I am trying to update user profile by overwriting current data in the MySql.
It isn't working properly its stating it echos my "the name doesn't exist"
Here is my php code:
``````
<?php
// see if the form has been completed
session_start();
include_once("php_includes/check_login_status.php");
include_once("php_includes/db_conx.php");
// Initialize any variables that the page might echo
$u = "";
$firstname = "";
$surname = "";
$gender = "Male";
$country = "";
$weight = "";
$height = "";
$password = "";
$password2 = "";
if(isset($_GET["u"])){
$u = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
}
$sql = "SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// check if the user exists in the database
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$firstname = $row["firstname"];
$surname = $row["surname"];
$weight = $row["weight"];
$height = $row["height"];
$email = $row["email"];
$gender = $row ["gender"];
}
if (isset($_POST['submit'])){
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$weight = $_POST['weight'];
$height = $_POST['height'];
$email = $_POST['email'];
$gender = $_POST['gender'];
mysql_connect ("localhost","root","pass123"); mysql_select_db('worldoi5_social');
// check if that user exist
$exists = mysql_query ("SELECT * FROM users WHERE username='$u' ") or die ("query cant connect");
if (mysql_num_rows ($exists) != 0) {
// update the description in the database
mysql_query("UPDATE users SET firstname='$firstname', surname='$surname', weight='$weight', height='$height' WHERE username='$u'") or die ("update could not be applied");
echo "successful";
} else echo "the name does not exist";
}
?>
I have made the code work with less code, but since i have added more it stopped working, and the data reads fine, I do not see the errors or mistake.
here is a bit of the HTML aswell:
<form action="user1.php" method="POST">
<div>
<p>First Name: <input type="text" name="firstname" id="firstname" value="<?=$firstname?>"></p>
<p>Surname: <input type="text" name="surname" id="surname" value="<?=$surname?>"></p>
<p>Weight: <input type="text" name="weight" id="weight" value="<?=$weight?>"></p>
<p>Height: <input type="text" name="height" id="height" value="<?=$height?>"></p>
<p> <input type="submit" name="submit" id="submit" value="Update Description"></p>
</div>
</form>
</body>
I figured out the answer:
from the php code line
$exists = mysql_query ("SELECT * FROM users WHERE username='$u' ")
the single and double quots where messed up so i had to use it like this;
$exists = mysql_query ("SELECT * FROM users WHERE firstname='" . $firstname . "'")
then it read it properly also i decided to use firstname as the selective
Related
I cannot login to my web application which is currently running on my local server. Please help, below is the PHP script...Your help will be appreciated. Thank you.
<?php
session_start();
if (isset($_POST['submit'])){
include 'db.inc.php';
//Escape special characters/
$email = mysqli_real_escape_string($conn, $_POST['email']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
$login = "SELECT * FROM users WHERE user_email='$email'";
$result = mysqli_query($conn, $login);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header('Location: ../register.php?login=error-zero');
} else {
if ($row = mysqli_fetch_assoc($result)) {
$hashedpwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedpwdCheck == false) {
header('Location: ../register.php?login=error'); //IT STOPS RUNNING HERE
exit();
} elseif ($hashedpwdCheck == true){
$_SESSION['name'] = $row['user_name'];
$_SESSION['lastname'] = $row['user_last_name'];
$_SESSION['idnumber'] = $row['user_id_number'];
$_SESSION['cellnumber'] = $row['user_cell'];
$_SESSION['email'] = $row['user_email'];
header('Location: ../inc/profile.php');
exit();
}
}
}
}
Below is the HTML login form...
<form action="inc/login.inc.php" method="POST">
<label>Email</label><br>
<input type="email" name="email" placeholder="Email"><br>
<label>Password</label><br>
<input type="password" name="pwd" placeholder="Password">
<br>
<button type="submit" name="submit">Login</button>
<p>Need An Account? Create <a href="register.php">New
Account</a>.</p>
</form>
You don't fetch data from the database for this you can us of function fetch_assoc().
The function fetch_assoc() puts all the results into an associative array
plz add this line $row = $result->fetch_assoc(); in your code.like below
.
.
.
$login = "SELECT * FROM users WHERE user_email='$email'";
$result = mysqli_query($conn, $login);
$resultCheck = mysqli_num_rows($result);
$row = $result->fetch_assoc();
.
.
.
Here is the code, I search in the net for the UPDATE statement, and this is what I learned, but even if it doesn't make an error, it doesnt change the information in database.
update.inc.php:
<?php
session_start();
include '../data_base.php';
include 'header.php';
$first = $_POST['first'];
$last = $_POST['last'];
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$number = $_POST['number'];
$age = $_POST['age'];
$email = $_POST['email'];
$sql = "UPDATE user
SET first = $first, last = $last, uid = $uid, pwd = $pwd, number = $number, age = $age, email = $email
WHERE id = $id";
$result = mysqli_query($conn,$sql);
header("Location: ../index.php");
?>
update.php:
<?php
include 'header.php';
?>
<?php
if (isset($_SESSION['id'])) {
echo "You Can Edit Your Files!";
} else {
echo "You Need To Create An Account First!";
}
?>
<br><br><br>
<?php
if (isset($_SESSION['id'])) {
echo "<form action='includes/update.inc.php' method='POST'>
<input type='text' name='first' placeholder='FirstName'><br>
<input type='text' name='last' placeholder='LastName'><br>
<input type='text' name='uid' placeholder='UserName'><br>
<input type='password' name='pwd' placeholder='Password'><br>
<input type='text' name='number' placeholder='Telemóvel'><br>
<input type='text' name='age' placeholder='Idade'><br>
<input type='text' name='email' placeholder='Email'><br>
<button type='submit'>EDIT</button>
</form>";
}
?>
Need Help.
First enable error in your file and change your query with
$sql = "UPDATE user
SET first = '$first', last = '$last', uid = '$uid', pwd = '$pwd', number = '$number', age = '$age', email = '$email'
WHERE id = $id";
enable errors
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
Your code is open to sql injection so I would like to prefer to make use of prepared statement with mysqli(preferred is PDO one)
$sql = "UPDATE user
SET first = ?,
last = ?,
uid = ?,
pwd = ?,
number = ?,
age = ?,
email = ?
WHERE id = ?";
$stmt = $mysqli->prepare($sql);
// here s represnts string and i represents integer to the corresponding variable
// example $firstname is string, i $uid is integer
$stmt->bind_param("ssisiisi",$firstname,$lastname,$uid,$pwd,$number,$age,$email,$id);
$first = $_POST['first'];
$last = $_POST['last'];
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$number = $_POST['number'];
$age = $_POST['age'];
$email = $_POST['email'];
// in above your $id is missing
$id = $_POST["id"];
// now execute the statement now your database changes
$stmt->execute();
echo "Record updated successfylly";
header("Location: ../index.php");
I am trying to put together a form that is populated from data in a MySQL. Then I want to allow the visitor to change information in that form and by pressing a button, update the database with the new information. This is going to be used by only about 700 people or less to update their member information and access to the form will be through an email that the member gets, so it doesn't have to be a bullet proof system.
I am giving the member a link that displays their member information (that part works) It is just when I attempt to send them to the last page that would do the update is where I get the 500 Server Error. Here is some of my code from the form for them to update. It populates the fields from the database and allows the member to edit the field :
<form name="update" action="submitupdate.php" method="POST" />
<input type="hidden" name="id" value="<?=$record['id']?>"
<tr><b>Business Name: </b></br><input type="text" size="55" name="business_name" value="<?=$record['business_name']?>" ></tr></br></br>
Here is my submitupdate.php (That I get the 500 Server error on):
$con = mysql_connect("lxxxxx", "xxxxxx", "xxxxx");
mysql_select_db("xxxxxx", $con);
if(!$con){
die("Can not connect " . mysql_error());
}
$id = $_POST['id'];
$business_name = $_POST['business_name'];
$phone = $_POST['phone'];
$fax = $_POST['fax'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$website = $_POST['website'];
$contact = $_POST['contact'];
$email = $_POST['email'];
if(isset($_POST['update'])) {
$UpdateQuery = "UPDATE members SET business_name='$_POST[business_name]', phone='$_POST[phone]', fax='$_POST[fax]', address1='$_POST[address1]', address2='$_POST[address2]', city='$_POST[city]', state='$_POST[state]', zip='$_POST[zip]', website='$_POST[website]', contact='$_POST[contact]', email='$_POST[email]', update_flag='$_POST[update_flag]', WHERE id='$id'";
mysql_query($UpdateQuery, $con);
$retval = mysql_query($UpdateQuery, $con);
if ($retval )
{
$sql = "SELECT * FROM members WHERE id = $id";
$my_Data = mysql_query($sql,$con);
while($record = mysql_fetch_array($my_Data)) {
?>
</br>
Then I just want to display the updated record
<tr><b>Business Name: </b></br><input type="text" size="55" name="business_name" value="<?=$record['business_name']?>" ></tr></br></br>
<tr><b>Phone: </b></br><input type="text" size="55" name="phone" value="<?=$record['phone']?>" > </tr></br></br>
I have created a social website, so far everything is good with the loggin and logout etc... but when it comes to the edit profile page I cant figure out my error can somebody suggest whats wrong or is there a better way to approach this Update Profile page.
The error I am getting is:
Parse error: syntax error, unexpected '$firstname' (T_VARIABLE) in C:\wamp\www\change.php on line 28
My PHP code:
<?php
session_start();
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
}
else {
echo "You have not signed in";
}
?>
<?php
include_once ("php_includes/db_conx.php");
$sql = "SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$username = $row["surname"];
$firstname = $row["firstname"];
$surname = $row["surname"];
$weight = $row["weight"];
$height = $row["height"];
}
function filter($date)
{
return trim(htmlspecialchars($date));
}
$username = filter($_POST['username'])
$firstname = filter($_POST['firstname'])
$surname = filter($_POST['surname'])
$weight = filter($_POST['weight'])
$height = filter($_POST['height'])
if (username)
{
$sql = mysql_query ("UPDATE users SET username='$username', firstname='$firstname', surname='$surname', weight='$weight', height='$height' WHERE username='$username'")
or die (mysql_error());
}
?>
<form action="change.php" method="post">
Username: <input type="text" name="username"><br />
Firstname: <input type="text" name="firstname"><br />
Surname: <input type="text" name="surname"><br />
weight: <input type="text" name="weight"><br />
height: <input type="text" name="height"><br />
<input type="submit" value="Submit">
</form>
$username = filter($_POST['username']);
$firstname = filter($_POST['firstname']);
$surname = filter($_POST['surname']);
$weight = filter($_POST['weight']);
$height = filter($_POST['height']);
You need to terminate each statement/ line with ;
$sql = mysql_query ("UPDATE users SET weight='$weight', height='$height' WHERE username='$username'")
i think you have to create like this
$sql = mysql_query ('UPDATE users SET username ="'.$username.'" WHERE username="'.$username.'"');
$sql = mysql_query ('UPDATE users SET firstname="'.$firstname.'" WHERE username = "'.$username.'"');
$sql = mysql_query ('UPDATE users SET surname="'.$surname.'" WHERE username = "'.$username.'"');
$sql = mysql_query ('UPDATE users SET weight='".$weight."' WHERE username = "'.$username.'"');
$sql = mysql_query ('UPDATE users SET height="'.$height.'" WHERE username="'.$username'"');
paste this codes.
You need to terminate each line of code with a semicolon. Line 27 (and the next four lines) are missing the semicolon.
I am new to PHP so please be patient with me! I am trying to set up a user login page but every time I click log in it won't recognize the data that is already in the database. I currently have 7 sections in a the table but only taking data from 2 sections. I am unsure where abouts I am going wrong could be the php or the MySQL queries Would someone help me please!
<?PHP
$email = "";
$pword = "";
$errorMessage = "";
$num_rows = 0;
function quote_smart($value, $handle) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value, $handle) . "'";
}
return $value;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$email = $_POST['Email'];
$pword = $_POST['Password'];
$email = htmlspecialchars($email);
$pword = htmlspecialchars($pword);
$e_mail = "root";
$pass_word = "";
$database = "the_travel_cult";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $e_mail, $pass_word);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$email = quote_smart($email, $db_handle);
$pword = quote_smart($pword, $db_handle);
$SQL = "SELECT * FROM user_login WHERE Email='$email' AND Password='$pword'";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);
//if(!$result) die ('Unable to run query:'.mysql_error());
if ($result) {
if ($num_rows > 0) {
session_start();
$_SESSION['user_login'] = "1";
header ("Location: SignedIn.php");
}
else {
session_start();
$_SESSION['user_login'] = "";
//$errorMessage = "Not Registered";
header ("Location: Register.php");
}
}
else {
$errorMessage = "Error logging on";
}
mysql_close($db_handle);
}
else {
$errorMessage = "Error logging on";
}
}
?>
<FORM NAME ="form1" METHOD ="POST" ACTION ="HomePage.php">
<form method=post action=”login.php”>
<p><center><strong>Email Addres:</strong></center><br>
<center><input type=”text” name= 'email' value="<?PHP print $email;?>" size=40 maxlength=100></center>
<p><center><strong>Password</strong></center><br>
<center><input type=”text” name= 'password' value="<?PHP print $pword;?>" size=40 maxlength=20></center>
<P align = center>
<INPUT TYPE = "Submit" Name = "Submit1" VALUE = "Login">
<form action="Register.php"> <input type="submit" value="Sign Up"> </form>
First off, congratulations on starting to code. I hope you're having fun!
It looks like you might have a case of "case sensitivity" going on. I noticed that you have the following code at the top:
$email = $_POST['Email'];
$pword = $_POST['Password'];
However, in your HTML, you're actually passing those variables named in all lowercase. Try changing either the code at the top to:
$email = $_POST['email'];
$pword = $_POST['password'];
Or the name of your inputs to "Email" and "Password" (again, notice the uppercase first letter). An easy way to check if the problem is here (vs something in the query) is to
var_dump($_POST);
to see what exactly your script is getting from the form submission.
For more information, see PHP's http://php.net/manual/en/language.variables.basics.php or check out a related post to see how you can make your own case insensitivity check though be warned: it's more work. PHP: Case-insensitive parameters