Update Script...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tobimichigan
Forum Commoner
Posts: 48
Joined: Sun May 10, 2009 1:35 pm

Update Script...

Post by tobimichigan »

Please I have been battling with this code for the past 4 days I seem not to get it...I'm supposed to be able to display and update contents of mysql but it either not displaying the values or its not updating at all what really is wrong?
Here's my Work so far:

Login.php

Code: Select all

<?php
include	("cn.php");
if (isset($_POST['submit'])) {
	$username=$_POST['username'];
	$password=$_POST['password'];

$select="select * from users where username='$username' and password='$password'";
$rs_cat=mysql_query($select);
$row=mysql_fetch_array($rs_cat);
	$username=$row['username'];
	$password=$row['password'];	
if ($username==$row['username']) {
		if ($password==$row['password']) {

	$_SESSION['username']="$_POST[username]";
	$_SESSION['password']="$_POST[password]";
	header("location:Welcome.php?user=$_SESSION[username]&sessid=$sessid");


		}
}
else {
header("location:Not_Logged.php");	
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>LOGIN</title>
</head>

<body>
<table align="center">
<form name="login" action="" method="post">
<tr>
<td>

<th scope="col"><strong>LOGIN</strong></th>
</td>
</tr>
<tr>
<td>
USERNAME
<th scope="col"><input name="username" type="text" /></th>
</td>
</tr>
<tr>
<td>
PASSWORD
<th scope="col"><input name="password" type="password" /></th>
</td>
</tr>
<tr>
<td>

<th scope="col"><input name="submit" type="submit" value="LOGON" /></th>
</td>
</tr>
</form>
</table>
</body>
</html>

Welcome.php

Code: Select all

<?php
include("cn.php");
//$username=$_GET['username'];
if (!@$_SESSION['username']){
header("location:Not_Logged.php"); }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcomee</title>
</head>

<body>
Welcome <?php echo ("$_SESSION[username]");?>

<p><li><?php echo ("<a href='Logout.php?user=$_SESSION[username]&sessid=$sessid'>Logout</a>");?></li>
<li><?php echo ("<a href='update.php?user=$_SESSION[username]&sessid=$sessid'>Update</a>");?></li>
</body>
</html>
Update.php

Code: Select all

<?php
include("cn.php");
//$username=$_GET['username'];
if (!@$_SESSION['username']){
   header("location:Not_Logged.php"); 
   }
$oldname = $_SESSION['username'];
$select="select * from users where username='$_SESSION[username]'";
   $rs_cat=mysql_query($select);

$row=mysql_fetch_array($rs_cat);
$id=$row['id'];
$old_user_name = $row['username'];
$old_password = $row['password'];

if (isset($_POST['update'])) {
   $update=$_GET['update'];}
else {$update=0;}   

if ($update = "1") {
     $username=$_POST['username'];
	 $password=$_POST['password'];
$update="UPDATE users SET username='$username', password='$password' where username = '$_SESSION[username]'";
$ur=mysql_query($update) or die (mysql_error());
   
}
//}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>UPDATE</title>
</head>

<body>
<?php //echo $_SESSION['username'];?>
<table align="center" >
<form name="login" action=""  method="post"/>
<tr>
<td>

<th scope="col"><strong>UPDATE</strong></th>
</td>
</tr>
<tr>
<td>
USERNAME
<th scope="col"><input name="username" type="text"  value="<?php echo ("$row[username]");?>"/></th>
</td>
</tr>
<tr>
<td>
PASSWORD
<th scope="col"><input name="password" type="password" value="<?php echo ("$row[password]");?>" /></th>
</td>
</tr>
<tr>
<td>
<th scope="col"><input name="update" type="submit" value="UPDATE" /></th>
</td>
</tr>
<tr>
<td>
<th scope="col"><input name="id" type="hidden"  value="<?php echo $row[id];?>"  /></th>
</td>
</form>
</table>
</body>
</html>
Not_Logged.php

Code: Select all

<?php
include	("cn.php");
if (isset($_POST['submit'])) {
	$username=$_POST['username'];
	$password=$_POST['password'];

$select="select * from users where username='$username' and password='$password'";
$rs_cat=mysql_query($select);
$row=mysql_fetch_array($rs_cat);
	$username=$row['username'];
	$password=$row['password'];	
if ($username==$row['username']) {
		if ($password==$row['password']) {

	$_SESSION[username]="$username";
	$_SESSION[password]="$password";
	header("location:Welcome.php?user=$_SESSION[username]&sessid=$sessid");


		}
}
else {
header("location:Not_Logged.php");	
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Not_Logged</title>
<style type="text/css">
<!--
body,td,th {
	color: #F00;
}
-->
</style></head>

<body>
<table align="center">
<form name="login" action="" method="post">

<tr>
<td>
<th scope="col"><strong>INVALID LOGIN</strong></th>
</td>
</tr>
<tr>
<td>
USERNAME
<th scope="col"><input name="username" type="text" /></th>
</td>
</tr>
<tr>
<td>
PASSWORD
<th scope="col"><input name="password" type="password" /></th>
</td>
</tr>
<tr>
<td>

<th scope="col"><input name="submit" type="submit" value="LOGON" /></th>
</td>
</tr>
</form>
</table>
</body>
</html>
cn.php

Code: Select all

<?php
session_start();
$sessid=md5(uniqid(rand()));
$host="localhost";
$user="root";
$password="";
$db="test";
$con=mysql_connect("$host","$user","","$db");
$select=mysql_select_db($db);

if (!@$con) {
 echo ("Con Failed").mysql_error();
}
//else
//echo "Full Connection Established...Nice Work";
//else echo ("Connected and Db selected..Nice Work");
?>
Table struc:
-- phpMyAdmin SQL Dump
-- version 3.2.4
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Sep 10, 2010 at 04:51 PM
-- Server version: 5.1.41
-- PHP Version: 5.3.1

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Database: `test`
--

-- --------------------------------------------------------

--
-- Table structure for table `users`
--

CREATE TABLE IF NOT EXISTS `users` (
`id` int(233) NOT NULL AUTO_INCREMENT,
`username` varchar(233) DEFAULT NULL,
`password` varchar(233) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

--
-- Dumping data for table `users`
--

INSERT INTO `users` (`id`, `username`, `password`) VALUES
(1, '', '');

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

Please could some1 point out where I'm actually missing the point here?
User avatar
timWebUK
Forum Contributor
Posts: 239
Joined: Thu Oct 29, 2009 6:48 am
Location: UK

Re: Update Script...

Post by timWebUK »

When you refer to $_POST['']; and $_SESSION[''] you are missing out the apostrophes.

Code: Select all

$_POST['username']; //correct
$_POST[username]; //incorrect
Your code is also completely open to SQL injection. If you could post the error messages that would be useful.
tobimichigan
Forum Commoner
Posts: 48
Joined: Sun May 10, 2009 1:35 pm

Re: Update Script...

Post by tobimichigan »

timWebUK wrote:When you refer to $_POST['']; and $_SESSION[''] you are missing out the apostrophes.

Code: Select all

$_POST['username']; //correct
$_POST[username]; //incorrect
Your code is also completely open to SQL injection. If you could post the error messages that would be useful.
Presently, tim, there r no error messages at all..as regards the:

Code: Select all

$_POST['username']; //correct
$_POST[username]; //incorrect
you refered to,php says "t-variable" error the moment u put those in quotes...so its not that..really..could you run these codes and see for yourself what the problem might be?
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: Update Script...

Post by McInfo »

If you see no error messages, it is because they are being suppressed, either with the error control operator (@) or because error_reporting and/or display_errors are disabled.

PHP handles the the session ID, so why generate $sessid?

The user's name is not a unique identifier because the "username" field in the MySQL table has no UNIQUE nor PRIMARY key. Only the "id" field can be used to uniquely identify a user.

Always exit after a Location header. Sending a Location header does not terminate the script.

Here, the script looks for $_POST['update'], but then $_GET['update'] is used.

Code: Select all

if (isset($_POST['update'])) { // Checking for 'update' in POST
    $update = $_GET['update']; // Getting 'update' from GET
} else {
    $update = 0;
}
Then, the script supposedly tests to see if the submitted value is "1" even though the button named "update" has a value of "UPDATE".

Code: Select all

if ($update = "1")
Actually, the test is deceiving. Because there is a single equal sign rather than two, an assignment occurs, not a comparison. What is really being tested is

Code: Select all

if ("1")
which is always true. A better condition would be

Code: Select all

if (isset ($_GET['update']))
On placement of form tags:

Code: Select all

<!-- Improper: -->
<table>
    <form>
        <tr>
            <td>
            </td>
        </tr>
    </form>
</table>

<!-- Proper: -->
<form>
    <table>
        <tr>
            <td>
            </td>
        </tr>
    </table>
</form>

<!-- Acceptable: -->
<table>
    <tr>
        <td>
            <form>
            </form>
        </td>
    </tr>
</table>
tobimichigan
Forum Commoner
Posts: 48
Joined: Sun May 10, 2009 1:35 pm

Re: Update Script...

Post by tobimichigan »

Mcinfo, thanks for those lovely corrections. I took time out this evening to implement them I observed some mistakes like you rightly pointed out..however, there r still a few glitches..here is my current code for the upate:

Login.php

Code: Select all

<?php
include	("cn.php");
if (isset($_POST['submit'])) {
	$username=$_POST['username'];
	$password=$_POST['password'];
	$id=$_POST['id'];//new $_POST variable introduced...

$select="select * from users";
$rs_cat=mysql_query($select);
$row=mysql_fetch_array($rs_cat);
	$username=$row['username'];
	$password=$row['password'];
	$id=$row['id'];	

if ($username==$row['username']) {
		if ($password==$row['password']) {
				if ($id==$row['id']) {
	$_SESSION['username']="$_POST[username]";
	$_SESSION['password']="$_POST[password]";
	$_SESSION['id']="$_POST[id]";//session id initialized

	header("location:Welcome.php?user=$_SESSION[username]&sessid=$sessid&id=$id");//notice the passing

				}
		}
}
else {
header("location:Not_Logged.php");	
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>LOGIN</title>
</head>

<body>
<table align="center">
<form name="login" action="" method="post">
<tr>
<td>

<th scope="col"><strong>LOGIN</strong></th>
</td>
</tr>
<tr>
<td>
USERNAME
<th scope="col"><input name="username" type="text" /></th>
</td>
</tr>
<tr>
<td>
PASSWORD
<th scope="col"><input name="password" type="password" /></th>
</td>
</tr>
<tr>
<td>

<th scope="col"><input name="submit" type="submit" value="LOGON" /></th>
</td>
</tr>
</tr>
<tr>
<td>
<th scope="col"><input name="id" type="hidden"  value="<?php echo $id;?>"  /></th>
</td></tr>
</form>
</table>
</body>
</html>

Update.php

Code: Select all

<?php
include("cn.php");
//$username=$_GET['username'];
if (!@$_SESSION['username']){
   header("location:Not_Logged.php"); 
   }
$id=$_GET['id'];//traps the id in the url
//$username=$_GET['username'];
//$password=$_GET['password'];
$oldname = $_SESSION['username'];
$select="select * from users where id='$_GET[id]'";
   $rs_cat=mysql_query($select);

$row=mysql_fetch_array($rs_cat);
$id=$row['id'];//this value reflects in the form method
$old_user_name=$row['username'];//this value refuses to show up much less update
$old_password=$row['password'];//this value refuses to show up much less update

if (isset($_POST['update'])) {
   $update=$_POST['update'];}
else {$update=0;}   

     $username=$_POST['username'];
	 $password=$_POST['password'];
$update="UPDATE users SET username='$username', password='$password' where id ='$_GET[id]'";
$ur=mysql_query($update) or die (mysql_error());
   
//}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>UPDATE</title>
</head>

<body>
<p><li><?php echo ("<a href='Logout.php?user=$_SESSION[username]&sessid=$sessid'>Logout</a>");?></li>
<li><?php echo ("<a href='update.php?user=$_SESSION[username]&sessid=$sessid'>Update</a>");?></li>
<li><?php echo ("<a href='update2.php?user=$_SESSION[username]&sessid=$sessid'>Update2</a>");?></li></p>

<?php //echo $_SESSION['username'];?>

<form "login" action=""  method="post">
    <table align="center">
        <tr>
            <td>
            <th scope="col"><strong>UPDATE</strong></th>
            </td>
        </tr>
        <tr>
            <td>USERNAME
            <th scope="col"><input name="username" type="text"  value="<?php echo $row['username'];?>"/></th>
            </td>
        </tr>
        <tr>
            <td>PASSWORD
            <th scope="col"><input name="password" type="text"  value="<?php echo $row['password'];?>"/></th>
            </td>
        </tr>
        <tr>
            <td>
            <th scope="col"><input name="update" type="submit"  value="UPDATE"/></th>
            </td>
        </tr>
        <tr>
            <td>
            <th scope="col"><input name="id" type="hidden"  value="<?php echo $row['id'];?>"  /></th>
            </td>
        </tr>
    </table>
</form>
</body>
</html>
Here's what I have done,
1. In the Login form, I have passed the primary_id in the db into the Welcome.php page, then to the update.php urls respectively.
2. I also corrected the table layout as you said.
3. Finally, in the update page, the id passed into the url echoed back as a parameter in the "hidden" form field. But the other 2 (username, password in the value form parameter ie value="<?php echo $row['username'];?>", and value="<?php echo $row['password'];?>") refused to show up as in value="<?php echo $row['id];?>", which suprisingly shows up.

What am I missing this time?
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: Update Script...

Post by McInfo »

Step through your code and consider each line carefully. Especially pay attention to the variables. If you aren't 100% sure what a particular function does, find it in the manual.

Clean up the formatting so the indentation is consistent. Well-formatted code can help you catch syntax and logic errors.

Draw a flowchart to help yourself better understand the logic of the task.
tobimichigan
Forum Commoner
Posts: 48
Joined: Sun May 10, 2009 1:35 pm

Re: Update Script...

Post by tobimichigan »

Been offline for a while, Mcinfo what you said was actually correct, while I was offline here was what I did..I commented on my errors by the way

Code: Select all

<?php
include("cn.php");
$msg="Record_Updated";
//$username=$_GET['username'];
if (!@$_SESSION['username']){
	header("location:Not_Logged.php"); }

$select="select * from users where username='$_SESSION[username]'";
	$rs_cat=mysqli_query($con,$select);

$row=mysqli_fetch_array($rs_cat);
$username=$row['username'];
$password=$row['password'];
$id=$row['id'];

if (isset($_POST['update'])) {//this actually was one of my trouble spot now corrected
	$update=$_POST['update'];
	
//this was another place i MISSED but now corrected
$username=$_POST['username'];
$password=$_POST['password'];	  	
//finally where id='$row[id]' I used now works after passing it as a parameter
$update="UPDATE users SET username='$_POST[username]', password='$_POST[password]' where id='$row[id]'";
$ud=mysqli_query($con,$update);
}
//}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>UPDATE</title>
</head>

<body>
<p><li><?php echo ("<a href='Logout.php?user=$_SESSION[username]&sessid=$sessid&id=$id'>Logout</a>");?></li>
<li><?php echo ("<a href='update.php?user=$_SESSION[username]&sessid=$sessid&id=$id'>Update</a>");?></li>
<?php //echo $_SESSION['username'];?>
<table align="center" >
<form name="login" action="<?php $_SERVER['PHP_SELF'];?>" "  method="post"/>
<tr>
<td>

<th scope="col"><strong>UPDATE</strong></th>
</td>
</tr>
<tr>
<td>
USERNAME
<th scope="col"><input name="username" type="text"  value="<?php echo ("$row[username]");?>"/></th>
</td>
</tr>
<tr>
<td>
PASSWORD
<th scope="col"><input name="password" type="password" value="<?php echo ("$row[password]");?>" /></th>
</td>
</tr>
<tr>
<td>
<th scope="col"><input name="update" type="submit" value="UPDATE" /></th>
</td>
</tr>
<tr>
<td>
<th scope="col"><input name="id" type="hidden"  value="<?php echo $row[id];?>"  /></th>
</td>
</form>
</table>
</body>
</html>
The only problem I'm now having is that after it updates the db, it shows blank entries..until I log out and log in again...before it shows the values what do you think might be responsible for that?
Post Reply