Verifing multiple fields...
Posted: Sat Feb 26, 2005 11:33 pm
I want to make it so if the codesql value in the database does not equal the one provided in the browser link, then DIE!
But if it does equal, then continue on with the script... pretty simple eh? Well not for me, I'm having a day...
Anyways here it is...
https://www.serasfinancial.com/testing/ ... &xcode=123
As you see above, the id should be 1 and the xcode for that id is 123.
Username: test
Pass: test123
Current coding...
https://www.serasfinancial.com/testing/ ... &xcode=123
As you see above, the id should be 1 and the xcode for that id is 123.
Username: test
Pass: test123
Current coding...
Code: Select all
<?
include_once ( 'config.php' );
$id = $_GETї'id'];
$xcode = $_GETї'xcode'];
$query = "select codesql
from clients
where id = $id";
$result = mysql_query($query);
$xcodemysql=mysql_fetch_assoc($result);
if ( ( $xcode ) != ( $xcodemysql ) ); {
die ( 'Your xcode is invalid' );
} else {
if ( isset ( $_REQUESTї'id'] ) && ! empty ( $_REQUESTї'id'] ) )
{
if ( strtolower ( $_SERVERї'REQUEST_METHOD'] ) == 'post' )
{
$query = array ();
if ( isset ( $_POSTї'firstname'] ) && ! empty ( $_POSTї'firstname'] ) )
{
$queryї] = "firstname = '" . mysql_real_escape_string ( $_POSTї'firstname'] ) . "'";
}
if ( isset ( $_POSTї'lastname'] ) && ! empty ( $_POSTї'lastname'] ) )
{
$queryї] = "lastname = '" . mysql_real_escape_string ( $_POSTї'lastname'] ) . "'";
}
if ( isset ( $_POSTї'email'] ) && ! empty ( $_POSTї'email'] ) )
{
$queryї] = "email = '" . mysql_real_escape_string ( $_POSTї'email'] ) . "'";
}
if ( ! empty ( $query ) )
{
$result = "UPDATE clients SET " . implode ( ', ', $query ) . " WHERE id = '" . mysql_real_escape_string ( $_REQUESTї'id'] ) . "'";
mysql_query ( $result ) or die ( 'UPDATE ERROR: ' . mysql_error () );
echo '<b>Thank you! client UPDATED Successfully!<br>';
echo '<meta http-equiv=Refresh content=2;url=index.php>';
}
else
{
echo 'the request did not contain any valid data, try again';
echo '<meta http-equiv=Refresh content=2;url=' . $SERVERї'PHP_SELF'] . '?id=' . $_REQUESTї'id'] .'>';
}
}
else
{
$result = "SELECT firstname, lastname, email FROM clients WHERE id = " . (int)$_REQUESTї'id'];
$r = mysql_query ( $result ) or die ( 'SELECT ERROR: ' . mysql_error () );
if ( mysql_num_rows ( $r ) > 0 )
{
$form = mysql_fetch_assoc ( $r );
?>
<h3>Edit Clients</h3>
<form method="post" action="<?=$_SERVERї'PHP_SELF'];?>">
<?
$id = (int)$_REQUESTї'id'];
?>
<input type="hidden" name="id" value="<?=$id?>">
firstname: <input name="firstname" size="50" maxlength="50" value="<?=htmlentities($formї'firstname']);?>">
<br>
lastname: <input name="lastname" size="50" maxlength="50" value="<?=htmlentities($formї'lastname']);?>">
<br>
email: <input name="email" size="50" maxlength="50" value="<?=htmlentities($formї'email']);?>">
<br>
<input type="submit" name="submit" value="Update Client">
</form>
<?
}
else
{
die ( 'QUERY ERROR: the id is not valid' );
}
}
}
else
{
echo 'the request is missing data';
}
}
?>