I have some users in the database and I can edit their names and passwords but when I try to edit the username the query fails.
Here is my code
$user->username = $db->mysql_prep($_POST["username"]);
$user->hashed_password = ($_POST["password"]);
$user->firstname = $db->mysql_prep($_POST["firstname"]);
$user->lastname = $db->mysql_prep($_POST["lastname"]);
$user_query = $user->find_user_by_username($user->username);
$user->id = $user_query["id"];
$result = $user->change_user_by_id($user);
//->id,$user->username,$user->hashed_password,$user->firstname,$user->lastname
unset($user);
My change_user_by_id method:
public function change_user_by_id($user){
global $db;
global $session;
$query = "UPDATE users SET ";
$query .= "username = '{$user->username}', ";
$query .= "first_name = '{$user->firstname}', ";
$query .= "last_name = '{$user->lastname}' ";
$query .= "WHERE id = {$user->id} ";
$query .= "LIMIT 1";
$result = mysqli_query($db->connection, $query);
$db->confirm_query($result);
if ($result && mysqli_affected_rows($db->connection) == 1) {
// Success
$session->message("User updated.");
redirect_to("list.php");
} else {
// Failure
$session->message("User update failed.");
}
}
And my find_user_by_username method:
public static function find_user_by_username($username="default"){
global $db;
$query = "SELECT * ";
$query .= "FROM users ";
$query .= "WHERE username = '{$username}' ";
$query .= "LIMIT 1";
$user_set = mysqli_query($db->connection, $query);
$db->confirm_query($user_set);
if($user = mysqli_fetch_assoc($user_set)) {
return $user;
} else {
return null;
}
}
EDIT:
The only error I get is from confirm_query function I get the message "Database query failed" Here is the function:
public function confirm_query($result_set) {
if (!$result_set) {
die("Database query failed.");
}
}
EDIT 2:
Added error messages and this is what I get:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'LIMIT 1' at line 1
I figured it out it was caused by using the username to get the id, which means changing the username meant no id could be retrieved. So I changed my code and added a hidden field for id in my form.
Old code:
$user->username = $db->mysql_prep($_POST["username"]);
$user->hashed_password = ($_POST["password"]);
$user->firstname = $db->mysql_prep($_POST["firstname"]);
$user->lastname = $db->mysql_prep($_POST["lastname"]);
$user_query = $user->find_user_by_username($user->username);
$user->id = $user_query["id"];
$result = $user->change_user_by_id($user);
unset($user);
replaced by new code:
$user->username = $db->mysql_prep($_POST["username"]);
$user->hashed_password = ($_POST["password"]);
$user->first_name = $db->mysql_prep($_POST["first_name"]);
$user->last_name = $db->mysql_prep($_POST["last_name"]);
$user->id = $db->mysql_prep($_POST["id"]);
$result = $user->change_user_by_id($user);
unset($user);
Related
AIM
I am attempting to update SQL.
I suspect that the issue is either with my sql query, or with my connection. Although, I could be totally wrong.
Apologies if it's messy, but I'm using console.log to attempt to debug the issue, and the console output is:
B.1
B.2
D.1
D.2
D.3
B.2.1
B.5
In relation to sql queries, amongst others, I've attempted with the following two:
$sql = "UPDATE Users SET description = " . '$description' . "WHERE userID = " . '$this->userID';
$sql = "UPDATE Users SET description = '$description' WHERE userID = '$this->userID'";
CODE
edit-profile-handler.php
<?php
if(isset($_POST['edit-profile-button'])) {
$description = $_POST['edit-description'];
echo '<script>console.log("B.1")</script>';
if(isset($description)) {
echo '<script>console.log("B.2")</script>';
$result = $user->updateDescription($description);
echo '<script>console.log("B.2.1")</script>';
}
if($result == true) {
echo '<script>console.log("B.4")</script>';
header("Location: profile.php");
}
echo '<script>console.log("B.5")</script>';
}
?>
User.php
<?php
class User {
private $con;
private $userID;
private $description;
public function __construct($con, $userID) {
$this->con = $con;
$this->userID = $userID;
$sql = "SELECT * FROM Users WHERE userID='$this->userID'";
$query = mysqli_query($this->con, $sql);
$user = mysqli_fetch_array($query);
$this->description = $user['description'];
}
public function getID() {
return $this->userID;
}
public function updateDescription($description) {
echo '<script>console.log("D.1")</script>';
$sql = "UPDATE Users SET description = '$description' WHERE userID = '$this->userID'";
echo '<script>console.log("D.2")</script>';
$result = mysqli_query($this->con, $sql);
echo '<script>console.log("D.3")</script>';
return $result;
echo '<script>console.log("D.4")</script>';
}
}
?>
Your $result variable is not returning a BOOLEAN because it handles an UPDATE query result.
So on your updateDescription function, try to return mysqli_affected_rows() then try to check on edit-profile-handler.php if $return > 0 it means there are row/s affected by your update. You can refer here.
I'm new to PHP and I am creating a program where in a user can add a profile and add a profile picture. However, if I am to update the profile of the user and also change the profile picture, I am getting an error saying:
Warning: mysqli_query(): Couldn't fetch mysqli in C:\xampp\htdocs\cms_aries\admin\includes\admin_navigation.php on line 27
Warning: mysqli_error(): Couldn't fetch mysqli in C:\xampp\htdocs\cms_aries\admin\includes\admin_navigation.php on line 30
Error loading profile picture
Here is the code of the profile.php:
<?php
include "includes/admin_header.php";
?>
<?php
if(isset($_SESSION['username'])){
$username = $_SESSION['username'];
$query = "SELECT * FROM users WHERE user_name = '{$username}' ";
$select_user_profile_query = mysqli_query($connection, $query);
while($row = mysqli_fetch_array($select_user_profile_query)){
$user_name = $row['user_name'];
$user_firstname = $row['user_firstname'];
$user_lastname = $row['user_lastname'];
$user_email = $row['user_email'];
$user_image = $row['user_image'];
$user_password = $row['user_password'];
}
}
?>
<?php
if(isset($_POST['edit_user'])){
$the_user_firstname = escape($_POST['user_firstname']);
$the_user_lastname = escape($_POST['user_lastname']);
$the_user_email = escape($_POST['user_email']);
//Profile Images
$the_user_temp_image = $_FILES['user_image']['name'];
$the_user_image = $_FILES['user_image']['name'];
$the_user_name = escape($_POST['user_name']);
$the_user_password = escape($_POST['user_password']);
move_uploaded_file($the_user_temp_image, "../images/$the_user_image");
$query = "UPDATE users SET ";
$query .= "user_firstname = '{$the_user_firstname}', ";
$query .= "user_lastname = '{$the_user_lastname}', ";
$query .= "user_email = '{$the_user_email}', ";
$query .= "user_image = '{$the_user_image}', ";
$query .= "user_password = '{$the_user_password}' ";
$query .= "WHERE user_name = '{$the_user_name}' ";
$update_user = mysqli_query($connection,$query);
confirm($update_user);
mysqli_close($connection);
}
?>
And here is the code of the admin_navigation.php where in I am getting the error message:
<?php
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
$query = "SELECT user_image FROM users WHERE user_name = '{$username}'";
$select_profile_picture = mysqli_query($connection, $query);
if (!$select_profile_picture) {
die('Error loading profile picture'.mysqli_error($connection));
}
while ($row = mysqli_fetch_assoc($select_profile_picture)) {
$profile_picture = $row['user_image'];
}
}
?>
Careless me. I just need to change the $the_user_temp_image = $_FILES['user_image']['name'] to $the_user_temp_image = $_FILES['user_image]['tmp_name'] in order to fetched the temporary images. I also try to remove the mysqli_close($connection) in order to remove the error and fetched the values of the page because I realized that when I am closing the connection, PHP automatically vanishes the $connection variable and automatically closes the connection behind the scenes when it fits to do that.
I'm trying to create a sign up form, it was working fine until I tried to add md5 to the password field set, I'm not sure why the Query failed. Any help would be much appreciated.
function sign_up(){
if(isset($_POST['register'])){
$c_email = escape_string($_POST['c_email']);
$c_name_first = escape_string($_POST['c_name_first']);
$c_name_last = escape_string($_POST['c_name_last']);
$c_pass = escape_string($_POST['c_pass']);
$c_image = escape_string($_FILES['c_image']['name']);
$c_image_tmp = escape_string($_FILES['c_image']['tmp_name']);
$c_address = escape_string($_POST['c_address']);
$c_address_details = escape_string($_POST['c_address_details']);
$c_city = escape_string($_POST['c_city']);
$c_state = escape_string($_POST['c_state']);
$c_zip = escape_string($_POST['c_zip']);
$c_contact = escape_string($_POST['c_phone']);
move_uploaded_file($c_image_tmp, "customer/customer_images/$c_image");
$query = query("SELECT customer_id FROM customers WHERE customer_email = '{$c_email}'");
confirm($query);
if(mysqli_num_rows($query) > 0){
set_message("This email or username is taken");
}else {
$insert_c = query("INSERT INTO customers (customer_firstname,customer_lastname,customer_address,c_addr_details,customer_email,customer_pass,customer_state,customer_city,customer_zip,customer_phone,customer_image) VALUES ('$c_name_first','$c_name_last','$c_address','$c_address_details','$c_email','$c_pass','$c_state','$c_city','$c_zip','$c_contact','$c_image')");
confirm($insert_c);
}
$query = "UPDATE user SET 'customer_pass' = '".md5(md5(last_id()).$c_pass)."' WHERE 'customer_id' = '".last_id()."'";
$send_update_query = query($query);
confirm($send_update_query);
set_message_success("Sign up successful!");
}
}
Try
$query = 'UPDATE user SET customer_pass = '.md5(md5(last_id()).$c_pass).' WHERE customer_id = '.last_id();
Check you string when you use " or '
I create a function to find all firstname and lastname in my database all I want if that data is already exist I just want to output, error message
my question is how to create a function to check if data is already exist?
this is my function to find all data of firstname and lastname.
function find_student_by_firstname($firstname){
global $con;
$safe_firstname = prep($firstname);
$sql = "SELECT * ";
$sql .= "FROM studeprofile ";
$sql .= "WHERE FirstName = '{$safe_firstname}' ";
$sql .= "LIMIT 1";
$student_set = mysqli_query($con, $sql);
confirm_query($student_set);
if($student = mysqli_fetch_assoc($student_set)){
return $student;
} else {
return null;
}
}
function find_student_by_lastname($lastname){
global $con;
$safe_lastname = prep($lastname);
$sql = "SELECT * ";
$sql .= "FROM studeprofile ";
$sql .= "WHERE LastName = '{$safe_lastname}' ";
$sql .= "LIMIT 1";
$student_set = mysqli_query($con, $sql);
confirm_query($student_set);
if($student = mysqli_fetch_assoc($student_set)){
return $student;
} else {
return null;
}
}
this is my current function to check if data is already exist.
function match_fistname_lastname($lastname, $firstname){
$student_firstname = find_student_by_firstname($lastname);
if($student_firstname){
find_student_by_lastname($lastname);
} else {
return false;
}
}
If you mean by "data is already exist" that a person is in the database that matches to firstname and lastname, you don't have to execute two queries.
Use the and in mysql like this:
function find_student($firstname, $lastname){
global $con;
$safe_firstname = prep($firstname);
$safe_lastname = prep($lastname);
$sql = "SELECT * ";
$sql .= "FROM studeprofile ";
$sql .= "WHERE FirstName = '{$safe_firstname}' and LastName = '{$safe_lastname}' ";
$sql .= "LIMIT 1";
$student_set = mysqli_query($con, $sql);
confirm_query($student_set);
if($student = mysqli_fetch_assoc($student_set)){
return $student;
} else {
return null;
}
}
Sorry about the last post I had. Here's my revision, please help me.
<?php
//connect database
$sql = "SELECT * FROM user where user_id = 8320 AND password = 'admin' ";
$query = pg_query($sql);
var_dump($row = pg_fetch_array($query)); //dumps correctly.
?>
BUT THE PROBLEM IS THIS..when I try to make it as a function LIKE:
function check($user_id, $password)
{
$sql = "SELECT * FROM user where user_id = $user_id AND password = '$password' ";
$query = pg_query($sql);
$row = pg_fetch_array($query);
return $row;
}
AND CALL IT HERE:
var_dump($data = check(8320, 'admin')); DUMPS NULL;
How come it ended up like this?
Its returning NULL because there is an error with your SQL query, and no results are being returned. You should do some error checking in your function, try this version:
function check($user_id, $password)
{
$dbconn = pg_connect("host=localhost dbname=test");
$sql = "SELECT * FROM user where user_id = $1 AND password = $2 ";
$result = pg_query_params($dbconn, $sql, array($user_id,$password));
$row = pg_fetch_array($result);
if (!$row) {
echo pg_last_error($dbconn);
} else {
return $row;
}
}
Try the code below. It should work fine for you.
$data = check(8320, 'admin');
var_dump($data);
Seems like your PostgreSQL resource is missing inside the function. You have two options.
Declare the connection resource inside the function using global.
Establish the connection inside the function.
This is the first option:
$conn = pg_connect('host','user','pass','db');
function check($user_id, $password)
{
global $conn;
$sql = "SELECT * FROM user where user_id = $user_id AND password = '$password' ";
$query = pg_query($conn, $sql);
$row = pg_fetch_array($query);
return $row;
}
And this is the second option:
function check($user_id, $password)
{
$conn = pg_connect('host','user','pass','db');
$sql = "SELECT * FROM user where user_id = $user_id AND password = '$password' ";
$query = pg_query($conn, $sql);
$row = pg_fetch_array($query);
return $row;
}
According to the PHP manual, You may omit connection resource, but it is not recommended, since it can be the cause of hard to find bugs in scripts.