Page 2 of 3
Posted: Thu Aug 26, 2004 7:28 pm
by markl999
You have to do {$_POST['username']} , same for the others, so:
Code: Select all
echo "UPDATE user_info SET username = '{$_POST['username']}', email = '{$_POST['email']}', password = '{$_POST['password']}', password_decrypted = '{$_POST['password']}', level = '{$_POST['level']}', active = '{$_POST['active']}' WHERE id = '{$_POST['id']}'";
exit();
Posted: Thu Aug 26, 2004 7:32 pm
by AliasBDI
I got the same error.

Posted: Thu Aug 26, 2004 7:35 pm
by markl999
Repost exactly what you have now

Posted: Thu Aug 26, 2004 7:39 pm
by AliasBDI
Code: Select all
<?php
//session_start();
include '../executions/connection_db.php';
// Define post fields into simple variables. These are called CONSTANTS.
$username = $_POST['username'];
$oldusername = $_POST['oldusername'];
$email = $_POST['email'];
$level = $_POST['level'];
$password_decrypted = $_POST['password'];
$password = md5($password_decrypted);
$active = $_POST['active'];
$id = $_POST['id'];
/* Lets strip some slashes in case the user entered
any escaped characters. */
$username = stripslashes($username);
$email = stripslashes($email);
$level = stripslashes($level);
$active = stripslashes($active);
/* Do some error checking on the form posted fields to make sure they are completed */
if((!$username) || (!$email)){
include 'update.php'; // Show the form again!
/* End the error checking and if everything is ok, we'll move on to
creating the user account */
exit(); // if the error checking has failed, we'll exit the script!
}
/* Let's do some checking and ensure that the user's email address or username or driver's license
does not exist in the database */
$sql_username_check = mysql_query("SELECT username FROM user_info WHERE username='$username' AND domain='$domain'");
// if check username
if ($username == $oldusername) {
$username_check = 0;
} else {
$username_check = mysql_num_rows($sql_username_check);
} // end if check username
if($username_check > 0){
echo "Error1"; //include '_alert_users.php';
if($username_check > 0){
echo "Error2"; //include '_alert_users.php';
unset($username);
}
echo "Error3";
exit(); // exit the script so that we do not create this account!
}
/* Everything has passed both error checks that we have done.
It's time to create the account! */
// Enter info into the Database.
//$query = "UPDATE user_info SET username = '$username', email = '$email', password = '$password', password_decrypted = '$password_decrypted', level = '$level', active = '$active' WHERE id = '$id' "; $sql = mysql_query($query) or die(mysql_error());
//echo "UPDATE user_info SET username = $_POST['username'], email = $_POST['email'], password = $_POST['password'], password_decrypted = $_POST['password'], level = $_POST['level'], active = $_POST['active'] WHERE id = $_POST['id'] ";
//exit();
//$query = "UPDATE user_info SET username = '$_POST['username']', email = '$_POST['email']', password = '$_POST['password']', password_decrypted = '$_POST['password'];', level = '$_POST['level'];', active = '$_POST['active'];' WHERE id = '$_POST['id'];' "; $sql = mysql_query($query) or die(mysql_error());
if(!$sql){
echo "There has been an error updating your account. Please contact the webmaster.";
} else {
// update completed, go to userindex.
header('Location: index.php');
}
?>
Posted: Thu Aug 26, 2004 7:40 pm
by markl999
I don't see where you've implemented the fix i suggested above?
You have to do {$_POST['username']} , same for the others
Posted: Thu Aug 26, 2004 7:44 pm
by AliasBDI
Sorry, Icommented it out.
Code: Select all
<?php
//session_start();
include '../executions/connection_db.php';
// Define post fields into simple variables. These are called CONSTANTS.
$username = $_POST['username'];
$oldusername = $_POST['oldusername'];
$email = $_POST['email'];
$level = $_POST['level'];
$password_decrypted = $_POST['password'];
$password = md5($password_decrypted);
$active = $_POST['active'];
$id = $_POST['id'];
/* Lets strip some slashes in case the user entered
any escaped characters. */
$username = stripslashes($username);
$email = stripslashes($email);
$level = stripslashes($level);
$active = stripslashes($active);
/* Do some error checking on the form posted fields to make sure they are completed */
if((!$username) || (!$email)){
include 'update.php'; // Show the form again!
/* End the error checking and if everything is ok, we'll move on to
creating the user account */
exit(); // if the error checking has failed, we'll exit the script!
}
/* Let's do some checking and ensure that the user's email address or username or driver's license
does not exist in the database */
$sql_username_check = mysql_query("SELECT username FROM user_info WHERE username='$username' AND domain='$domain'");
// if check username
if ($username == $oldusername) {
$username_check = 0;
} else {
$username_check = mysql_num_rows($sql_username_check);
} // end if check username
if($username_check > 0){
echo "Error1"; //include '_alert_users.php';
if($username_check > 0){
echo "Error2"; //include '_alert_users.php';
unset($username);
}
echo "Error3";
exit(); // exit the script so that we do not create this account!
}
/* Everything has passed both error checks that we have done.
It's time to create the account! */
// Enter info into the Database.
//$query = "UPDATE user_info SET username = '$username', email = '$email', password = '$password', password_decrypted = '$password_decrypted', level = '$level', active = '$active' WHERE id = '$id' "; $sql = mysql_query($query) or die(mysql_error());
echo "UPDATE user_info SET username = $_POST['username'], email = $_POST['email'], password = $_POST['password'], password_decrypted = $_POST['password'], level = $_POST['level'], active = $_POST['active'] WHERE id = $_POST['id'] ";
exit();
//$query = "UPDATE user_info SET username = '$_POST['username']', email = '$_POST['email']', password = '$_POST['password']', password_decrypted = '$_POST['password'];', level = '$_POST['level'];', active = '$_POST['active'];' WHERE id = '$_POST['id'];' "; $sql = mysql_query($query) or die(mysql_error());
if(!$sql){
echo "There has been an error updating your account. Please contact the webmaster.";
} else {
// update completed, go to userindex.
header('Location: index.php');
}
?>
Posted: Thu Aug 26, 2004 7:49 pm
by markl999
That's still not the code i posted
echo "UPDATE user_info SET username = '{$_POST['username']}', email = '{$_POST['email']}', password = '{$_POST['password']}', password_decrypted = '{$_POST['password']}', level = '{$_POST['level']}', active = '{$_POST['active']}' WHERE id = '{$_POST['id']}'";
Posted: Thu Aug 26, 2004 7:53 pm
by AliasBDI
Sure it is. I changed the
'$_POST['email']',
to
$_POST['email'],
on all of the variables. I believe that is what you told me. Did I miss it?
Posted: Thu Aug 26, 2004 7:54 pm
by markl999
Notice the {}'s in my post.
Posted: Thu Aug 26, 2004 7:59 pm
by AliasBDI
Ah crap... I'm sorry. I made the change as you said and it returned everything correctly. BUT, the id in the WHERE clause is bold again. Is that trying to tell me something?
Posted: Thu Aug 26, 2004 8:02 pm
by markl999
What does a var_dump($_POST['id']); output (anywhere in your script) ?
Posted: Thu Aug 26, 2004 8:13 pm
by AliasBDI
It outputs this:
string(18) "1"
Posted: Thu Aug 26, 2004 8:17 pm
by markl999
Well, i dunno why it's outputting it in bold, but string(18) for a single integer doesn't appear right.
If you replace {$_POST['id']} with a hard coded '1' does it work ok then, if so ,then the bolded 1 is a/the problem.
Posted: Thu Aug 26, 2004 8:23 pm
by AliasBDI
I manually replaced it with a '1' and it worked! So I would I find out what's happening?
Posted: Thu Aug 26, 2004 8:25 pm
by markl999
The problem is probably in the form at the point you set the id form field value. What does that bit of the form look like?