Page 1 of 1
i cant find the problem with my code for update query
Posted: Fri Apr 08, 2011 1:22 am
by liyun88
hi,i face some problem for update into database..i hv same problem with these two update proble..one is update session_id in login.php..when the user success login,it supposed to have the session_id in mysql database n hv change current session_id to new one..
second case is save_editProfile.php,it will also change and update in mysql database after the user change their datail and to send in mysql database..
can anyone help me to check and correct anything wrong with my code??any help will greatly appreciated...thanks in advance..
this is login.php
Code: Select all
<?php
session_start();
include 'application.php';
$id = $_REQUEST['id'];
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];
$query = 'SELECT * FROM register WHERE username = "'. mysql_real_escape_string($username) . '"';
$result = mysql_query($query);
if ($data = mysql_fetch_object($result))
{
$_SESSION['dbhash'] = $data->password;
$_SESSION['checkhash'] = md5($password);
if(md5($password) == $data->password)
{
$_SESSION["login"] = true;
$_SESSION["username"] = $data->username;
$_SESSION["id"] = $data->id;
if(mysql_num_rows($result) == 1){
$user = mysql_fetch_assoc($result);
$query_update = 'UPDATE register SET session_id = "' . session_id() . '" WHERE id = "' . $user['id'] . '" LIMIT 1';
mysql_query($query_update);
}
}
}
redirect('home.php');
?>
the one is save_editProfile.php
Code: Select all
<?php
session_start();
require_once 'config.php' ;
require_once 'application.php' ;
$id = $_SESSION['id'];
$query = 'UPDATE register set name = "' . mysql_real_escape_string($_REQUEST['name']) . '",
username = "' . mysql_real_escape_string($_REQUEST['username']) . '",
gender = "' . mysql_real_escape_string($_REQUEST['gender']) . '",
phone = "' . mysql_real_escape_string($_REQUEST['phone']) . '",
email = "' . mysql_real_escape_string($_REQUEST['email']) . '" ,
address = "' . mysql_real_escape_string($_REQUEST['address']) . '" WHERE id = $id';
$result = mysql_query($query);
if(!empty($_REQUEST["password"]) )
{
$query = 'UPDATE register set password = md5("' . mysql_real_escape_string($_REQUEST["password"]) . '") WHERE id = $id';
$result = mysql_query($query);
}
redirect("home.php?id=$id");
?>
Re: i cant find the problem with my code for update query
Posted: Fri Apr 08, 2011 2:08 am
by Darhazer
For the first one, you've already fetched the user via
$data = mysql_fetch_object($result)
and because of this $user = mysql_fetch_assoc($result); doesn't work - the result is fetched and mysql_fetch_assoc treis to fetch it again.
For the second one, you are using single quotes, and the $id is not replaced with the actual value.
Here is the correct code:
Code: Select all
<?php
session_start();
include 'application.php';
$id = $_REQUEST['id'];
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];
$query = 'SELECT * FROM register WHERE username = "'. mysql_real_escape_string($username) . '"';
$result = mysql_query($query);
if ($data = mysql_fetch_object($result))
{
$_SESSION['dbhash'] = $data->password;
$_SESSION['checkhash'] = md5($password);
if(md5($password) == $data->password)
{
$_SESSION["login"] = true;
$_SESSION["username"] = $data->username;
$_SESSION["id"] = $data->id;
$query_update = 'UPDATE register SET session_id = "' . session_id() . '" WHERE id = "' . $data->id . '" LIMIT 1';
mysql_query($query_update);
}
}
redirect('home.php');
?>
Code: Select all
<?php
session_start();
require_once 'config.php' ;
require_once 'application.php' ;
$id = $_SESSION['id'];
$query = 'UPDATE register set name = "' . mysql_real_escape_string($_REQUEST['name']) . '",
username = "' . mysql_real_escape_string($_REQUEST['username']) . '",
gender = "' . mysql_real_escape_string($_REQUEST['gender']) . '",
phone = "' . mysql_real_escape_string($_REQUEST['phone']) . '",
email = "' . mysql_real_escape_string($_REQUEST['email']) . '" ,
address = "' . mysql_real_escape_string($_REQUEST['address']) . '" WHERE id = ' . $id;
$result = mysql_query($query);
if(!empty($_REQUEST["password"]) )
{
$query = 'UPDATE register set password = md5("' . mysql_real_escape_string($_REQUEST["password"]) . '") WHERE id = ' . $id;
$result = mysql_query($query);
}
redirect("home.php?id=$id");
?>
Re: i cant find the problem with my code for update query
Posted: Fri Apr 08, 2011 3:14 am
by liyun88
Darhazer wrote:For the first one, you've already fetched the user via
$data = mysql_fetch_object($result)
and because of this $user = mysql_fetch_assoc($result); doesn't work - the result is fetched and mysql_fetch_assoc treis to fetch it again.
For the second one, you are using single quotes, and the $id is not replaced with the actual value.
Here is the correct code:
Code: Select all
<?php
session_start();
include 'application.php';
$id = $_REQUEST['id'];
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];
$query = 'SELECT * FROM register WHERE username = "'. mysql_real_escape_string($username) . '"';
$result = mysql_query($query);
if ($data = mysql_fetch_object($result))
{
$_SESSION['dbhash'] = $data->password;
$_SESSION['checkhash'] = md5($password);
if(md5($password) == $data->password)
{
$_SESSION["login"] = true;
$_SESSION["username"] = $data->username;
$_SESSION["id"] = $data->id;
$query_update = 'UPDATE register SET session_id = "' . session_id() . '" WHERE id = "' . $data->id . '" LIMIT 1';
mysql_query($query_update);
}
}
redirect('home.php');
?>
Code: Select all
<?php
session_start();
require_once 'config.php' ;
require_once 'application.php' ;
$id = $_SESSION['id'];
$query = 'UPDATE register set name = "' . mysql_real_escape_string($_REQUEST['name']) . '",
username = "' . mysql_real_escape_string($_REQUEST['username']) . '",
gender = "' . mysql_real_escape_string($_REQUEST['gender']) . '",
phone = "' . mysql_real_escape_string($_REQUEST['phone']) . '",
email = "' . mysql_real_escape_string($_REQUEST['email']) . '" ,
address = "' . mysql_real_escape_string($_REQUEST['address']) . '" WHERE id = ' . $id;
$result = mysql_query($query);
if(!empty($_REQUEST["password"]) )
{
$query = 'UPDATE register set password = md5("' . mysql_real_escape_string($_REQUEST["password"]) . '") WHERE id = ' . $id;
$result = mysql_query($query);
}
redirect("home.php?id=$id");
?>
thanks for ur great help..the second one save_editProfile can update already..but the first one i try the code,the first time can update and change,but the second time i try is still the same problem,not update and change..somemore,i not sure isnt the session_id for all users are the same??because when i try other user,their session_id same as first one..what is wrong??
can you explain more about using single quotes, and the $id is not replaced with the actual value.i am not so understand..the second one works fine now..
thanks in advance...
how about to update the session_id??still failed to update..
Code: Select all
<?php
session_start();
include 'application.php';
$id = $_REQUEST["id"];
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];
$query = 'SELECT * FROM register WHERE username = "'. mysql_real_escape_string($username) . '"';
$result = mysql_query($query);
if ($data = mysql_fetch_object($result))
{
$_SESSION['dbhash'] = $data->password;
$_SESSION['checkhash'] = md5($password);
if(md5($password) == $data->password)
{
$_SESSION["login"] = true;
$_SESSION["username"] = $data->username;
$_SESSION["id"] = $data->id;
$query_update = 'UPDATE register SET session_id = "' . session_id() . '" WHERE id = "' . $data->id . '"';
mysql_query($query_update);
redirect('home.php');
}
}
else{
echo"<script>alert(\"Sorry, please login with your correct username or password!\")</script><script>window.location='home.php'</script>";
}
?>
Re: i cant find the problem with my code for update query
Posted: Mon Apr 11, 2011 8:41 am
by liyun88
i still failed to update for session_id,why like this??
i already your suggestion but still failed to update the session_id..
can you help me to correct my error???thanks in advance..
Code: Select all
<?php
session_start();
include 'application.php';
$id = $_REQUEST["id"];
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];
$query = 'SELECT * FROM register WHERE username = "'. mysql_real_escape_string($username) . '"';
$result = mysql_query($query);
if ($data = mysql_fetch_object($result))
{
$_SESSION['dbhash'] = $data->password;
$_SESSION['checkhash'] = md5($password);
if(md5($password) == $data->password)
{
$_SESSION["login"] = true;
$_SESSION["username"] = $data->username;
$_SESSION["id"] = $data->id;
$_SESSION["session_id"] = $data->session_id;
$query_update = 'UPDATE register SET session_id = "' . $data->session_id . '" WHERE id = "' . $data->id . '"';
mysql_query($query_update);
redirect('home.php');
}
}
else{
echo"<script>alert(\"Sorry, please login with your correct username or password!\")</script><script>window.location='home.php'</script>";
}
?>