i cant find the problem with my code for update query

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
liyun88
Forum Commoner
Posts: 51
Joined: Thu Mar 31, 2011 12:18 pm

i cant find the problem with my code for update query

Post by liyun88 »

hi,i face some problem for update into database..i hv same problem with these two update proble..one is update session_id in login.php..when the user success login,it supposed to have the session_id in mysql database n hv change current session_id to new one..
second case is save_editProfile.php,it will also change and update in mysql database after the user change their datail and to send in mysql database..
can anyone help me to check and correct anything wrong with my code??any help will greatly appreciated...thanks in advance..
this is login.php

Code: Select all

<?php
session_start();

include 'application.php';

$id = $_REQUEST['id'];
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];

$query = 'SELECT * FROM register WHERE username = "'. mysql_real_escape_string($username) . '"';

    $result = mysql_query($query);  

if ($data = mysql_fetch_object($result))
{

$_SESSION['dbhash'] = $data->password;
$_SESSION['checkhash'] = md5($password);

  if(md5($password) == $data->password)
  {
   $_SESSION["login"] = true;
   $_SESSION["username"] = $data->username;
   $_SESSION["id"] = $data->id;
 
  if(mysql_num_rows($result) == 1){  
            $user = mysql_fetch_assoc($result);  
            $query_update = 'UPDATE register SET session_id = "' . session_id() . '" WHERE id = "' . $user['id'] . '" LIMIT 1';  
            mysql_query($query_update);  
  }
  }
}
redirect('home.php');

?>
the one is save_editProfile.php

Code: Select all

<?php
session_start();
require_once 'config.php' ;
require_once 'application.php' ;

$id = $_SESSION['id'];



$query = 'UPDATE register set name = "' . mysql_real_escape_string($_REQUEST['name']) . '", 
username = "' . mysql_real_escape_string($_REQUEST['username']) . '", 
gender = "' . mysql_real_escape_string($_REQUEST['gender']) . '", 
phone = "' . mysql_real_escape_string($_REQUEST['phone']) . '", 
email = "' . mysql_real_escape_string($_REQUEST['email']) . '" , 
address = "' . mysql_real_escape_string($_REQUEST['address']) . '" WHERE id = $id';
$result = mysql_query($query);

if(!empty($_REQUEST["password"]) )
{
  $query = 'UPDATE register set password = md5("' . mysql_real_escape_string($_REQUEST["password"]) . '") WHERE id = $id';
  $result = mysql_query($query);
}

   
    redirect("home.php?id=$id");

?>



User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: i cant find the problem with my code for update query

Post by Darhazer »

For the first one, you've already fetched the user via
$data = mysql_fetch_object($result)
and because of this $user = mysql_fetch_assoc($result); doesn't work - the result is fetched and mysql_fetch_assoc treis to fetch it again.
For the second one, you are using single quotes, and the $id is not replaced with the actual value.
Here is the correct code:

Code: Select all

<?php
session_start();

include 'application.php';

$id = $_REQUEST['id'];
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];

$query = 'SELECT * FROM register WHERE username = "'. mysql_real_escape_string($username) . '"';

    $result = mysql_query($query);  

if ($data = mysql_fetch_object($result))
{

$_SESSION['dbhash'] = $data->password;
$_SESSION['checkhash'] = md5($password);

  if(md5($password) == $data->password)
  {
   $_SESSION["login"] = true;
   $_SESSION["username"] = $data->username;
   $_SESSION["id"] = $data->id;
 
   $query_update = 'UPDATE register SET session_id = "' . session_id() . '" WHERE id = "' . $data->id . '" LIMIT 1';  
   mysql_query($query_update);  
  }
}
redirect('home.php');

?>

Code: Select all

<?php
session_start();
require_once 'config.php' ;
require_once 'application.php' ;

$id = $_SESSION['id'];



$query = 'UPDATE register set name = "' . mysql_real_escape_string($_REQUEST['name']) . '", 
username = "' . mysql_real_escape_string($_REQUEST['username']) . '", 
gender = "' . mysql_real_escape_string($_REQUEST['gender']) . '", 
phone = "' . mysql_real_escape_string($_REQUEST['phone']) . '", 
email = "' . mysql_real_escape_string($_REQUEST['email']) . '" , 
address = "' . mysql_real_escape_string($_REQUEST['address']) . '" WHERE id = ' . $id;
$result = mysql_query($query);

if(!empty($_REQUEST["password"]) )
{
  $query = 'UPDATE register set password = md5("' . mysql_real_escape_string($_REQUEST["password"]) . '") WHERE id = ' . $id;
  $result = mysql_query($query);
}

   
    redirect("home.php?id=$id");

?>
liyun88
Forum Commoner
Posts: 51
Joined: Thu Mar 31, 2011 12:18 pm

Re: i cant find the problem with my code for update query

Post by liyun88 »

Darhazer wrote:For the first one, you've already fetched the user via
$data = mysql_fetch_object($result)
and because of this $user = mysql_fetch_assoc($result); doesn't work - the result is fetched and mysql_fetch_assoc treis to fetch it again.
For the second one, you are using single quotes, and the $id is not replaced with the actual value.
Here is the correct code:

Code: Select all

<?php
session_start();

include 'application.php';

$id = $_REQUEST['id'];
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];

$query = 'SELECT * FROM register WHERE username = "'. mysql_real_escape_string($username) . '"';

    $result = mysql_query($query);  

if ($data = mysql_fetch_object($result))
{

$_SESSION['dbhash'] = $data->password;
$_SESSION['checkhash'] = md5($password);

  if(md5($password) == $data->password)
  {
   $_SESSION["login"] = true;
   $_SESSION["username"] = $data->username;
   $_SESSION["id"] = $data->id;
 
   $query_update = 'UPDATE register SET session_id = "' . session_id() . '" WHERE id = "' . $data->id . '" LIMIT 1';  
   mysql_query($query_update);  
  }
}
redirect('home.php');

?>

Code: Select all

<?php
session_start();
require_once 'config.php' ;
require_once 'application.php' ;

$id = $_SESSION['id'];



$query = 'UPDATE register set name = "' . mysql_real_escape_string($_REQUEST['name']) . '", 
username = "' . mysql_real_escape_string($_REQUEST['username']) . '", 
gender = "' . mysql_real_escape_string($_REQUEST['gender']) . '", 
phone = "' . mysql_real_escape_string($_REQUEST['phone']) . '", 
email = "' . mysql_real_escape_string($_REQUEST['email']) . '" , 
address = "' . mysql_real_escape_string($_REQUEST['address']) . '" WHERE id = ' . $id;
$result = mysql_query($query);

if(!empty($_REQUEST["password"]) )
{
  $query = 'UPDATE register set password = md5("' . mysql_real_escape_string($_REQUEST["password"]) . '") WHERE id = ' . $id;
  $result = mysql_query($query);
}

   
    redirect("home.php?id=$id");

?>

thanks for ur great help..the second one save_editProfile can update already..but the first one i try the code,the first time can update and change,but the second time i try is still the same problem,not update and change..somemore,i not sure isnt the session_id for all users are the same??because when i try other user,their session_id same as first one..what is wrong??
can you explain more about using single quotes, and the $id is not replaced with the actual value.i am not so understand..the second one works fine now..
thanks in advance...
how about to update the session_id??still failed to update..

Code: Select all

<?php
session_start();

include 'application.php';

$id = $_REQUEST["id"];
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];

$query = 'SELECT * FROM register WHERE username = "'. mysql_real_escape_string($username) . '"';

    $result = mysql_query($query);  

if ($data = mysql_fetch_object($result))
{

$_SESSION['dbhash'] = $data->password;
$_SESSION['checkhash'] = md5($password);

  if(md5($password) == $data->password)
  {
   $_SESSION["login"] = true;
   $_SESSION["username"] = $data->username;
   $_SESSION["id"] = $data->id;
 
   $query_update = 'UPDATE register SET session_id = "' . session_id() . '" WHERE id = "' . $data->id . '"';  
   mysql_query($query_update);  
   redirect('home.php');
  }
}


else{
  echo"<script>alert(\"Sorry, please login with your correct username or password!\")</script><script>window.location='home.php'</script>";
  }
?>
liyun88
Forum Commoner
Posts: 51
Joined: Thu Mar 31, 2011 12:18 pm

Re: i cant find the problem with my code for update query

Post by liyun88 »

i still failed to update for session_id,why like this??
i already your suggestion but still failed to update the session_id..
can you help me to correct my error???thanks in advance..

Code: Select all

<?php
session_start();

include 'application.php';

$id = $_REQUEST["id"];
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];

$query = 'SELECT * FROM register WHERE username = "'. mysql_real_escape_string($username) . '"';

    $result = mysql_query($query);  

if ($data = mysql_fetch_object($result))
{

$_SESSION['dbhash'] = $data->password;
$_SESSION['checkhash'] = md5($password);

  if(md5($password) == $data->password)
  {
   $_SESSION["login"] = true;
   $_SESSION["username"] = $data->username;
   $_SESSION["id"] = $data->id;
   $_SESSION["session_id"] = $data->session_id;
   
   $query_update = 'UPDATE register SET session_id = "' . $data->session_id . '" WHERE id = "' . $data->id . '"';  
   mysql_query($query_update);  
   redirect('home.php');
  }
}


else{
  echo"<script>alert(\"Sorry, please login with your correct username or password!\")</script><script>window.location='home.php'</script>";
  }
?>
Post Reply