updating database

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
franknu
Forum Contributor
Posts: 146
Joined: Sun May 28, 2006 9:29 am

updating database

Post by franknu »

I been trying to update my database after the user type in his/her password

this is my code:

Code: Select all

<?
         
 $host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";

$db = mysql_connect($host, $username, $password);
mysql_select_db($database);

 $BusinessName = (isset($_POST['BusinessName']));
 $Slogan = addslashes(isset($_POST['Slogan']));
 $Business_Address = addslashes (isset($_POST['Business_Address']));
 $Tel = addslashes(isset($_POST['Tel']));
 $Website = addslashes(isset($_POST['Website']));
 $Email = addslashes(isset($_POST['Email']));
 $Member_Status = addslashes(isset($_POST['Member_Status']));
 $Fax =addslashes(isset($_POST['Fax']));
 $type = addslashes(isset($_POST['type']));
 $make = addslashes(isset($_POST['make']));
 $Categories = addslashes(isset($_POST['Categories']));
 $Keyword = addslashes (isset($_POST['Keyword']));
 $Picture1 = addslashes (isset($_POST['Picture1']));
 $Headline = addslashes (isset($_POST['Headline']));
 $Slogan2 = addslashes (isset($_POST['Slogan2']));
 $Description1 = addslashes (isset($_POST['Description1']));
 $Description2 = addslashes (isset($_POST['Description2']));
 $Description3= addslashes (isset($_POST['Description3']));
 $Contact2 = addslashes (isset($_POST['Contact2']));
 $Picture2 = addslashes (isset($_POST['Picture2']));
 $Picture3 = addslashes (isset($_POST['Picture3']));
 $Picture4 = addslashes (isset($_POST['Picture4']));
 $User_Name = addslashes (isset($_POST['User_Name']));
 $Password = addslashes (isset($_POST['Password']));



$User_Name = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` == '$User_Name'"); 



if($Password == $Password[0]) 

{ 

$query = "UPDATE `Business_Info` SET `BusinessName`= '$BusinessName', `Slogan`='$Slogan', 
 `Business_Address`='$Business_Address', 
`Tel`='$Tel', `Website`='$Website', `Email`='$Email', `Member_Status`='$Member_Status', 
`Fax`='$Fax', `type`='$type', `make`='$make', `Categories`='$Categories', `Keyword`='$Keyword', 
`picture1`='$Picture1', `Headline`='$Headline', `Slogan2`='$Slogan2', `Description1`='$Description1', 
`Description2`='$Description2', `Description3`= '$Description3', `Contact2`='$Contact2', `Picture2`='$Picture2',
 `Picture3`='$Picture3', `Password`='$Password' WHERE `User_Name`='$User_Name'";

$result = mysql_query($query) or die(mysql_error()); 


  } 


    else 

    { 
     
  echo "Incorrect Password or User Name Try again "; 
  exit; 
} 

echo "$query";


?>

this is what i am displaying

Code: Select all

UPDATE `Business_Info` SET `BusinessName`= '', `Slogan`='', `Business_Address`='', `Tel`='', `Website`='', `Email`='', `Member_Status`='', `Fax`='', `type`='', `make`='', `Categories`='', `Keyword`='', `picture1`='', `Headline`='', `Slogan2`='', `Description1`='', `Description2`='', `Description3`= '', `Contact2`='', `Picture2`='', `Picture3`='', `Password`='1' WHERE `User_Name`=''
any idea how i can fix this....

thank you
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

remove the isset()'s you should.

also use mysql_real_escape_string() instead of addslashes() you should.
franknu
Forum Contributor
Posts: 146
Joined: Sun May 28, 2006 9:29 am

Post by franknu »

if i remove the isset it will give me : Notice :Underfined index
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

then something along these lines you should try:

Code: Select all

$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : "");
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

franknu wrote:if i remove the isset it will give me : Notice :Underfined index
Quick tip, isset() returns boolean true/false, so you should use it as a check of some sort, like burrito said above.
franknu
Forum Contributor
Posts: 146
Joined: Sun May 28, 2006 9:29 am

Post by franknu »

for some reason all i am getting now is

Incorrect Password or User Name Try again coming from the codes, i been working on this all day and nothing seems to work..

Code: Select all

<?
         
 $host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";

$db = mysql_connect($host, $username, $password);
mysql_select_db($database);

$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : ""); 
 $Slogan = (isset($_POST['Slogan']));
 $Business_Address = (isset($_POST['Business_Address']));
 $Tel = (isset($_POST['Tel']));
 $Website = (isset($_POST['Website']));
 $Email = (isset($_POST['Email']));
 $Member_Status = (isset($_POST['Member_Status']));
 $Fax =(isset($_POST['Fax']));
 $type = (isset($_POST['type']));
 $make = (isset($_POST['make']));
 $Categories = (isset($_POST['Categories']));
 $Keyword = (isset($_POST['Keyword']));
 $Picture1 =  (isset($_POST['Picture1']));
 $Headline =  (isset($_POST['Headline']));
 $Slogan2 = (isset($_POST['Slogan2']));
 $Description1 = (isset($_POST['Description1']));
 $Description2 = (isset($_POST['Description2']));
 $Description3= (isset($_POST['Description3']));
 $Contact2 = (isset($_POST['Contact2']));
 $Picture2 =  (isset($_POST['Picture2']));
 $Picture3 = (isset($_POST['Picture3']));
 $Picture4 =  (isset($_POST['Picture4']));
 $User_Name = (isset($_POST['User_Name']));
 $Password = (isset($_POST['Password']));



$User_Name = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` == '$User_Name'"); 



if($Password == $Password[0]) 

{ 

$query = "UPDATE `Business_Info` SET `BusinessName`= '$BusinessName', `Slogan`='$Slogan', 
 `Business_Address`='$Business_Address', 
`Tel`='$Tel', `Website`='$Website', `Email`='$Email', `Member_Status`='$Member_Status', 
`Fax`='$Fax', `type`='$type', `make`='$make', `Categories`='$Categories', `Keyword`='$Keyword', 
`picture1`='$Picture1', `Headline`='$Headline', `Slogan2`='$Slogan2', `Description1`='$Description1', 
`Description2`='$Description2', `Description3`= '$Description3', `Contact2`='$Contact2', `Picture2`='$Picture2',
 `Picture3`='$Picture3', `Password`='$Password' WHERE `User_Name`='$User_Name'";

$result = mysql_query($query) or die(mysql_error()); 


  } 


    else 

    { 
     
  echo "Incorrect Password or User Name Try again "; 
  exit; 
} 

echo "$query" ;


?>
thank you for all your help
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

$Password = (isset($_POST['Password']));
$Password will be true if there is a $_POST['Password'] and false if not.


try (and please try to understand what it does and why)

Code: Select all

<?php
error_reporting(E_ALL); /* Debug settings */
ini_set('display_errors', true); /* Debug settings */

$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";

$db = mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($database, $db) or die(mysql_error());

if ( !isset($_POST['User_Name'], $_POST['Password']) ) {
	echo 'Name/Password not set';
}
else {
	$query = "SELECT
			`Password`
		FROM
			`Business_Info`
		WHERE
			`User_Name` == '".mysql_real_escape_string($_POST['User_Name'], $db)."'";
	$result = mysql_query($query, $db) or die(mysql_error());
	$row = mysql_fetch_array($result);
	if ( false===$row || $row['Password']!==$_POST['Password']) {
		echo 'Incorrect Password or User Name Try again ';
		exit;
	}
	else {
		$fields = array(
				'Slogan', 'Business_Address', 'Tel', 'Website',
				'Email', 'Member_Status', 'Fax', 'type', 'make',
				'Categories', 'Keyword', 'Picture1', 'Headline',
				'Slogan2', 'Description1', 'Description2', 'Description3',
				'Contact2', 'Picture2', 'Picture3', 'Picture4', 'BusinessName'
			);
		
		$values = array();
		foreach($fields as $f) {
			if ( !isset($_POST[$f]) ) {
				// a value is missing, do something here if you like.
			}
			$values[] = "`$f`='" . mysql_real_escape_string($_POST[$f], $db) . "'";
		}
		
		
		$query = 'UPDATE
				`Business_Info`
			SET
				' . join(",\n", $values);
			
		$result = mysql_query($query) or die(mysql_error());
	}
}
?>
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Here is your code, a little cleaner...

Code: Select all

<?php
// Set your error reporting level, per volka
error_reporting(E_ALL);
// Make sure we show errors - this will not show critical failures
ini_set('display_errors', true);

$host = 'localhost';
$username = 'localhost';
$password = 'abc123';
$database = 'contacts';

$db = mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($database, $db) or die(mysql_error());

//  THIS IS GOING TO CHOKE SO WE CHANGE IT TO BE GOODER  
//if ( !isset($_POST['User_Name'], $_POST['Password']) ) {
if (!isset($_POST['User_Name']) || !isset($_POST['Password'])){
    echo 'Name/Password not set';
} else {
    $query = "SELECT `Password`
              FROM `Business_Info`
              WHERE`User_Name` = '" . mysql_real_escape_string($_POST['User_Name']) . "'";
    $result = mysql_query($query, $db) or die(mysql_error());
    $row = mysql_fetch_array($result);
    if (false === $row || $row['Password'] !== $_POST['Password']) {
        echo 'Incorrect Password or User Name Try again ';
        exit;
    } else {
        $fields = array(
            'Slogan', 'Business_Address', 'Tel', 'Website',
            'Email', 'Member_Status', 'Fax', 'type', 'make',
            'Categories', 'Keyword', 'Picture1', 'Headline',
            'Slogan2', 'Description1', 'Description2', 'Description3',
            'Contact2', 'Picture2', 'Picture3', 'Picture4', 'BusinessName'
        );
               
        $values = array();
        foreach ($fields as $f) {
            if ( !isset($_POST[$f]) ) {
                // a value is missing, do something here if you like.
            }
            $values[] = "`$f`='" . mysql_real_escape_string($_POST[$f]) . "'";
        }
               
        $query = 'UPDATE `Business_Info`
                  SET ' . join(",\n", $values);
                       
        $result = mysql_query($query) or die(mysql_error());
    }
}
?>
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Everah wrote:// THIS IS GOING TO CHOKE SO WE CHANGE IT TO BE GOODER
uh?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Sorry, it was my way of saying that the following conditional will probably not work as expected:

Code: Select all

if ( !isset($_POST['User_Name'], $_POST['Password']) )
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

oh, but it does ;)
isset() returns true if all parameters are "set", false otherwise.

Code: Select all

<?php
echo isset($a, $b) ? ' true ':' false ';
$a = 1;
echo isset($a, $b) ? ' true ':' false ';
$b = 2;
echo isset($a, $b) ? ' true ':' false ';
?>
false false true
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Looks like someone needs to read the manual a little better.

/me, sheepishly, goes back to the manual :oops:
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

But it's good, someone reads and checks my scripts. they are often enough untested and faulty ;)
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You and me both, brother. Thanks for the tip though. I can't believe in three years I have not run across that little piece of isset().
Post Reply