Which is simply saying where the username is the person logged in or using the page will be updated to the status of your choosing, do you have a unique identifier for each row of overrides? Override_ID maybe.
If so I would fetch that data on your first page and put it into a hidden input like the other data and then use the following query:
$ovid = $_POST['ovid'];
$stmt = $mysqli->prepare("UPDATE Overrides SET status=? WHERE override_id='$ovid'")
EDIT:
You also seem to be updating WHERE username='$user'as opposed to WHERE professor='$user' on your update pages
Related
So, I am trying to figure out how do this this and it boggling me. THIS WILL NOT BE USED ONLINE LIVE SO SQL INJECTION I DONT' CARE ABOUT. What am I doing wrong/right?
<?php
$db = mysql_connect("localhost", "root", "root");
if (!$db) {
die("Database connect failed: " . mysql_error());
}
$db_select = mysql_select_db("UNii", $db);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
$comment = $_GET['comment'];
$id = $_GET['id'];
$sql = "UPDATE Dbsaved SET comment = '{$comment}' WHERE id = $id";
$comment1 = mysql_query($sql);
if (!$comment1) {
die("did not save comment: " . mysql_error());
}
echo $sql;
The main problem is with the statement itself, the connection is fine. I am trying to read $comment, and then update that into a MYSQL table and then have it read back in a different file.
EDIT: Mark up for the form I'm taking $comment from.
<!DOCTYPE html>
<html lang="en">
<LINK href="stylesheet.css" rel="stylesheet" type="text/css">
<script src ="js/validateform.js"></script>
<head>
<meta charset="UTF-8">
<title>UniHelp Home</title>
</head>
<body>
<div id="headeruni">
<h1>Welcome <?php echo $_GET["name"]; ?> to UniHelp!</h1>
</div>
<div id ="infouni">
<h3>Welcome to UniHelp. The social Network getting you connected to other people all over the University for any help you require!</h3>
</div>
<div id ="nameandemail">
<form action="formsend.php" method="post">
First name: <br> <input type="text" name="name"><br>
Email: <br> <input type="text" name="email"><br>
Comment: <br> <input type="text" name="message"><br>
<input type="submit" name="submit">
</form>`enter code here`
</div>
<div id="grabphpdiv">
<?php
$db = mysql_connect("localhost", "root", "root");
if (!$db) {
die("Database connect failed: " . mysql_error());
}
$db_select = mysql_select_db("UNii", $db);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
$result = mysql_query("SELECT * FROM Dbsaved", $db);
if (!$result) {
die ("Database query failed: " . mysql_error());
}
$comment = $_POST['$comment'];
while ($row = mysql_fetch_array($result)) {
echo "<div id='posts'>";;
echo "<h2>";
echo $row[1] . "";
echo "</h2>";
echo "<p>";
//echo $timestamp = date('d-m-y G:i:s ');
echo "<br>";
echo "<br>";
echo $row[2] . "";
echo "</p>";
echo "<p>";
echo $row[3] . "";
echo "</p>";
echo 'Delete';
echo "<br>";
echo "<br>";
echo 'Comment: <br>
<input type=text name=comment><br>
<a href=addcomment.php?id=' . $row[0]. '&comment='. $row['$comment'].'>Comment</a>';
echo "<p>";
echo $row['comment'] . "";
echo "</p>";
echo "</div>";
echo "<br>";
}
?>
</div>
</body>
<div id="footer">Copyright © James Taylor 2016</div>
</html>
I just ran this code:
$comment = "Hello World!";
$id = 1;
$sql = "UPDATE Dbsaved SET comment = '{$comment}' WHERE id = {$id}";
echo $sql;
and saw:
UPDATE Dbsaved SET comment = 'Hello World!' WHERE id = 1
which is a correct SQL statement, so if it is not working, you might want to play with SQL directly to get something working. Hope that helps!
SOLUTION:
$comment = $_GET['$comment'];
$id = $_GET['$id'];
while ($row = mysql_fetch_array($result)) {
echo "<div id='posts'>";;
echo "<h2>";
echo $row[1] . "";
echo "</h2>";
echo "<p>";
//echo $timestamp = date('d-m-y G:i:s ');
echo "<br>";
echo "<br>";
echo $row[2] . "";
echo "</p>";
echo "<p>";
echo $row[3] . "";
echo "</p>";
echo 'Delete';
echo "<br>";
echo "<br>";
echo $row[4] . "";
echo "<br>";
echo 'Comment: <br>
<form action="addcomment.php?id=' . $row[0]. '" method="post">
<input type=text name=comment><br>
<input type=submit name="submit">
</form>';
echo "<p>";
echo $row['comment'] . "";
echo "</p>";
echo "</div>";
echo "<br>";
}
?>
and:
<?php
$db = mysql_connect("localhost", "root", "root");
if (!$db) {
die("Database connect failed: " . mysql_error());
}
$db_select = mysql_select_db("UNii", $db);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
$comment = $_POST['comment'];
$id = $_GET['id'];
$sql = "UPDATE Dbsaved SET comment = '$comment' WHERE id = $id ";
$comment1 = mysql_query($sql);
echo $sql;
if (!$comment1) {
die("did not save comment: " . mysql_error());
}
else {
header("location: UniHelpindex.php");
}
It was to do with mainly needing to get the id which was used in $row[0]' in the form created in the while loop. And actually using the correct syntax for the update Dbsaved... bit.
I'm trying to do a multiple edit function, the code goes through but the database is not updated. I figure the problem is that at WHERE id = $id no value gets called out because if I replace $id with an actual id e.g. id = 001 the entry 001 gets updated.
This page selects which entries get edited
<?php
if (!mysqli_connect_errno($con)) {
$queryStr = "SELECT * " . "FROM crewlist";
}
$result = mysqli_query($con, $queryStr);
while ($row = mysqli_fetch_array($result)) {
if (date("Y-m-d") > $row['start_date'] && date("Y-m-d") < $row['end_date']) {
echo "<tr><th>" . "<input type = 'checkbox' name = 'checkbox2[]' value='" . $row['crew_name']. "' >" . "</th>";
echo "<th>" . "" . $row["crew_name"] . "";
echo "<th>" . $row["crew_rank"] . "</th>";
echo "<th>" . $row["start_date"] . "</th>";
echo "<th>" . $row["end_date"] . "</th>";
echo "<th>" . $row["watchkeeping"] . "</th>";
echo "<th>" . $row["active"] . "</th>";
} else {
}
}
?>
This is the edit page
<?php include 'header.php'; ?>
<div id="container4"><?php
require ("dbfunction.php");
$con = getDbConnect();
$checkbox2 = $_POST['checkbox2'];
if (!mysqli_connect_errno($con)) {
$str = implode($checkbox2);
$queryStr = "SELECT * " .
"FROM crewlist WHERE ($str) && crew_id";
}
$result = mysqli_query($con, $queryStr);
?><form action="handlemultiedit.php" method="post"><?php
if ($_POST['submit']) {
$checkbox2 = $_POST['checkbox2'];
foreach ($checkbox2 as $crewname) {
?>
<input type="hidden" name="crew_id" value="<?php $id = isset($_GET['id']) ? $_GET['id'] : ''; ?>" />
<?php echo "<tr><th>" . $crewname . ":</th><br>";
echo " <tr>
<td>Shift 1:</td>
<td><input type=\"time\" name=\"start_hour\" value=\"start_hour\" id=\"start_hour\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour\" value=\"end_hour\" id=\"end_hour\" step=\"1800\" required>
</td>
</tr>
<tr>
<td>Shift 2:</td>
<td><input type=\"time\" name=\"start_hour2\" value=\"start_hour2\" id=\"start_hour2\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour2\" value=\"end_hour2\" id=\"end_hour2\" step=\"1800\" required>
</td>
</tr><br><br>";
?><?php
}?><td><input type="submit" value="Submit" ></td></form><?php
}
?>
print_r($_POST);
require 'dbfunction.php';
$con = getDbConnect();
$crew_id = $_POST["crew_id"];
$start_hour = $_POST["start_hour"];
$end_hour = $_POST["end_hour"];
$start_hour2 = $_POST["start_hour2"];
$end_hour2 = $_POST["end_hour2"];
if (!mysqli_connect_errno($con)) {
$sqlQueryStr = "UPDATE crewlist SET start_hour = '$start_hour',end_hour = '$end_hour', start_hour2 = '$start_hour2',end_hour2 = '$end_hour2' WHERE crew_id = $crew_id";
mysqli_query($con, $sqlQueryStr);
}
//header('Location: crewlisting.php');
mysqli_close($con);
?>
Try placing single quotes (i.e. 's) around your final variable in your statement, as you have done with all of your other variables, i.e. change it to "WHERE crew_id = '$crew_id'";
this piece of code i have below reads data from a database, what i want to make is that when you click submit on the following form, it would write the same data to another database and when denied, it would also submit it to another different database. Can you help? since i can't get how to do it.
<?php
} else if ($usertype == 1) {
$server = "localhost";
$user = "";
$pass = "r=Sc!~";
$db = "";
$user1 = $_SESSION['username'];
$mysqli = new Mysqli($server, $user, $pass, $db) or mysqli_error($mysqli);
$overrides = $mysqli->query("SELECT * FROM Overrides WHERE professor = '$user1'");
$num_rows = mysqli_num_rows($overrides);
?>
<?php
echo " Overrides today: " . $num_rows;
?>
<form method="post" action="dbheads.php" name="HeadWritingForm" id="HeadWritingForm" autocomplete="off">
<fieldset>
<?php
while($row = mysqli_fetch_array($overrides)) {
echo "First Name: " . $row['name'] . "<br />";
echo "<br />Mid. Name: " . $row['mname'] . "<br />";
echo "<br />Fam. Name: " . $row['fname'] . "<br />";
echo "<br />Student ID: " . $row['sid'] . "<br />";
echo "<br />Scolarship: " . $row['sc'] . "<br />";
echo "<br />Phone No: " . $row['phone'] . "<br />";
echo "<br />Email: " . $row['email'] . "<br />";
echo "<br />Class: " . $row['class'] . "<br />";
echo "<br />Section: " . $row['section'] . "<br />";
echo "<br />Semester: " . $row['semester'] . "<br />";
}
?>
<br />
<div>
<label for="comments" accesskey="c">Notes & Comments:</label><br />
<textarea name="comments" cols="35" rows="10">
</textarea><br>
</div>
<br>
<input type="submit" class="submit" id="submit" value="Accept" /> <input type="submit" value="Deny"><br>
</fieldset>
</form>
enter code here
<?php
$server = "localhost";
$user = "";
$pass = "r=Sc!~";
$db1 = "Overrides ";
$db2 = "ONTHERDB";
$user1 = $_SESSION['username'];
$mysqli = new Mysqli($server, $user, $pass, $db1) or mysqli_error($mysqli);
$overrides = $mysqli->query("SELECT * FROM Overrides WHERE professor = '$user1'");
$num_rows = mysqli_num_rows($overrides);
$mysqli = new Mysqli($server, $user, $pass, $db2) or mysqli_error($mysqli);
while($row = mysqli_fetch_array($overrides)) {
$QUERY="INSERT INTO $db2(name,mname,fname,sid,sc,phone,email,class,section,semester)VALUES($row[0],
$row[1],$row[2],$row[3],$row[4],$row[5],$row[6],$row[7],$row[8],$row[9],$row[10] );
mysqli_query($QUERY);
}
I currently have these PHP pages which lets me add a record to a database. (in this case its members) It works perfectly in the sense that I can ADD, DELETE and VIEW. But Im not sure how to get the edit(or UPDATE functionality working.
Here is my db connection Code:
<?php
// Server Info
$server = 'localhost';
$username = 'root';
$password = '';
$database = 'gamgam';
// Connect to database
$connection = new mysqli($server, $username, $password, $database);
?>
Here is my Add Code:
<!DOCTYPE html>
<html>
<head><title>Insert Users</title></head>
<body>
<h2>Insert User Confirmation</h2>
<form action="<?php $_SERVER['PHP_SELF']?>" method="post"/> <br>
<?php
require_once('connection.php');
echo "<label for='memberID' >Member ID:</label>";
echo "<input type='text' name='memberID' id='memberID' />";
echo "<br /><br />";
echo "<label for='username' >Username:</label>";
echo "<input type='text' name='username' id='username' />";
echo "<br /><br />";
echo "<label for='password' >Password:</label>";
echo "<input type='password' name='password' id='password' />";
echo "<br /><br />";
echo "<label for='fName' >Firstname:</label>";
echo "<input type='text' name='fName' id='fName' />";
echo "<br /><br />";
echo "<label for='lName' >Lastname:</label>";
echo "<input type='text' name='lName' id='lName' />";
echo "<br /><br />";
echo "<label for='address' >Address:</label>";
echo "<input type='text' name='address' id='address' />";
echo "<br /><br />";
echo "<label for='email' >Email:</label>";
echo "<input type='text' name='email' id='email' />";
echo "<br /><br />";
echo "<input type='submit' name='submit' value='Submit' />";
echo "<input type='reset' value='Clear' />";
echo "<br /><br />";
?>
</form>
</section>
<p><a href='login.php'>Login</a></p>
<?php
if(!isset($_POST['submit'])) {
echo 'Please Register';
} else {
$memberID = $_POST['memberID'];
$username = $_POST['username'];
$password = $_POST['password'];
$fName = $_POST['fName'];
$lName = $_POST['lName'];
$address = $_POST['address'];
$email = $_POST['email'];
$query = "INSERT INTO `members`
(MemberID, Username, Password, FirstName, LastName,
StreetAddress, Email)
VALUES ('$memberID', '$username', '$password', '$fName',
'$lName', '$address', '$email')";
mysqli_query($connection, $query)
or die(mysqli_error($connection));
$rc = mysqli_affected_rows($connection);
if ($rc==1)
{
echo '<h4>The database has been updated with the following details: </h4> ';
echo 'MemberID: '.$memberID.'<br />';
echo 'Username: '.$username.'<br />';
echo 'Password: '.$password.'<br />';
echo 'First Name: '.$fName.'<br />';
echo 'Last Name: '.$lName.'<br />';
echo 'Address: '.$address.'<br />';
echo 'Email: '.$email.'<br />';
} else {
echo '<p>The data was not entered into the database this time.</p>';
}
}
?>
</body>
</html>
Here is my View Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>View Records</title>
</head>
<body>
<table border="1" style="width:100%" >
<?php
/*
VIEW.PHP
Displays all data from 'players' table
*/
// connect to the database
include('connection.php');
// get results from database
$result = mysqli_query($connection, "SELECT * FROM members")
or die(mysqli_error());
// loop through results of database query, displaying them in the table
while($row = mysqli_fetch_array( $result )) {
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['MemberID'] . '</td>';
echo '<td>' . $row['Username'] . '</td>';
echo '<td>' . $row['Password'] . '</td>';
echo '<td>' . $row['FirstName'] . '</td>';
echo '<td>' . $row['StreetAddress'] . '</td>';
echo '<td>' . $row['Email'] . '</td>';
echo '<td>Edit</td>';
echo '<td>Delete</td>';
echo "</tr>";
}
// close table>
echo "</table>";
?>
<p>Add a new record</p>
</body>
</html>
And here is the Delete Code:
<?php
// Connect to the database
include('connection.php');
// Confirm that the 'code' variable has been set
if (isset($_GET['MemberID']))
{
// Get the 'MemberID' variable from the URL
$MemberID = $_GET['MemberID'];
// Delete record from database
if ($stmt = $connection->prepare("DELETE FROM members WHERE MemberID = ? LIMIT 1")) {
$stmt->bind_param("i",$MemberID);
$stmt->execute();
$stmt->close();
} else {
echo "ERROR: could not prepare SQL statement.";
}
$connection->close();
// Redirect user after delete is successful
header("Location: view.php");
} else {
// If the 'code' variable isn't set, redirect the user
header("Location: view.php");
}
?>
I have gone through many basic php form templates online trying to incorporate what they have done to achieve results but have not had any success. What code needs to be written for my website to have the functionality to edit records already created in the database without going through phpmyadmin. Any help is apreciated.
Edit will be just just like Add, but you need to read the record first and populate the field values.
Start with the code from add and do something like:
<?php $MemberID = (int) $_GET['MemberID']; ?>
<form action="<?php $_SERVER['PHP_SELF']?>" method="post"/> <br>
<input type="hidden" name="MemberID" value="<?php echo $MemberID; ?>"
<?php
require_once('connection.php');
$result = mysqli_query($connection, "SELECT * FROM members where MemberID = $MemberID") or die(mysqli_error());
// loop through results of database query, displaying them in the table
$row = mysqli_fetch_assoc($result);
extract($row);
echo "<label for='memberID' >Member ID:</label>";
echo "$memberID"; // member ID should not be editable
echo "<br /><br />";
echo "<label for='username' >Username:</label>";
echo "<input type='text' name='username' id='username' value="$username" />";
echo "<br /><br />";
The PHP code will have a query like
`UPDATE `members` SET `username` = '$username' ... WHERE `MemberID` = '$MemberID'"
I have a user data profile that I want to update when a user has filled out a form. When the update query is run values are being passed to the PHP script but not being changed in the table.
HTML of form:
echo "<br />";
echo "From this page you can change your profile details.";
echo "<br />";
echo "<br />";
echo "<form id='edit' action='../scripts/editscript.php' method='post' accept-charset='UTF-8'>";
echo "<label for='firstname'>First Name:</label>";
echo "<input type='text' id='firstname' name='firstname' />";
echo "<br />";
echo "<label for='lastname'>Last Name:</label>";
echo "<input type='text' id='lastname' name='lastname' />";
echo "<br />";
echo "<label for='username'>User Name:</label>";
echo "<input type='text' id='username' name='username' />";
echo "<br />";
echo "<label for='password'>Password:</label>";
echo "<input type='password' id='password' name='password' />";
echo "<br />";
echo "<label for='passwordconfirm'>Confirm Password:</label>";
echo "<input type='password' id='passwordconfirm' name='passwordconfirm' />";
echo "<br />";
echo "<label for='email'>E-Mail:</label>";
echo "<input type='email' id='email' name='email' />";
echo "<br />";
echo "<label for='like'>Something you like:</label>";
echo "<input type='text' id='like' name='like' />";
echo "<br />";
echo "<label for='dislike'>Something you dislike</label>";
echo "<input type='text' id='dislike' name='dislike' />";
echo "<br />";
echo "<label for='fact'>A fun fact about yourself:</label>";
echo "<input type='text' id='fact' name='fact' />";
echo "<br />";
echo "<label for='allow'>Do you want other people to see parts of your profile:</label>";
echo "<input type='radio' name='allow' value='yes' /> Yes";
echo "<input type='radio' name='allow' value='no' /> No";
echo "<br />";
echo "<br />";
echo "<input type='submit' name='submit' value='Confirm' />";
echo "</form>";
PHP script:
<?PHP
session_start();
$time = time();
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$salt = substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22);
$salt = str_replace("+",".",$salt);
$salt = '$2a$08$' . $salt;
$password = crypt($_POST['password'], $salt);
$email = $_POST['email'];
$like = $_POST['like'];
$dislike = $_POST['dislike'];
$fact = $_POST['fact'];
$allow = $_POST['allow'];
$UID = $_SESSION['user']['UID'];
if ($allow == 'yes') {
$allowvalue = 1;
} else {
$allowvalue = 0;
};
$con = mysqli_connect('localhost','//db_username','//db_pass','//table');
if (mysqli_connect_errno($con)) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = "UPDATE users SET firstname = '" . $firstname . "',
lastname = '" . $lastname . "',
username = '" . $username . "',
password = '" . $password . "',
email = '" . $email . "',
like = '" . $like . "',
dislike = '" . $dislike . "',
fact = '" . $fact . "',
allowview = " . $allowvalue . " WHERE UID = " . $UID . "";
mysqli_query($con,$query);
mysqli_close($con);
?>
I really don't get why this isn't going as expected. Any help is appreciated. :)
Prepared statements are not only good for avoiding sql infection but they will also help you organizing your code hence make your code more solid
<?php
session_start();
/*your variables*/
$time = time();
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$salt = substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22);
$salt = str_replace("+",".",$salt);
$salt = '$2a$08$' . $salt;
$password = crypt($_POST['password'], $salt);
$email = $_POST['email'];
$like = $_POST['like'];
$dislike = $_POST['dislike'];
$fact = $_POST['fact'];
$allow = $_POST['allow'];
$UID = $_SESSION['user']['UID'];
if ($allow == 'yes') {
$allowvalue = 1;
} else {
$allowvalue = 0;
};
$mysqli = new mysqli("localhost", "//db_username", "//db_pass", "//table");
/* check connection */
if (mysqli_connect_errno()) {
echo ("Failed to connect to MySQL:: %s\n", mysqli_connect_error());
exit();
}
/* Prepare an update statement */
$query = "UPDATE users SET firstname = ?,
lastname = ?,
username = ?,
password = ?,
email = ?,
like = ?,
dislike = ?,
fact = ?,
allowview = ? WHERE UID = ?";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("ssssssssii",$firstname, $lastname, $username, $password, $email,
$like, $dislike, $fact, $allowvalue, $UID);
/* Execute the statement */
$stmt->execute();
/* close connection */
$mysqli->close();
?>
do a
var_dump($_SESSION['user']['UID']);
most probably the id does not match the id in the db
I figured out what it was. One of the columns in my database was 'like'. This is a MySQL keyword so it was messing with my query, thanks for the suggestions anyway :)