php code double updating

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
proweb
Forum Newbie
Posts: 1
Joined: Sat Dec 26, 2009 11:58 am

php code double updating

Post by proweb »

I have a user page when they login and this when the user updates there Bev Preference "vip_bev" it also updates the Payment Type "payment_type", what am I doing wrong? Example, if I select beverage and click save to update the user account information it puts a value of "o" in the db, vice versa

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
<?php
include 'dbc.php';
page_protect();
$id=$_SESSION['user_id'];
$rs_settings = mysql_query("select * from `users` where `id`='$id'");

if($_POST['doUpdate'] == 'Update')
{

$rs_pwd = mysql_query("select `pwd` from `users` where `id`='$id'");
list($old) = mysql_fetch_row($rs_pwd);

if($old == md5($_POST['pwd_old']))
{
$newmd5 = md5(mysql_real_escape_string($_POST['pwd_new']));
mysql_query("update `users` set `pwd`='$newmd5' where `id`='$id'");
header("Location: mysettings.php?msg=Your new password is updated");
} else
{
header("Location: mysettings.php?msg=Your old password is invalid");
}

}
if($_POST['doSave'] == 'Save')
{
function filter($arr) {
return array_map('mysql_real_escape_string', $arr);
}
$_POST = filter($_POST);

mysql_query("UPDATE users SET
`first_name` = '$_POST[first_name]',
`last_name` = '$_POST[last_name]',
`address` = '$_POST[address]',
`city` = '$_POST[city]',
`state` = '$_POST[state]',
`zip` = '$_POST[zip]',
`tel` = '$_POST[tel]',
`user_email` = '$_POST[user_email]',
`payment_type` = '$_POST[payment_type]',
`payment_acct` = '$_POST[payment_acct]',
`payment_exp` = '$_POST[payment_exp]',
`vip_bev` = '$_POST[vip_bev]'
where `id`='$id'") or die(mysql_error());

header("Location: mysettings.php?msg=Profile+Sucessfully+saved");
}
?>
<?php
$sql="SELECT DISTINCT bevtype1 FROM fmp";
$result=mysql_query($sql);

$options="";

while ($row=mysql_fetch_array($result)) {

$bevtype1=$row["bevtype1"];
$options.="<OPTION VALUE=\"$bevtype1\">".$bevtype1;
}
?>
<SELECT NAME=vip_bev id="vip_bev">
<OPTION VALUE=0>Change Beverage
<?=$options?>
</SELECT>
<? echo $row_settings['vip_bev']; ?></li>
</ul>
<h3 class="titlehdr style3">&nbsp;</h3>
<h3 class="titlehdr style3">Payment information<br></strong> </h3>
<strong> <img src="../images/visa_mastercard_etc.png" alt="Choose payment type" width="217" height="35">
<li class="form"><span class="narrow"><span class="name">Payment Type</span>
<?php
$sql="SELECT DISTINCT cardtype1 FROM fmp";
$result=mysql_query($sql);

$options="";

while ($row=mysql_fetch_array($result)) {

$cardtype1=$row["cardtype1"];
$options.="<OPTION VALUE=\"$cardtype1\">".$cardtype1;
}
?>
<SELECT NAME=payment_type id="payment_type">
<OPTION VALUE=0>Change Card
<?=$options?>
</SELECT>
<? echo $row_settings['payment_type']; ?></li>

<li class="form"><span class="narrow"><span class="name">Acct Number</span><input name="payment_acct" id="payment_acct" type="text" value="<? echo $row_settings['payment_acct']; ?>"/></li>
<li class="form"><span class="narrow"><span class="name">Exp. Date</span><input name="payment_exp" id="payment_exp" type="text" value="<? echo $row_settings['payment_exp']; ?>"/></li>
</li>
<li class="form">
<input name="doSave" type="submit" id="doSave" value="Save">
</form>
<? } ?>
Post Reply