Page 2 of 3

Posted: Thu Aug 26, 2004 7:28 pm
by markl999
You have to do {$_POST['username']} , same for the others, so:

Code: Select all

echo "UPDATE user_info SET username = '{$_POST['username']}', email = '{$_POST['email']}', password = '{$_POST['password']}', password_decrypted = '{$_POST['password']}', level = '{$_POST['level']}', active = '{$_POST['active']}' WHERE id = '{$_POST['id']}'";
exit();

Posted: Thu Aug 26, 2004 7:32 pm
by AliasBDI
I got the same error. :(

Posted: Thu Aug 26, 2004 7:35 pm
by markl999
Repost exactly what you have now ;)

Posted: Thu Aug 26, 2004 7:39 pm
by AliasBDI

Code: Select all

<?php
//session_start();
include '../executions/connection_db.php';

// Define post fields into simple variables.  These are called CONSTANTS.
$username = $_POST['username'];
$oldusername = $_POST['oldusername'];
$email = $_POST['email'];
$level = $_POST['level'];
$password_decrypted = $_POST['password'];
$password = md5($password_decrypted);
$active = $_POST['active'];
$id = $_POST['id'];

/* Lets strip some slashes in case the user entered
any escaped characters. */

$username = stripslashes($username);
$email = stripslashes($email);
$level = stripslashes($level);
$active = stripslashes($active);

/* Do some error checking on the form posted fields to make sure they are completed */
if((!$username) || (!$email)){
	include 'update.php'; // Show the form again!
	/* End the error checking and if everything is ok, we'll move on to
	 creating the user account */
	exit(); // if the error checking has failed, we'll exit the script!
}

/* Let's do some checking and ensure that the user's email address or username or driver's license
 does not exist in the database */

$sql_username_check = mysql_query("SELECT username FROM user_info WHERE username='$username' AND domain='$domain'");

// if check username
if ($username == $oldusername) { 
     $username_check = 0; 
} else { 
     $username_check = mysql_num_rows($sql_username_check); 
} // end if check username 

if($username_check > 0){
 	echo "Error1"; //include '_alert_users.php';	
	if($username_check > 0){
 		echo "Error2"; //include '_alert_users.php';
 		unset($username);
 	}
 	echo "Error3";
 	exit();  // exit the script so that we do not create this account!
}

/* Everything has passed both error checks that we have done.
It's time to create the account! */

// Enter info into the Database.
//$query = "UPDATE user_info SET username = '$username', email = '$email', password = '$password', password_decrypted = '$password_decrypted', level = '$level', active = '$active' WHERE id = '$id' "; $sql = mysql_query($query) or die(mysql_error()); 
//echo "UPDATE user_info SET username = $_POST['username'], email = $_POST['email'], password = $_POST['password'], password_decrypted = $_POST['password'], level = $_POST['level'], active = $_POST['active'] WHERE id = $_POST['id'] "; 
//exit();
//$query = "UPDATE user_info SET username = '$_POST['username']', email = '$_POST['email']', password = '$_POST['password']', password_decrypted = '$_POST['password'];', level = '$_POST['level'];', active = '$_POST['active'];' WHERE id = '$_POST['id'];' "; $sql = mysql_query($query) or die(mysql_error()); 

if(!$sql){
	echo "There has been an error updating your account. Please contact the webmaster.";
} else {
	
// update completed, go to userindex.
header('Location: index.php');
}

?>

Posted: Thu Aug 26, 2004 7:40 pm
by markl999
I don't see where you've implemented the fix i suggested above?
You have to do {$_POST['username']} , same for the others

Posted: Thu Aug 26, 2004 7:44 pm
by AliasBDI
Sorry, Icommented it out.

Code: Select all

<?php
//session_start();
include '../executions/connection_db.php';

// Define post fields into simple variables.  These are called CONSTANTS.
$username = $_POST['username'];
$oldusername = $_POST['oldusername'];
$email = $_POST['email'];
$level = $_POST['level'];
$password_decrypted = $_POST['password'];
$password = md5($password_decrypted);
$active = $_POST['active'];
$id = $_POST['id'];

/* Lets strip some slashes in case the user entered
any escaped characters. */

$username = stripslashes($username);
$email = stripslashes($email);
$level = stripslashes($level);
$active = stripslashes($active);

/* Do some error checking on the form posted fields to make sure they are completed */
if((!$username) || (!$email)){
	include 'update.php'; // Show the form again!
	/* End the error checking and if everything is ok, we'll move on to
	 creating the user account */
	exit(); // if the error checking has failed, we'll exit the script!
}

/* Let's do some checking and ensure that the user's email address or username or driver's license
 does not exist in the database */

$sql_username_check = mysql_query("SELECT username FROM user_info WHERE username='$username' AND domain='$domain'");

// if check username
if ($username == $oldusername) { 
     $username_check = 0; 
} else { 
     $username_check = mysql_num_rows($sql_username_check); 
} // end if check username 

if($username_check > 0){
 	echo "Error1"; //include '_alert_users.php';	
	if($username_check > 0){
 		echo "Error2"; //include '_alert_users.php';
 		unset($username);
 	}
 	echo "Error3";
 	exit();  // exit the script so that we do not create this account!
}

/* Everything has passed both error checks that we have done.
It's time to create the account! */

// Enter info into the Database.
//$query = "UPDATE user_info SET username = '$username', email = '$email', password = '$password', password_decrypted = '$password_decrypted', level = '$level', active = '$active' WHERE id = '$id' "; $sql = mysql_query($query) or die(mysql_error()); 
echo "UPDATE user_info SET username = $_POST['username'], email = $_POST['email'], password = $_POST['password'], password_decrypted = $_POST['password'], level = $_POST['level'], active = $_POST['active'] WHERE id = $_POST['id'] "; 
exit();
//$query = "UPDATE user_info SET username = '$_POST['username']', email = '$_POST['email']', password = '$_POST['password']', password_decrypted = '$_POST['password'];', level = '$_POST['level'];', active = '$_POST['active'];' WHERE id = '$_POST['id'];' "; $sql = mysql_query($query) or die(mysql_error()); 

if(!$sql){
	echo "There has been an error updating your account. Please contact the webmaster.";
} else {
	
// update completed, go to userindex.
header('Location: index.php');
}

?>

Posted: Thu Aug 26, 2004 7:49 pm
by markl999
That's still not the code i posted :o
echo "UPDATE user_info SET username = '{$_POST['username']}', email = '{$_POST['email']}', password = '{$_POST['password']}', password_decrypted = '{$_POST['password']}', level = '{$_POST['level']}', active = '{$_POST['active']}' WHERE id = '{$_POST['id']}'";

Posted: Thu Aug 26, 2004 7:53 pm
by AliasBDI
Sure it is. I changed the
'$_POST['email']',
to
$_POST['email'],
on all of the variables. I believe that is what you told me. Did I miss it?

Posted: Thu Aug 26, 2004 7:54 pm
by markl999
Notice the {}'s in my post.

Posted: Thu Aug 26, 2004 7:59 pm
by AliasBDI
Ah crap... I'm sorry. I made the change as you said and it returned everything correctly. BUT, the id in the WHERE clause is bold again. Is that trying to tell me something?

Posted: Thu Aug 26, 2004 8:02 pm
by markl999
What does a var_dump($_POST['id']); output (anywhere in your script) ?

Posted: Thu Aug 26, 2004 8:13 pm
by AliasBDI
It outputs this:
string(18) "1"

Posted: Thu Aug 26, 2004 8:17 pm
by markl999
Well, i dunno why it's outputting it in bold, but string(18) for a single integer doesn't appear right.
If you replace {$_POST['id']} with a hard coded '1' does it work ok then, if so ,then the bolded 1 is a/the problem.

Posted: Thu Aug 26, 2004 8:23 pm
by AliasBDI
I manually replaced it with a '1' and it worked! So I would I find out what's happening?

Posted: Thu Aug 26, 2004 8:25 pm
by markl999
The problem is probably in the form at the point you set the id form field value. What does that bit of the form look like?