Page 1 of 1

Allowing user to edit only their record

Posted: Sun Aug 31, 2003 9:44 am
by tsm4781
I am creating an alumni database, and I am running into come difficulties with a few things.

When a user initially wants to submit their information, I "SELECT * FROM members" which is the table that stores all user information entered when a user registeres for the site. I then pre-populate the input fields with that data. When the user clicks submit, it stores all of that data into a different table called "current".

Additionally, I store their unique ID in the current table as "memnum."

The problem I am having is now I need to let the users be able to edit their information once submitted. They can't submit twice because I do not want duplicate entries.

What I have done is entered the following onto the page:

Code: Select all

if ($_POST['action'] == 'updatecurrent')
	{
		$name = $_POST['name'];
		$email = $_POST['email'];
		$city = $_POST['city'];
		$state = $_POST['state'];
		$phone = $_POST['phone'];
		$cell = $_POST['cell'];			
		$website = $_POST['website'];
		$memnum = $_POST['memnum'];
$query = "UPDATE current SET name = '$name', email = $email', city = '$city', state = '$state', phone = '$phone', cell = '$cell', website = '$website' WHERE id = '$id', memnum = '$memnum'";

		$result = mysql_query($query);
		$errormsg = "<font color ='#FF0000'>Updated!</font>";
		$p = 6; //List View

		}
  		else
		{ 
	$errormsg = "<font color ='#FF0000'>Oops.. something went wrong!</font>";
	$p = 6;
	}
I somehow (first) need to prepopulate the form with info from the CURRENT table that is specific to that user (which is where memnum comes into play, but it is not working.

Here is the code from the include file which (in theory) should prepopulate that users information, but I know I am wrong somewhere.

Code: Select all

<?PHP
	include_once("db.inc.php");
	
	mysql_connect($db_host,$db_user,$db_pass) or DIE("Could not connect to DB Server");
	mysql_select_db("$db_name") or DIE("Could not find DB on Server");
	
	$query = "SELECT * FROM current WHERE id = '$memnum'";
	$result = mysql_query($query);
	
	
	if (mysql_num_rows($result) > 0)
	{	
		$row = mysql_fetch_array($result);
		extract($row);
	}	

?>

<title>Update Member Information</title><table width="100%" border="0" cellspacing="5" cellpadding="0">
	<tr> 
	  <td valign="top" align="center"><form name="editcurrent" method="post" action="<?PHP echo "$PHP_SELF"; ?>">
        <table width="100%" border="0" cellspacing="2" cellpadding="3">
          <tr> 
            <td colspan="2"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="3">Edit 
              Your Current Member Directory Info: 
              <?PHP echo $errormsg; ?>
              </font></b></td>
          </tr>
          <tr> 
            <td colspan="2">If all of the information is correct, please click 
              submit. You will need to enter the year you began at IV and the 
              year you ended.</td>
          </tr>
        </table>
        <table width="100%" border="0" cellspacing="1" cellpadding="3" bgcolor="#CCCCCC">
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Username:</b></td>
            <td width="70%"> 
              <?PHP echo "$memnum"; ?>
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Name:</b></td>
            <td width="70%"> 
              <input name="name" type="text" id="name" value="<?PHP echo "$name"; ?>">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Email:</b></td>
            <td width="70%"> 
              <input name="email" type="text" id="email" value="<?PHP echo "$email"; ?>">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>City/State/Zip</b></td>
            <td width="70%"> 
              <input name="city" type="text" id="city" value="<?PHP echo "$city"; ?>">
              <input name="state" type="text" id="state" value="<?PHP echo "$state"; ?>" size="2" maxlength="2">
              <input name="zip" type="text" id="zip" value="<?PHP echo "$zip"; ?>" size="5" maxlength="5">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Phone:</b></td>
            <td width="70%"> 
              <input name="phone" type="text" id="phone" value="<?PHP echo "$phone"; ?>">
              EX: (802) 123-4567</td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Cell:</b></td>
            <td width="70%"> 
              <input name="cell" type="text" id="cell" value="<?PHP echo "$cell"; ?>">
              EX: (802) 123-4567 </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Website:</b></td>
            <td width="70%"> http:// 
              <input name="website" type="text" id="website" value="<?PHP echo "$website"; ?>">
              EX: http://www.burlingtonivcf.org</td>
          </tr>
          <tr> 
            <td height="15" colspan="2" align="center" bgcolor="#4A6588"> 
              <input name="action" type="hidden" value="updatecurrent">
              <input name="id" type="hidden" value="<?PHP echo "$id"; ?>">
              <input name="memnum" type="hidden" id="memnum" value="<?PHP echo "$memnum"; ?>">
              <input name="Submit" type="submit" id="Submit" value="Submit">
              <input type="reset" name="Reset" value="Reset">
            </td>
          </tr>
        </table>
		</form> 
		
	  </td>
	</tr>
</table>
?>

Posted: Sun Aug 31, 2003 10:26 am
by JAM
Well, start with adding ?> 's

Code: Select all

<?PHP echo "$memnum"; 
            </td>
..is bound to be broken.

Additionally, you could remove the extract, and use $row['memnum'] instead.

Posted: Sun Aug 31, 2003 10:40 am
by tsm4781
I did that. It automatically is giving me the error message "Oops.. something went wrong!" that I have as the $errormsg and it isn't prepopulating the fields at all.

Posted: Sun Aug 31, 2003 10:47 am
by JAM
But are you realizing that you have a bunch of those errors?
Another example:

Code: Select all

="<?PHP echo "$website"; "> 
// missing the ?>
="<?PHP echo "$website"; ?>">

Posted: Sun Aug 31, 2003 10:50 am
by tsm4781
I think it just pasted wrong into the forum.

Code: Select all

<?PHP
	include_once("db.inc.php");
	
	mysql_connect($db_host,$db_user,$db_pass) or DIE("Could not connect to DB Server");
	mysql_select_db("$db_name") or DIE("Could not find DB on Server");
	
	$query = "SELECT * FROM current WHERE id = '$memnum'";
	$result = mysql_query($query);
	
	
	if (mysql_num_rows($result) > 0)
	&#123;	
		$row = mysql_fetch_array($result);
		extract($row);
	&#125;	

?>

<title>Update Member Information</title><table width="100%" border="0" cellspacing="5" cellpadding="0">
	<tr> 
	  <td valign="top" align="center"><form name="editcurrent" method="post" action="<?PHP echo "$PHP_SELF"; ?>">
        <table width="100%" border="0" cellspacing="2" cellpadding="3">
          <tr> 
            <td colspan="2"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="3">Edit 
              Your Current Member Directory Info: 
              <?PHP echo $errormsg; ?>
              </font></b></td>
          </tr>
          <tr> 
            <td colspan="2">If all of the information is correct, please click 
              submit. You will need to enter the year you began at IV and the 
              year you ended.</td>
          </tr>
        </table>
        <table width="100%" border="0" cellspacing="1" cellpadding="3" bgcolor="#CCCCCC">
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Username:</b></td>
            <td width="70%"> 
              <?PHP echo "$memnum"; ?>
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Name:</b></td>
            <td width="70%"> 
              <input name="name" type="text" id="name" value="<?PHP echo "$name"; ?>">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Email:</b></td>
            <td width="70%"> 
              <input name="email" type="text" id="email" value="<?PHP echo "$email"; ?>">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>City/State/Zip</b></td>
            <td width="70%"> 
              <input name="city" type="text" id="city" value="<?PHP echo "$city"; ?>">
              <input name="state" type="text" id="state" value="<?PHP echo "$state"; ?>" size="2" maxlength="2">
              <input name="zip" type="text" id="zip" value="<?PHP echo "$zip"; ?>" size="5" maxlength="5">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Phone:</b></td>
            <td width="70%"> 
              <input name="phone" type="text" id="phone" value="<?PHP echo "$phone"; ?>">
              EX: (802) 123-4567</td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Cell:</b></td>
            <td width="70%"> 
              <input name="cell" type="text" id="cell" value="<?PHP echo "$cell"; ?>">
              EX: (802) 123-4567 </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Website:</b></td>
            <td width="70%"> http:// 
              <input name="website" type="text" id="website" value="<?PHP echo "$website"; ?>">
              EX: www.burlingtonivcf.org</td>
          </tr>
          <tr> 
            <td height="15" colspan="2" align="center" bgcolor="#4A6588"> 
              <input name="action" type="hidden" value="updatecurrent">
              <input name="id" type="hidden" value="<?PHP echo "$id"; ?>">
              <input name="id" type="hidden" id="id" value="<?PHP echo "$memnum"; ?>">
              <input name="Submit" type="submit" id="Submit" value="Submit">
              <input type="reset" name="Reset" value="Reset">
            </td>
          </tr>
        </table>
		</form> 
		
	  </td>
	</tr>
</table>

Re: Allowing user to edit only their record

Posted: Sun Aug 31, 2003 10:51 am
by m3rajk
i agree with jam. your code is flawed since it assumes php will automatically leave itself. i was advised to switched to heredocs since it's faster, so i've done that to your code for you so you can see how it's done. the ending signal can be any string, i use END, but it IS case sensitive and MUST be on a line by itself.

if you have issues after this, the repopulation from db thing i've already accomplished, so debug so you can give me just the relevant lines and i'll give you more help
tsm4781 wrote:

Code: Select all

<?PHP
	include_once("db.inc.php");
	
	mysql_connect($db_host,$db_user,$db_pass) or DIE("Could not connect to DB Server");
	mysql_select_db("$db_name") or DIE("Could not find DB on Server");
	
	$query = "SELECT * FROM current WHERE id = '$memnum'";
	$result = mysql_query($query);
	
	
	if (mysql_num_rows($result) > 0)
	{	
		$row = mysql_fetch_array($result);
		extract($row);
	}	

echo <<<END
<title>Update Member Information</title><table width="100%" border="0" cellspacing="5" cellpadding="0">
	<tr> 
	  <td valign="top" align="center"><form name="editcurrent" method="post" action="$PHP_SELF">
        <table width="100%" border="0" cellspacing="2" cellpadding="3">
          <tr> 
            <td colspan="2"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="3">Edit 
              Your Current Member Directory Info: 
              $errormsg
              </font></b></td>
          </tr>
          <tr> 
            <td colspan="2">If all of the information is correct, please click 
              submit. You will need to enter the year you began at IV and the 
              year you ended.</td>
          </tr>
        </table>
        <table width="100%" border="0" cellspacing="1" cellpadding="3" bgcolor="#CCCCCC">
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Username:</b></td>
            <td width="70%"> 
              $memnum
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Name:</b></td>
            <td width="70%"> 
              <input name="name" type="text" id="name" value="$name">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Email:</b></td>
            <td width="70%"> 
              <input name="email" type="text" id="email" value="$email">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>City/State/Zip</b></td>
            <td width="70%"> 
              <input name="city" type="text" id="city" value="$city">
              <input name="state" type="text" id="state" value="$state" size="2" maxlength="2">
              <input name="zip" type="text" id="zip" value="$zip" size="5" maxlength="5">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Phone:</b></td>
            <td width="70%"> 
              <input name="phone" type="text" id="phone" value="$phone">
              EX: (802) 123-4567</td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Cell:</b></td>
            <td width="70%"> 
              <input name="cell" type="text" id="cell" value="$cell">
              EX: (802) 123-4567 </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Website:</b></td>
            <td width="70%"> http:// 
              <input name="website" type="text" id="website" value="$website">
              EX: http://www.burlingtonivcf.org</td>
          </tr>
          <tr> 
            <td height="15" colspan="2" align="center" bgcolor="#4A6588"> 
              <input name="action" type="hidden" value="updatecurrent">
              <input name="id" type="hidden" value="$id">
              <input name="memnum" type="hidden" id="memnum" value="$memnum">
              <input name="Submit" type="submit" id="Submit" value="Submit">
              <input type="reset" name="Reset" value="Reset">
            </td>
          </tr>
        </table>
		</form> 
		
	  </td>
	</tr>
</table>
END;
?>

Posted: Sun Aug 31, 2003 10:54 am
by JAM
7th row : $memnum
Where does that come from? $_GET or $_POST. Perhaps your problem is passing variables? (Last link in my signature)

Did you try to remove the extract and use $row['field'] instead as of my previous post?

You don't happen to get mysql_num_rows($result) > 1 result do you? If you get 2 hits, you might have a problem.

Posted: Sun Aug 31, 2003 11:03 am
by volka
the missing ?> happen when you have more than one

Code: Select all

block and one of them is not complete (having matching <?php ... ?> )
see: this is working

Code: Select all

<?php
$i = NULL;
?>

Code: Select all

<?php
$i = FALSE;
?>

Posted: Sun Aug 31, 2003 11:03 am
by volka
this one isn't

Code: Select all

$i = NULL;

Code: Select all

<?php
$i = FALSE;
?>

Posted: Sun Aug 31, 2003 11:08 am
by JAM
Ah... wierdness, but thanks volka. Would explain some of the obvious issues around the board here...